Login script assistance (kinda newb)

ratbaggy

A'ight.

I started converting an old javascript login to PHP got most of it sussed. But it still aint working.

I know it doesn't use a database and that that would probably be easier. (I don't have one)

Hope it makes vague sense to some of you.

I have *'d the areas (in the code) where I think the problems are occuring.

I also need some suggestions on how to implement sessions into the code so users wouldn't have to re-type login details each page. And on redirecting the page to the relevant $successPage.

BTW I am still in my first fortnight of PHPing so be kind. ;P

thanks in advance guys.

<?php
$Username = $_POST['username'];
$Password = $_POST['password'];

$successpage = "http://www.google.com.au";
$loginpage = "http://www.google.com/login.htm";

$users = array();
$users[0] = array("user1", "pass1", "http://www.google.com.au/user1");
$users[1] = array("user2", "pass2", "http://www.google.com.au/user2");
$users[2] = array("user3", "pass3", "http://www.google.com.au/user3");

$member = null;
$loggedin = 0;
$members = count($users);
**	for($x=0; $x<$members && !$loggedin; $x++){
**		if(($Username==$users[$x][0])&&($Password==$users[$x][1])){
			$loggedin = 1;
			$member = $x;
			echo ("You have been logged in. Even if it doesn't seem like it.");
			break; // User validated, terminate the for loop.
		}
	}

if($loggedin==1){
	if($users[$member][2] != "") {
		$successpage = $users[$member][2];
	}
**	// setcookie("login", 1);
**	header("Location: ".$successPage);
	echo ("You are logged in");
	} else {
	echo ("You don't have permission to view this area. Please log in.".$x);
}
?>

Cheers. 🙂

dalecosp

You can pretty much do it the way you have. Before I started using sessions, I used a cookie rather larger than that one that stored username, email addy, and login status. A couple of things worth mentioning...

Your header() call can't work if anything has been sent to the browser, (i.e., in your case, any echo() calls...) so you'll have to figure out how you want to indicate the the user that he has been auth'd without printing that out until after the header. Of course, the issue there is that you're sending him/her to another page....

If you wanna try it with sessions, I took the liberty of editing your code to do so:

<?php 

session_start();  # must do this on each page a $_SESSION var is needed/used
$Username = $_POST['username']; 
$Password = $_POST['password']; 

$loginpage = "http://www.google.com/login.htm"; 

$users = array(); 
$users[0] = array("user1", "pass1", "http://www.google.com.au/user1"); 
$users[1] = array("user2", "pass2", "http://www.google.com.au/user2"); 
$users[2] = array("user3", "pass3", "http://www.google.com.au/user3"); 

$member = null; # not necessary to declare vars, unless you just want to...
$loggedin = 0;   # ditto
$members = count($users); 

for($x=0; $x<$members; $x++){    # OK, we'll be looping 3 times...
   if(($Username==$users[$x][0])&&($Password==$users[$x][1])){ 
      $_SESSION['loggedin'] = 1;   # assign a logged in status to this var
      $_SESSION['member'] = $x;    # assign the users' number to this var
      header("Location: ".$users[$x][2]);  # send this user to his successpage
      }   # otherwise, we try again
   }    # if none of the 3 user/pass combos match, then:

echo "You don't have permission to view this area. ";
echo "<a href=\"$loginpage\">Please log in.</a>"; 
?>

Hope it works, and hope it helps! Welcome to PHP....

dalecosp

Y'know, just to be safe, that header line should maybe be converted to these 2 lines:

$successpage=$users[$x][2];
header("Location: $successpage");

That quoting might be messed up ...

ratbaggy

Cheers for the help.

Will get back with success or failure. Right now I need sleep or the inevitable answer will be FAILED. 😉

thanks again.

BTW did you test this script? just so I know whether it's me being dumb if it fails or not.

ratbaggy

Originally posted by dalecosp
Y'know, just to be safe, that header line should maybe be converted to these 2 lines:
$successpage=$users[$x][2];
header("Location: $successpage");
That quoting might be messed up ... [/B]

Just to be safe about what?

ratbaggy

my interest got the better of me...

I have tested the page and keep getting an error.

You are not authorised to view this page

...then on refresh...

(displays message from PHP script)
You are not logged in etc etc.

Something to do with sessions?

dalecosp

Well, I hadn't tested it, but it does work here; I hard coded in the values for username/pw:

<?php

session_start();  # must do this on each page a $_SESSION var is needed/used
$Username='user1';
$Password='pass1';
$loginpage = "http://www.daleco.biz/phptests/login.htm";

$users = array();
$users[0] = array('user1', 'pass1', 'http://www.google.com.au/user1');
$users[1] = array("user2", "pass2", "http://www.google.com.au/user2");
$users[2] = array("user3", "pass3", "http://www.google.com.au/user3");

$members = count($users);

for($x=0; $x<$members; $x++){    # OK, we'll be looping 3 times...
   if(($Username==$users[$x][0])&&($Password==$users[$x][1])){
      $_SESSION['loggedin'] = 1;   # assign a logged in status to this var
      $_SESSION['member'] = $x;    # assign the users' number to this var
      $successpage=$users[$x][2];
      header("Location: $successpage");  # send this user to his successpage
      }   # otherwise, we try again
   }    # if none of the 3 user/pass combos match, then:

echo "<br><br>You don't have permission to view this area. <br><br>";
echo "<a href=\"$loginpage\">Please log in.</a><br><br>";
?>

Sends me to a 404 at Google every time....

G'night, BTW....

ratbaggy

Yepa!! Great work. Thanks dalecosp.

My error (as was expected) was that the re-direct page I was using was called indez.html, which ofcourse was why it was not authorised to view etc.

Thanks for your patience and assistance.

And cheers for the welcome to PHP, liking it so far. It's a damn fine language.

🙂

ratbaggy

So Now I feel dumb, cause I can't work out how to check sessions?

I've got this on pages to check if authorisation is made:

but realised that anyone with a password could login to others restricted sections. Is there a way to capture/check the $member number as well?

Any ways, here's what I got to so far. It'd be nicer if it didn't have to echo everything. Any Suggestions?

<?
	session_start();
	if(!$_SESSION['loggedin'] == 1){
		echo "<table width=\'100\%\' height=\'100%\' border=\'0\' cellspacing=\'0\' cellpadding=\'0\'><tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>";
		echo "<tr><td>&nbsp;</td><td><div align=\'center\'>Hello</div></td><td>&nbsp;</td></tr>";
		echo "<tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr></table>";
	}else{
		echo "<br><br>You don't have permission to view this area. <br><br>"; 
		echo "<a href=\"$loginpage\">Please log in.</a><br><br>"; 
	}
?>

Bijan

You have your member number in $_SESSION["member"], but then if you wana have the whole array of members, you should session the $users array too. But what do you mean that ppl can get to others private sections? Do you mean that for each user you are making a seperate page? I mean page A for user 0 and page B for user 1? If yes, why don't you use the same page for each user but with a different content? For example imagine of this page, for each post we don't have a different html page, it's only one page that's rebuilt for different users/threads.

ratbaggy

ok. Perhaps I should have explained this at the start.

My idea was to create a client viewing area. So they could login, view their work (their work only), which may cross multiple pages (i.e number of pics or view their entire website).

However, since there may be 3 jobs going at once. It would be nice to think that client no.2 would not be able to see client no.1s section, which using the above method they can (using same cookie)?. Is that right?

Can this be done with PHP or should I be using some other language, process, or functions?

Any and all help is really appreciated.

🙂

dalecosp

So, these folks are "virt host users" or such-like?

Your assertion "same cookie" sounds a bit strange. Each session 'cookie' is unique to the browser session at hand. If each page is coded so that only one "user" has access to it, the only way you're going to have two people on the same page(s) is if they can satisfy the login requirements to be that user.

[/curiousity && soapbox]

I guess a file could be made

if ($_SESSION['member']!=2) {
   header("Location: login.php");
   }

and included() in every file belonging to User #2; same with #1, #3, whomever....

If they have seperate folders, I wonder if AUTO_PREPEND is configurable via .htaccess or httpd.conf on a per/dir basis? That would make it even easier...

ratbaggy

Cool. Sounds about right.

I'm currently hosted on a win 2000 server (me thoughts it was gonna be linux) so .htaccess etc don't e4xist, but I am thinking of transfering to linux server.

*ratbaggy goes to transfer server to linux 🙂

*Edit: Spoke to a tech at host. They said I would have to rescript some sections of the website. Is that right? Would being on a linx server really require rescripting/coding sections of the site? And they want to charge me 🙁

dalecosp

Hmm, dunno much about IIS, if that's what it is...

System calls and any IIS specific coding might have to be changed. Perhaps date type functions, and that sort of stuff. Don't know really. I've always done UNIX....

Sorry, 🙁