Login problemos

Sniffer-Dog

Hi

I just wondered if anyone can spot anything wrong with the following?
I have now added the session_start() ; as the first command in the code
to all the pages needing it.

When I click on a webpage that is restricted, it takes me to the login
page fine. When I login though instead of taking me to the page I
clicked previous to that, it always takes me to the index file, and
when I try to then click on the page I wanted to go to, it takes me
back to the login page. I think something must be wrong with my
coding, unless of course there is still a session related problem?

Thanks for any help on this one.

John

<?php
// *** Validate request to login to this site.
session_start() ;
?>

<?php require_once('C onnections/conn_newland.ph p'); ?>

<?php
$logarIthmIcal = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
$loginFoundUser = mysql_num_rows( $LoginRS);
if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

if (isset($_SESSIO N['PrevUrl']) && true) {
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>

Jul 17 '05 #1

Subscribe Reply

2210

Geoff Berrow

I noticed that Message-ID: <m4************ *************** *****@4ax.com>
from Sniffer-Dog contained the following:

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");
I thought use of session_registe r() was not recommended BICBW

You can just do
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

since $_SESSION is a superglobal array.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Jul 17 '05 #2

Sniffer-Dog

On Tue, 03 Aug 2004 08:27:17 +0100, A strange species called Geoff
Berrow <bl******@ckdog .co.uk> wrote:

I noticed that Message-ID: <m4************ *************** *****@4ax.com>
from Sniffer-Dog contained the following:
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

I thought use of session_registe r() was not recommended BICBW

You can just do
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

since $_SESSION is a superglobal array.

I've been told you need session_start() ; on the top line of every
page?

It makes no difference though if I comment it all out, the results are
exactly the same. Login takes you to index not the page you wanted to
goto before you logged in, and even if you click that page after it
takes you back to login :(

There must be something else wrong with the code or my settings?

John

Jul 17 '05 #3

Geoff Berrow

I noticed that Message-ID: <av************ *************** *****@4ax.com>
from Sniffer-Dog contained the following:

I've been told you need session_start() ; on the top line of every
page?
Yes.
It makes no difference though if I comment it all out, the results are
exactly the same. Login takes you to index not the page you wanted to
goto before you logged in,

OK, let's break it down:

<?php
//this must be the top line

session_start() ;
?>

<?php require_once('C onnections/conn_newland.ph p'); ?>

<?php
$logarIthmIcal = $_SERVER['PHP_SELF'];
//sets $logarIthmIcal to the URL of this page. Goodness knows why...

if (isset($accessc heck))
//hang on - where has this variable come from?

{
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
/*Well it looks like it should be the URL of the page you wanted to go
to. But how does it get into this script?
*/

if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
//initialise some variables

mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
//query database

$loginFoundUser = mysql_num_rows( $LoginRS);
/*set $loginFoundUser to true if we find a row with username and
password
*/

if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');
//get the contents of the usergroup for the user

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

if (isset($_SESSIO N['PrevUrl']) && true)
/*not sure what that && true does but $_SESSION['PrevUrl'] was set to
$accesscheck earlier. Remember? The variable of unknown origin - the
page you wanted to go to?
*/
{
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
/*So - if you are being sent to index.htm then clearly
$_SESSION['PrevUrl'] has not been set. This is where you need to look
for the problem. Good luck.

*/
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Jul 17 '05 #4

Sniffer-Dog

On Tue, 03 Aug 2004 21:12:30 +0100, A strange species called Geoff
Berrow <bl******@ckdog .co.uk> wrote:

I noticed that Message-ID: <av************ *************** *****@4ax.com>
from Sniffer-Dog contained the following:

I've been told you need session_start() ; on the top line of every
page?
Yes.

It makes no difference though if I comment it all out, the results are
exactly the same. Login takes you to index not the page you wanted to
goto before you logged in,

OK, let's break it down:

<?php
//this must be the top line

session_start( );
?>

<?php require_once('C onnections/conn_newland.ph p'); ?>

<?php
$logarIthmIc al = $_SERVER['PHP_SELF'];
//sets $logarIthmIcal to the URL of this page. Goodness knows why...

if (isset($accessc heck))
//hang on - where has this variable come from?

I think this comes from the previous page?
{
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
/*Well it looks like it should be the URL of the page you wanted to go
to. But how does it get into this script?
*/

if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
//initialise some variables

mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($lo ginUsername), get_magic_quote s_gpc() ? $password :
addslashes($pa ssword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_erro r());
//query database

$loginFoundUser = mysql_num_rows( $LoginRS);
/*set $loginFoundUser to true if we find a row with username and
password
*/

if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');
//get the contents of the usergroup for the user

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

if (isset($_SESSIO N['PrevUrl']) && true)
/*not sure what that && true does but $_SESSION['PrevUrl'] was set to
$accesscheck earlier. Remember? The variable of unknown origin - the
page you wanted to go to?
*/
{
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
/*So - if you are being sent to index.htm then clearly
$_SESSION['PrevUrl'] has not been set. This is where you need to look
for the problem. Good luck.

*/

Geoff

If I try to access a restricted page it looks like it is trying to
pass the info to the login page via the URL but somehow not setting
it? Even if it is redirecting to the index there still may be a
problem. If I had logged in successfully surely it should then allow
me into the page I wanted to goto before, if I then click it after
going back to the index because I am logged in? Maybe their is a
problem with the login itself?

This is the info in the URL after I try access profiles.php a
restricted page which takes me to login.php

http://localhost/newland/login.php?a...2Fprofiles.php
Below is the php code from the profiles.php page:

<?php
// *** Validate request to login to this site.
//session_start() ;
?>
<?php
// Report all PHP errors (bitwise 63 may be used in PHP 3)
error_reporting (E_ALL);
?>
<?php require_once('C onnections/conn_newland.ph p'); ?>

<?php
$MM_authorizedU sers = "visitor,admin" ;
$MM_donotChecka ccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($s trUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable
MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session
variable is blank.
if (!empty($UserNa me)) {
// Besides being logged in, you may restrict access to only
certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($User Name, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on
their username.
if (in_array($User Group, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoT o = "login.php" ;
if (!((isset($_SES SION['MM_Username'])) &&
(isAuthorized(" ",$MM_authorize dUsers, $_SESSION['MM_Username'],
$_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_res trictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_S TRING) && strlen($QUERY_S TRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoT o = $MM_restrictGoT o. $MM_qsChar . "accesschec k=" .
urlencode($MM_r eferrer);
header("Locatio n: ". $MM_restrictGoT o);
exit;
}
?>
<?php
mysql_select_db ($database_conn _newland, $conn_newland);
$query_rs_tourN ames = "SELECT countryID, countryName FROM tbl_country
ORDER BY countryName ASC";
$rs_tourNames = mysql_query($qu ery_rs_tourName s, $conn_newland) or
die(mysql_error ());
$row_rs_tourNam es = mysql_fetch_ass oc($rs_tourName s);
$totalRows_rs_t ourNames = mysql_num_rows( $rs_tourNames);
?>
Maybe you can spot what any error might be?

John

Jul 17 '05 #5

Similar topics

2876

php login script error

by: koolyio | last post by:

Hey, could you please tell me what is wrong with my login script. I just started learning php. CODE: login.php <? session_start(); header("Cache-Control: private"); ?>

PHP

2969

The prefered 'login' procedure and redirect.

by: Simon | last post by:

Hi, I have a Login.php page that logs the user in and out. I has two forms within the page, (depending on what we are trying to do), either one to log in or out. The form calls itself using a post method and either logs the user in our out given the information from the form. but every pages use sessions and cookies, if the user is successfully logged in then the cookies and session values are updated, (as well as MySQL).

PHP

7912

by: Tom Jones | last post by:

Hi, I am using the HttpWebRequest and HttpWebResponse classes to pull information from a web server on the internet. I have an account on one of the webservers that I need to log into programatically. The connection is not secure (not https, etc.). The login page just has simple name & password textboxes on it. Can someone please tell me how I can programatically login using the

C# / C Sharp

2780

Form Authentication with Remote Login.aspx

by: Beginner | last post by:

I know this is an old question, but searching all over the internet plus several MS security conferences, still haven't got a straight anwser. Basically, the login.aspx is on one dedicated server in the domain using AD. ASP.NET applications run on other servers (not neccessary in domain) and trying to use authentication server. How could this be done? - Most response says you need to set MachineKey the same, but that alone doesn't...

ASP.NET

2825

ASP.NET login authentication

by: nicholas | last post by:

Hi, Got an asp.net application and I use the "forms" authentication mode defined in the web.config file. Everything works fine. But now I would like to add a second, different login page for the users that go in a specific folder. How can I do this?

ASP.NET

4511

by: IdleBrain | last post by:

Hello All: I used a Login control to authenticate a user to login. The problem is that when I login with good username & password, the login view would say that the login was successful. But for some reason the login control does not redirect the control to DestinationPageUrl. Even when I hardcoded to redirect to another page, it still remains in the same page on successful login.

ASP.NET

3358

Help trying to login to myspace programatically in vb.net

by: AppleBag | last post by:

I'm having the worst time trying to login to myspace through code. Can someone tell me how to do this? Please try it yourself before replying, only because I have asked this a couple of times in the past in other places, and while the help was much appreciated, it seemed everyone just wanted to 'theoretically' explain how to do it, but when I tried to do it myself, I couldn't login. I want to simply pass the email address and password to...

.NET Framework

4082

phpmyadmin database built on my server and i cannot connect wiht my login page

by: tolkienarda | last post by:

Hi all I work for a small webdesign company and we have remote hosting. i built a mysql database with phpmyadmin on the server. i then downloaded and modified a php login page. i am continuing to get the ---invalid username or password--- i am not getting the E_USER_ERROR so i don't know if there is a problem with the php, how i set up the database or mabe somthing in between. so everyone knows all of my server interface is GUI. I use a company...

MySQL Database

4173

Help me with Login System

by: Apostle | last post by:

Hi all, after thinking for sometimes, I thought it will be great opportunity to learn if I will start from scratch and build my own register/login system. Here is the thread that I will be posting the progress and I hope you guys will help me. The code below is what I have so far. Just put two scripts in the same directory and that is! I hope you will help me Thanks! class.php <?php //php login sytem class LoginRegister{ function...

PHP

8913

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9426

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

9280

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9200

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8144

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6722

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

4525

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4795

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2677

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP