Hi Guys
I have created a website and to makes things easier i decided to use dreamweaver to do the secure login section and access levels for the pages.
When testing locally on wamp my website works perfectly. On internet though, the pages that don't require a user to log in i can search my job database perfectly and see the results so the connection to the database is fine.
When i try to log in though i just get a user is unauthorised error because for some reason its not getting the info from the right database or the right table on the database or the connection is not right im not sure. I have emailed my support and they say they can't see an error with the connection dbusername dbpass dbname and suggest its a problem with my code somewhere.
It works perfectly on my local machine though arghhh!! Below is some of the code from the wizard.php page that was created in the /connections folder by dreamweaver. It all looks correct to me.
$[PHP] hostname_Wizard = "mysqlservername";
$database_Wizard = "mydatabasename";
$username_Wizard = "mysqlusername";
$password_Wizard = "mysqlpassword";
$Wizard = mysql_pconnect($hostname_Wizard, $username_Wizard, $password_Wizard) or trigger_error(mysql_error(),E_USER_ERROR);
Below is code from the page where the user will log in located above the head tag.
<?php require_once('Connections/Wizard.php'); ?>
<?php
//initialize the session
session_start();
// ** Logout the current user. **
$logoutAction = $ SERVER['PHP_SELF']."?doLogout=true";
if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);
}
if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
$logoutGoTo = "stafflogin.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset( $ SESSION)) {
session_start();
}
$loginFormAction = $ SERVER['PHP_SELF'];
if (isset( $ GET['accesscheck'])) {
$ SESSION['PrevUrl'] = $ GET['accesscheck'];
}
if (isset( $ POST['username2'])) {
$loginUsername= $ POST['username2'];
$password= $ POST['password2'];
$MM_fldUserAuthorization = "accesslevel";
$MM_redirectLoginSuccess = "securestaff.php";
$MM_redirectLoginFailed = "unauthorised.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_Wizard, $Wizard);
$LoginRS__query=sprintf("SELECT name, pass, accesslevel FROM staff WHERE name='%s' AND pass='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $Wizard) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'accesslevel');
//declare two session variables and assign them
$ SESSION['MM_Username'] = $loginUsername;
$ SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset( $ SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $ SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
[/PHP]
Below is code from the body of the page at the login boxes.
[HTML] <form action="<?php echo $loginFormAction; ?>" method="POST">
<table width="271" border="0" cellspacing="2" cellpadding="1">
<tr>
<td width="96" bgcolor="#EAEAEA"><label>Username:</label></td>
<td width="120"><input type="text" name="username2" size="20" /></td>
<td width="41"> </td>
</tr>
<tr>
<td bgcolor="#EAEAEA"><label>Password: </label></td>
<td><input type="password" name="password2" size="20" /></td>
<td> </td>
</tr>
<tr>
<td bgcolor="#EAEAEA">Log In:</td>
<td><input type="submit" value=" Log In " /></td>
<td> </td>
</tr>
</table>
</form>
[/HTML]
Below is some code from the page that works it all out.
[PHP] <?php
//initialize the session
session_start();
// ** Logout the current user. **
$logoutAction = $ SERVER['PHP_SELF']."?doLogout=true";
if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);
}
if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
$logoutGoTo = "index.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
session_start();
$MM_authorizedUsers = "administrator";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "unauthorised.php";
if (!((isset( $ SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $ SESSION['MM_Username'], $ SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $ SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
[/PHP] I know its a big ask but i would really appreciate some php gurus help here as im stuck because it all works perfectly on my local wampserver but not on the net.
Regards
Joseph