Hello guys!
Here's my platform:
1. Apache 1.3.x
2. PHP 4.3.0
3. MySQL (Latest build - I think)
I have a file called a.php. This file takes 2 values from a form. The values are: $username and $password. After getting the values, these two are stored in cookie variables namely $USERNAME and $PASSWORD. Now, depending on the value of $username and $password, the page will redirect to either:
1. admin area (admin.php) - if the username-password combo is correct and user is 'administrator'
2. member area (member.php) - if the username-password combo is correct and user is not 'administrator'
3. error page - if username-password combo is incorrect.
Now, for both the admin.php and the member.php, I have 3 include statements on top of the file. The first 2 include statement contains the values from 2 config files. The 3rd include statement is actually a file which contains code for instantiating a class.
The class handles authentication. Meaning, it looks for the value of $_COOKIE['USERNAME'] and $_COOKIE['PASSWORD'] and matches it with the database. In short, it is almost the same as that what was being done in a.php. The only difference is that this class function takes value from the $_COOKIE globalvariable while a.php takes its value from $_POST.
My problem is, I am being told that I am not allowed to access the member.php or admin.php (assuming I logged in as a member or as 'administrator'). It seems like even if some variables are used in the 3rd include file (let's call this check.php), those same variables are not accessible in the admin.php or member.php. However, when I copy the code from check.php and paste it in admin.php or member.php, the code works fine.
The question is, is there an issue with the superglobal variables with regard to include() and require()?
Variable Passing in include() and requrie()?
Moderator: General Moderators
AW: Variable Passing in include() and requrie()?
Hi Beans,
if i understood your prob, you have a Login form where a user can authenticate himself; this form sends its values to "a.php" which stores them in
Then you check those two values against a MySQL db to look what kind of user is coming and redirect him.
But why do you use the $_COOKIE superglobals and: why do you do the same stuff again in 'admin.php' or 'member.php?' It would be much easier if you would send the form to a script let's name it 'authenticate.php' which could look like this:
If you need the $_POST vars for further processing, you can add them to the location like this: xxx.php?username=$username&password=$password.
I hope this helps...
greez, bluenote
if i understood your prob, you have a Login form where a user can authenticate himself; this form sends its values to "a.php" which stores them in
Code: Select all
<?php
$username = $_COOKIE["username"];
$password = $_COOKIE["password"];
?>But why do you use the $_COOKIE superglobals and: why do you do the same stuff again in 'admin.php' or 'member.php?' It would be much easier if you would send the form to a script let's name it 'authenticate.php' which could look like this:
Code: Select all
<?php
$username = $_POST["username"];
$password = $_POST["password"];
$hostname = "your_host";
$username = "your_username";
$password = "your_passwd";
$dbName = "your_db";
$userstable = "your_table";
MYSQL_CONNECT($hostname,$username,$password) OR DIE("Database connection failed.");
@mysql_select_db("$dbName") or die("Database not found.");
$query = "SELECT [whatever you need, ex. 'usergroup'] from $userstable WHERE password= '$password' AND username = '$username'";
$erg = MYSQL_QUERY($query);
$numrows = MYSQL_NUM_ROWS($erg);
if ($numrows > '0'){
$i = 0;
$usergroup = mysql_result($erg,$i,"usergroup");
if ($usergroup=='admin'){
header ("Location: admin.php");}
else if ($usergroup=='member'){
header ("Location: member.php");}
else {
header ("Location: errorpage.php");}
?>I hope this helps...
-
Beans
- Forum Commoner
- Posts: 49
- Joined: Mon Dec 23, 2002 3:06 am
- Location: Manila, Philippines
- Contact:
Hi bluenote!
I can't use the same stuff again since it would limit the flexibility of my code. Also, I am avoiding direct access to the page.
Let's say I logged in and so the use of $_POST is justified. I can then go to the admin and member pages. However, on other parts of the site, specifically when I click on a link from the admin page (which sends me to let's say, page2.php), there is no authentication. Any user who has not logged in can directly access page2.php.
That's why I need to secure each and every page with cookies or sessions. I cannot rely on $_POST since by the time that the user has logged in, the username and password are not passed via post method to page2.php.
Am I making sense? Hehe....
I can't use the same stuff again since it would limit the flexibility of my code. Also, I am avoiding direct access to the page.
Let's say I logged in and so the use of $_POST is justified. I can then go to the admin and member pages. However, on other parts of the site, specifically when I click on a link from the admin page (which sends me to let's say, page2.php), there is no authentication. Any user who has not logged in can directly access page2.php.
That's why I need to secure each and every page with cookies or sessions. I cannot rely on $_POST since by the time that the user has logged in, the username and password are not passed via post method to page2.php.
Am I making sense? Hehe....