Dreamweaver - Implementing User Authentication

elwadhos

I tried to implement user authentication using Dreamweaver 8.0 and php & mysql
I followed the steps accurately but when using a correct username and password it gives no response (not going to the specified php file in "if login success, go to").
Can any one help me?

Piranha

If you show the relevant parts of the code I am sure that someone can help you out.

elwadhos

<?php require_once('Connections/connBlog.php'); ?>
<?php
//initialize the session
session_start();
// Logout the current user.
$logoutAction = $SERVER['PHP_SELF']."?doLogout=true";
if ((isset($SERVER['QUERY_STRING'])) && ($SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($SERVER['QUERY_STRING']);
}

if ((isset($GET['doLogout'])) &&($GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
session_unregister('MM_Username');
session_unregister('MM_UserGroup');

$logoutGoTo = "/admin/logout.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?><?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($POST['username'])) {
$loginUsername=$POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "id_usr";
$MM_redirectLoginSuccess = "adminindex.php";
$MM_redirectLoginFailed = "adminlogin.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_connBlog, $connBlog);

$LoginRS__query=sprintf("SELECT username_usr, username_usr, id_usr FROM login WHERE username_usr='%s' AND username_usr='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $connBlog) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup  = mysql_result($LoginRS,0,'id_usr');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && true) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );

}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Blog: Login</title>
<script language="JavaScript" type="text/JavaScript">

</script>
<link href="../Templates/blog.css" rel="stylesheet" type="text/css">
</head>

<body>
<form action="<?php echo $loginFormAction; ?>" method="POST" name="adminlogin" id="adminlogin">
<table width="30%" border="0" cellpadding="0" cellspacing="0" class="topic">
<caption align="top" class="topheader">
Administrator Only
</caption>
<tr>
<td>Username</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td> </td>
<td><input name="login" type="submit" id="login" onClick="MM_validateForm('username','','R','password','','R');return document.MM_returnValue" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

elwadhos

$logoutGoTo = "../index.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
session_start();
$MM_authorizedUsers = "admin";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "adminlogin.php";
if (!((isset($SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $SESSION['MM_Username'], $SESSION['MM_UserGroup'])))) {

$MM_qsChar = "?";
$MM_referrer = $SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;

case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $SERVER['PHP_SELF'];
if (isset($SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($POST["MM_insert"])) && ($POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO blg_article_art (idtop_art, title_art, description_art, text_art, date_art) VALUES (%s, %s, %s, %s, %s)",
GetSQLValueString($POST['idtop_art'], "int"),
GetSQLValueString($POST['title_art'], "text"),
GetSQLValueString($POST['description_art'], "text"),
GetSQLValueString($POST['text_art'], "text"),
GetSQLValueString($_POST['date_art'], "date"));

mysql_select_db($database_connBlog, $connBlog);
$Result1 = mysql_query($insertSQL, $connBlog) or die(mysql_error());

$insertGoTo = "index.php";
if (isset($SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_connBlog, $connBlog);
$query_rsTopics = "SELECT * FROM blg_topic_top ORDER BY title_top ASC";
$rsTopics = mysql_query($query_rsTopics, $connBlog) or die(mysql_error());
$row_rsTopics = mysql_fetch_assoc($rsTopics);
$totalRows_rsTopics = mysql_num_rows($rsTopics);

mysql_select_db($database_connBlog, $connBlog);
$query_rsMenu = "SELECT * FROM blg_topic_top";
$rsMenu = mysql_query($query_rsMenu, $connBlog) or die(mysql_error());
$row_rsMenu = mysql_fetch_assoc($rsMenu);
$totalRows_rsMenu = mysql_num_rows($rsMenu);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Blog: Post Article</title>



<link href="..\Templates\blog.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="100%" border="0" cellspacing="7" cellpadding="0">
<tr valign="top">
<td colspan="2"><img src="../img/logo.jpg" width="250" height="70"></td>
</tr>
<tr valign="top">
<td width="17%"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="nugget">
<tr>
<td class="nugheader">Adminstration Section </td>
</tr>
<tr>
<td class="nugbody"><a href="list_top.php">Manage topics </a></td>
</tr>
<tr>
<td class="nugbody"><a href="list_art.php">Manage articles</a> </td>
</tr>
<tr>
<td class="nugbody"><a href="<?php echo $logoutAction ?>">Logout</a></td>
</tr>
</table></td>
<td>
<table width="100%" class="topic">
<tr><td>
<p>Welcome to the Administration Section. Use the form below to post a new article.</p>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="left">
<tr valign="baseline">
<td nowrap align="right">Article title:</td>
<td><input type="text" name="title_art" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">Topic:</td>
<td><select name="idtop_art" id="idtop_art">
<?php
do {

?>
<option value="<?php echo $row_rsMenu['id_top']?>"><?php echo $row_rsMenu['title_top']?></option>
<?php
} while ($row_rsMenu = mysql_fetch_assoc($rsMenu));
$rows = mysql_num_rows($rsMenu);
if($rows > 0) {
mysql_data_seek($rsMenu, 0);
$row_rsMenu = mysql_fetch_assoc($rsMenu);
}
?>
</select></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">Article description:</td>
<td><textarea name="description_art" cols="50" rows="5"></textarea>
</td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">Article:</td>
<td><textarea name="text_art" cols="50" rows="5"></textarea>
</td>
</tr>
<tr valign="baseline">
<td nowrap align="right"> </td>
<td><input type="submit" value="Insert record"></td>
</tr>
</table>
<input type="hidden" name="date_art" value="<?php echo date('Y-m-d H:i:s'); ?>">
<input type="hidden" name="MM_insert" value="form1">
</form>
</td></tr></table>
</td>
</tr>
<tr valign="top">
<td colspan="2"><div align="center">Powered by<br>
<a href="http://www.macromedia.com/software/dreamweaver/" target="_blank"> Macromedia Dreamweaver MX </a></div></td>
</tr>
</table>
</body>
</html>
<?php
mysql_free_result($rsTopics);

mysql_free_result($rsMenu);
?>

Piranha

I don't think that anyone will read through all that code. Please just post the RELEVANT parts of the code, in other words the part of the code that does not seem to work. Who knows, when you find out what code works and what code does not work you might even solve the problem yourself.

And don't be afraid to edit your posts, if you find out what code is relevant just put that in instead of all the other code.

elwadhos

thanks Piranha,
This code generated by Dreamweaer, Iam trying to apply this example
http://www.adobe.com/devnet/dreamweaver/articles/php_blog2.html
every thing is ok except that it does not go to the adminstration page.

Piranha

http://phpbuilder.com/board/showthread.php?t=10329160

I won't answer to this thread any more since there are way to much irrelevant code and I won't go through it all. I hope that it's really clear this time.