|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
July 29th, 2002, 06:56 PM
|
|||
|
|||
|
Login Problems!
Hey all!
I'm working on the admin section of my personal portfolio/resume website (www.frankmanno.com). The problem I'm having right now is getting the login to work properly. The way I want to set it up is like so: index.php - main admin interface login.php - login form, used to enter username/password auth.php - script that verifies user information How I want this to work is that if a user attempts to access a page other than index.php, for example "addnews.php", I want them to automatically be redirected to login.php if they have not already been logged in. The problem I'm having is attempting to re-direct them back to the ORIGINAL page they tried to access (example: "addnews.php"), rather than the index.php page. I'm trying to do it by setting a session variable which stores the rerering page (HTTP_REFERR), however, this is not working. Here is a snippet of the code: Code:
// Include files
include("../include/dbVars.php");
// Create database connections
$dbcnx = mysql_connect($dbServer, $dbUser, $dbPass);
mysql_select_db($dbName) or die("<p>Could not connect to $dbName<br> " .
"Error:" . mysql_error() . "</p>");
// Add slashes to the username and
// make an MD5 checksum of the password
$_POST['userName'] = addslashes($_POST['userName']);
$_POST['userPass'] = md5($_POST['userPass']);
$result = mysql_query("SELECT count(userID) FROM users WHERE
userPass = '$_POST[userPass]' AND
userName = '$_POST[userName]'")
or die("<p>Unable to query $dbName<br>" .
"Error: " . mysql_error() . "</p>");
$numFound = mysql_result($result, 0);
// If no number is returned, display
// login form
if (!$numFound){
?>
<?php echo "Ref: " . $_SERVER['HTTP_REFERER']; ?>
<form method="post" action="<?php echo $_SERVER[PHP_SELF]; ?>">
<table width="60%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>Login Form</td>
<td> </td>
</tr>
<tr>
<td>Name:</td>
<td>
<input type="text" name="userName">
</td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type="password" name="userPass">
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="submit" name="Submit" value="Submit">
</td>
</tr>
</table>
</form>
<?php
}// End of if
// If value is returned, start login session
else {
//session_start();
// Username & Password already slashed & md5'd
$_SESSION['userName'] = $_POST['userName'];
$_SESSION['userPass'] = $_POST['userPass'];
echo("Ref: " . $_SESSION['refURL']);
// header('Location: $_SESSION[refURL]');
/* echo ("Conrats!");
echo("<h1>Login successful!</h1><br>You are now logged in as " .
"$_SESSION[userName] with password $_SESSION[userPass]");
*/
}
Here is the auth page I use on all the other pages to verify if the user has been logged in: Code:
session_start();
include("../include/dbVars.php");
// Verify is session variables exist
if (!$_SESSION['userName'] || !$_SESSION['userPass']){
// Redirect user to login page
header('Location: ../admin/login.php');
die();
} else {
// Verify if user has login credentials
$dbcnx = mysql_connect($dbServer, $dbUser, $dbPass);
mysql_select_db($dbName) or die("Couldn't connect to database $dbName!");
// DB query to verify user's login information
$result = mysql_query("SELECT count(userId) FROM users WHERE
userPass = '$_SESSION[userPass]' AND
userName = '$_SESSION[userName]'") or
die("Error retrieving user information!");
// False if no match found
$numFound = mysql_result($result, 0);
// Test if user was verified
if (!$num){
// If user does not verify, redirect to login.php
// so user may login
header('Location: ../admin/login.php');
die();
}
echo("Ref: " . $_SERVER['HTTP_REFERER']);
}
Btw, some of the echo's are just debugging statements! Don't think I'm crazy or anything!  Any ideas/suggestions on how I can go about doing this? Thanks in Advance!
__________________
____________________________________________ Developer Shed Weekly Writer | DevArticles Forum Moderator Build Your Own KlipFolio Klip With PHP FrankManno.com - Under Construction Design Interactive Group - Under Construction Last edited by FrankieShakes : July 29th, 2002 at 07:43 PM.
|
|
#2
July 29th, 2002, 07:22 PM
|
|||
|
|||
|
ok, i kinda went thought your code, bit confusing, what i would suggest, is you make a function to see if theiy have loged in, if they havent return a false value,
then at the top of each page, if(function_name() != "TRUE") { //wrong, log details, and head place a header to the index file }
|
|
#3
July 29th, 2002, 07:45 PM
|
|||
|
|||
|
Ben,
Yeah... It's a little confusing... I just threw it together, and I didn't remove all my debug statements! As for returning the value, I was thinking that as well... The only problem is that if the value is false and the user is re-directed to the general login page, how do I re-direct the user BACK to the page they were originally trying to access?
|
|
| Viewing: Dev Articles Community Forums > Programming > General Programming Help > Login Problems! |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
