I use this code for my accesscontrol file:
accesscontrol.php:
Code: Select all
<?php
session_start();
include_once 'db.php';
include_once 'common.php';
if(isset($_POST['username']))
{
$username = $_POST['username'];
}
else if(isset($_SESSION['username']))
{
$username = $_SESSION['username'];
}
if(isset($_POST['pass']))
{
$pass = $_POST['pass'];
}
else if(isset($_SESSION['pass']))
{
$pass = $_SESSION['pass'];
}
if(!isset($username)) {
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Please Log In for Access </title>
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8" />
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="username" size="8" /><br />
Password: <input type="password" name="pass" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}
$_SESSION['username'] = $_POST['username'];
$_SESSION['pass'] = $_POST['pass'];
$username = $_POST['username'];
$pass = $_POST['pass'];
dbConnect("articles");
$sql = "SELECT * FROM user WHERE username = '$username' AND pass ='$pass'";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact you@example.com.');
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['username']);
unset($_SESSION['pass']);
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8" />
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,'username');
?>pro1.php:
Code: Select all
<?php
include('accesscontrol.php');
?>
this is pro1<br>
<a href=pro2.php>pro2</a>Code: Select all
<?php
include('accesscontrol.php');
?>
this is pro2<br>
<a href=prono.php>prono</a>Code: Select all
this is prono<br>
<a href=pro3.php>pro3</a>Code: Select all
<?php
include('accesscontrol.php');
?>
pro3the current result of the code is:
pro1:
first it is the login form, then the page is shown upon login
After I click on the "pro2" link in pro1.php, this error occures:
Notice: Undefined index: username in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 48
Notice: Undefined index: pass in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 49
Notice: Undefined index: username in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 51
Notice: Undefined index: pass in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 52
this is pro2
prono
then, I click on prono and it's ok, ofcourse:
this is prono
pro3
Then I click on the pro3 link and I'm redirected to the login form. how do i fix it?
thanks