Page reload

I noticed that Message-ID: <cn*********@drn.newsguy.com> from Dynamo
contained the following:

I have succesfully created a login page for my site. I have used the PHP_SELF
so that once the user has succesfully logged on the page reloads. Everything
works fine the first time somebody tries to log in but when they revisit, the
log on page is bypassed and it goes straight to the information page. I have a
sneaky suspicion that this is due to the fact that the page is then in their
history of recently visited sites. How can I use PHP to refresh the page
automatically everytime it is requested?

How are you doing the log in?

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

In article <9n********************************@4ax.com>, Geoff Berrow says...

How are you doing the log in?

Cutting out the irelevant coding it went along the lines of:
<?php
if (!isset($_POST['submit'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p align="center">
Username <input name="user" type="text" size="20"></br>
Password <input name="pass" type="password" size="20"></br>
<input type="submit" name="submit" value="Continue">
</form>
<?php
}
else {
$userpass = $_POST['user'] . $_POST['pass']
if ($userpass != "testtest") {
// write error message
}
else {
// load the page
}
}
?>

I noticed that Message-ID: <cn*********@drn.newsguy.com> from Dynamo
contained the following:

Cutting out the irelevant coding

The 'load the page' bit is very relevant. There is nothing in your code
to stop someone going to the page by simply typing the URL.

Consider using sessions

For the login page

<?php
session_start();
if (!isset($_POST['submit'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p align="center">
Username <input name="user" type="text" size="20"></br>
Password <input name="pass" type="password" size="20"></br>
<input type="submit" name="submit" value="Continue">
</form>
<?php
}
else {
$userpass = $_POST['user'] . $_POST['pass']
if ($userpass != "testtest") {
// write error message
}
else {
$_SESSION['logged_in']="Userpass_OK";
header("Location: http://mypage.com/myindexpage.php");
//replace with whatever start page you have
}
}
?>

Then at the absolute begining of every page you wish to protect use an
include to put the following:

<?php
session_start();
if($_SESSION['logged_in']!="Userpass_OK"){
header("Location: URL of login page");
exit;
}
?>

Untested code.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

In article <sd********************************@4ax.com>, Geoff Berrow says...

I noticed that Message-ID: <cn*********@drn.newsguy.com> from Dynamo
contained the following:

The 'load the page' bit is very relevant. There is nothing in your code
to stop someone going to the page by simply typing the URL.

Perhaps my phrasiology of 'load the page' was not exactly true. A better trimmed
down example of what I was trying to do would be:

if ($userpass != "testtest") {
// write error message
echo "Login Error";
}
else {
// write welcome page
echo "Sucessfully logged in. Welcome to my site";
}
}

I was trying to be clever (perhaps too clever for a newbie) and use the same url
(customer.php) for both the login part and the welcome page. As stated in my
original message, everything works fine the first time. But when the site is
revisited the login part is bypassed and it goes straight to the welcome part.
However, having said that, perhaps using sessions with 2 seperate urls is a
better idea. I'll give it a try.

Regards
Dynamo

I noticed that Message-ID: <cn********@drn.newsguy.com> from Dynamo
contained the following:

However, having said that, perhaps using sessions with 2 seperate urls is a
better idea. I'll give it a try.

You can still use sessions with your method. :-)

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

----- Original Message -----
From: "Geoff Berrow" <bl******@ckdog.co.uk>
Newsgroups: comp.lang.php
Sent: Sunday, November 21, 2004 12:11 PM
Subject: Re: Page reload

I noticed that Message-ID: <cn*********@drn.newsguy.com> from Dynamo
contained the following:

Consider using sessions
Untested code.

OK so I tried it and failed miserably. This was my coding:

<html>
<head></head>
<body>
<?php
session_start();
if (!isset($_POST['login'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<font face="Arial" size="2"><b>
Username</b></font> <input type="text" name="user" size="20">
<font face="Arial" size="2"><b>Password</b></font> <input type="password"
name="pass" size="20">
<p align="center">
<input type="submit" name="login" value="Login">
</p>
</form>
<?php
}
else {
$userpass = $_POST['user'] . $_POST['pass'];
if ($userpass == "testtest"){
$_SESSION['logged_in'] = "Userpass_OK";
header("Location: http://www.mywebsite/index.htm");
}
else {
echo "Login Error";
}
}
?>
</body>
</html>

and these were the error messages I got back

Warning: session_start(): Cannot send session cookie - headers already sent
by (output started at
\\nas16ent\domains\p\mywebsite\user\htdocs\login4. php:4) in
\\nas16ent\domains\p\mywebsite\user\htdocs\login4. php on line 5

Warning: session_start(): Cannot send session cache limiter - headers
already sent (output started at
\\nas16ent\domains\p\mywebsite\user\htdocs\login4. php:4) in
\\nas16ent\domains\p\mywebsite\user\htdocs\login4. php on line 5

Any suggestions?

Dynamo wrote:

OK so I tried it and failed miserably. This was my coding:

<html>
<head></head>
<body>
<?php
session_start();
if (!isset($_POST['login'])) {
?>
<snip>
and these were the error messages I got back

Warning: session_start(): Cannot send session cookie - headers already sent
by (output started at
<snip>
Any suggestions?

session_start() must be called before any output to the browser.

You are calling it after outputting "<html><head</hrad><body>".

Move the session_start() call before the HTML:

<?php
session_start();
?>
<html><head><title>I'M TOO LAZY TO TITLE MY PAGES</title></head><body>
<?php
if (!isset($_POST['login'])) {
/* ... */

--
Mail sent to my "From:" address is publicly readable at http://www.dodgeit.com/
== ** ## !! !! ## ** ==
TEXT-ONLY mail to the complete "Reply-To:" address ("My Name" <my@address>) may
bypass the spam filter. I will answer all pertinent mails from a valid address.

I noticed that Message-ID: <cn*********@news2.newsguy.com> from Dynamo
contained the following:

OK so I tried it and failed miserably.

What Pedro said.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/