ANOTHER QUESTION
okay, i have the login stuff all set up, but i cant seem to do one thing- i can't restrict access to pages
what i mean is that i dont know how to do this:
For a page called "MAPS" , i want it to say- Oops! your not logged in! login here.........- (if the person is not logged in)
or
if the person IS logged in, it would show the page as it should look normally.......
HELP ANYONE?!?!?!?!?!!?
does anyone have a code for this?
thanks so much!^^
| Bejeweledhorses wrote: |
| i have the login stuff all set up, but ... i can't restrict access to pages |
Well ... it would help to know how your login stuff works.
Usually, the login stuff sets a session variable that is checked on other pages.
| Code: |
// login
if (loginok()) {
$_SESSION['userid'] = 42;
} else {
$_SESSION['userid'] = 0;
} |
| Code: |
// other pages
if ($_SESSION['userid'] == 0) {
// not logged in: redirect
header('Location: login.php');
exit('Redirected to <a href="login.php">login</a>.');
}
// rest of page |
ok do this
add these lines to every file 2 protect
<?php
session_start();
if(ISSET($_SESSION['loggedin']))
{
}
else
{
echo("please log in");
}
?>
and don't remember to set $_SESSION['loggedin'] when a user logs in from login.php
need more help contact me with ur login php script
thanks so much guys-
i guess that i need a lot more practice with php! wish me luck! thanks!
ummmmmmmmmmm, hexkid- i put your code in and it comes up as this:
(the first code
// login
if (loginok()) {
$_SESSION['userid'] = 42;
} else {
$_SESSION['userid'] = 0;
})
and the page looks like this:
Fatal error: Call to undefined function: loginok() in /home/bejewele/domains/bejeweledhorses.frih.net/public_html/news.php on line 3
how do i keep my members in session?
i put in the second code of hexkid and it works fine but then, when my members log in, it blocks them too!
The login logout thing i have is VERY basic:
Remeber-sometimes i can be VERY dumb-so please walk me through this like a 4 yr old..................^^
Hmmm ... you have to define the login() function; that's why you get "undefined function".
Your members login through a from with name/password, right?
Let's say the names of the inputs are "name" and "password" -- so they are visible to PHP as $_POST['name'] and $_POST['password']. The login() function must validate that info, something like this: | Code: |
<?php
function login() {
if (($_POST['name'] == 'John') && ($_POST['password'] == 'fortytwo')) return true;
if (($_POST['name'] == 'Mike') && ($_POST['password'] == 'f00d')) return true;
if (($_POST['name'] == 'Ann') && ($_POST['password'] == 'star')) return true;
return false;
}
?> |
Of course that doing it like this means they can't change their password, and it's a PITA to add/remove members. I have no idea how your members are set up (database?, text file? one name only?) so that's why I didn't right the function in the first place. Also the $_SESSION['userid'] should not be 42, but the number that identifies the user in your system; I prefer to use a number, rather than just $_SESSION['loggedin'], because with a number I have the logeedin information as well as the identification in the same place. Well for starter you were supposed to MAKE the function loginok()... but anyway Login systems are simple.
First when they enter their username and password check that they match the stuff in the database, if they do then setup their sessions etc, for example you would put
| Code: |
| $_SESSION['loggedin'] = 1; |
Now to secure a page I suggest you make a function thats simply called securePage()
This function should look somehwat like the following
| Code: |
function securePage(){
if($_SESSION['loggedin'] == 1){
return true;
}else{
die('You are not allowed to access this page bugger off and login');
}
|
rhysieage, i put in you code and this is what i get:
Parse error: syntax error, unexpected $end in /home/bejewele/domains/bejeweledhorses.frih.net/public_html/map.php on line 27
i put in:
<?php
$_SESSION['loggedin'] = 1;
function securePage(){
if($_SESSION['loggedin'] == 1){
return true;
}else{
die('You are not allowed to access this page!Please go and login');
}
?>
*did i do somehting wrong again? this is so hard! i use databases and tables to keep track of members. Any advice or help in codes? thanks!^^*
| Bejeweledhorses wrote: |
rhysieage, i put in you code and this is what i get:
Parse error: syntax error, unexpected $end in /home/bejewele/domains/bejeweledhorses.frih.net/public_html/map.php on line 27
i put in:
<?php
$_SESSION['loggedin'] = 1;
function securePage(){
if($_SESSION['loggedin'] == 1){
return true;
}else{
die('You are not allowed to access this page!Please go and login');
}
?>
*did i do somehting wrong again? this is so hard! i use databases and tables to keep track of members. Any advice or help in codes? thanks!^^* |
You are missing a '}'
| Quote: |
<?php
$_SESSION['loggedin'] = 1;
function securePage(){
if($_SESSION['loggedin'] == 1){
return true;
}else{
die('You are not allowed to access this page!Please go and login');
}
}
?>
|
thank you- yes, your explaination made sense. one more tiny question:Is there a specific function that lets you display the updated page of a person's homepage?
lets say i wanted people to see how many "pets" they had. how do i call the function to display it from a database table?
thanks!
whats the difference between
long text
and
BLOB
and text
how should i make it if i want it to show html?
should i selected BLOB?
(used in Mysql databses)
ummmmmmmmmm how do you make teh following show up on a users page:
Welcome (username)! this is your stable!
anyone? does anyone know how this function is supposed to work?
i can't figure out how to make a page show a specific users section of a table! please help!
I'm sorry Bejeweledhorses, but I think you're question is to vague for anyone to help you. Try to be more specific. Post some code you have so far. What exactly is the problem? Where do you get stuck?
i cant get it to say, welcom user #123! This is your stable!
then you see that users stable layout
underneath would show what horses they own
at the bottm, there would be a small text box that allows them to update it........
i use databases,mysql, phpMyAdmin, html,and PHp to code this page that would be something like ''www.blahstables.com/stables.php''
I heard that there was a extension like www.blahworld.com/stables.php?=userid123 or somehting like that...........what does it mean and how can i use it?
Is this specific enough?
THanks so much for responding!!! try this code dude.
if(!session_is_registered("userid") and !session_is_registered("password")){
echo "<script>alert('Sorry, You don't have a privilege to view this page please login! ')</script>";
echo "<script>window.location='login.php'</script>";
}
This dude will check if the user registered in the session and it will check if the user is registered then he/she can view the page but if not it will pop up a message the he/she can't view the page unless it will login and then it will automatically redirect to login page.
If you want you can exclude the popup message to not be annoying and it will automatically redirect to login page.. i hope it helps.!
I hope it can help dude..
That's javascript though right? So by turning it off, I won't be redirected, and as the rest of the code isn't in an else, I'll still have access to everything.
Rhysige's code is much more secure.
From the URL, take the user_id
| Code: |
| $user_id = $_GET['userid']; |
and use it in your mysql statement to get that person's horses. Something like this (though without knowing your schema its hard to guess)
| Quote: |
| SELECT `horses` FROM `stables` WHERE ownerid=$user_id |
As for the stable layout, how do you know who has which layout and what are they? (images???)
For the 'Welcome (username)' to work, you need to have their username somewhere. If it's stored in a session that's handy, otherwise you'll have to retrieve it from your database. As to putting it into your page, are you using a template engine or just applying the php code to the appropriate HTML code part? I forget dude just add else statement to the other page so that it will not view the page...
regarding in your statement [code]$user_id = $_GET['userid']; do i have to check it on every pages to know if this person is log in... i think it would be better to login once and store it to session.
| mathiaus wrote: |
That's javascript though right? So by turning it off, I won't be redirected, and as the rest of the code isn't in an else, I'll still have access to everything.
Rhysige's code is much more secure.
From the URL, take the user_id
[code]$user_id = $_GET['userid'];[/code]
and use it in your mysql statement to get that person's horses. Something like this (though without knowing your schema its hard to guess)
| Quote: | | SELECT `horses` FROM `stables` WHERE ownerid=$user_id |
As for the stable layout, how do you know who has which layout and what are they? (images???)
For the 'Welcome (username)' to work, you need to have their username somewhere. If it's stored in a session that's handy, otherwise you'll have to retrieve it from your database. As to putting it into your page, are you using a template engine or just applying the php code to the appropriate HTML code part? |
all i want is a page that can differentiate between users and show there horses and stable layout. when others click on there name, they should be able to see that persons stable page but not be able to update it. Its kind of like neopets but a little different...............
i use a database for this.........i want the layout for the thing to be TEXT only.....
i am still a bit confused............
table for members is:
id username password
the table has the following sections for stables:
stableID stable_name layout
a seperate table in a seperate database has Horses
horseid name color ownerid breed gender
i am getting a bit confused.......... am i clearing up what i am asking in the first place at all?
thanks for the help so far guys- i will try it and maybe if i adjust it a little bit it will work...
try using this code, it is directly from something that I use.
for the welcome script:
| Code: |
session_start();
// include 'connect.php';
// the include above you dont necessarily need however you will need this
$dbuser = // here you would put your db username
$dbpass = // here you would put your db password
$database = // here you would put the name of the database that you are selecting
mysql_connect("localhost", "$dbuser", "$dbpw");
mysql_select_db("$database");
$username = trim($_POST['user']); // form field should be called user
$password = trim($_POST['pass']); // form field should be called pass
$password = md5($password);
$login = $_POST['login']; // the form function for the login should be called login
if (isset($login))
{
$sql = "select * from members where username = '$username' AND password = '$password'";
$result = mysql_query($sql);
}
$nummatches = @mysql_num_rows($result);
if ($nummatches > 0)
{
$_SESSION['approved'] = 'yes';
$_SESSION['user'] = $username;
}
if ($nummatches == 1 || $_SESSION['approved'] == 'yes')
{
// logged in page content would go here
//
//
//
} else {
// display the login area here //
}
?>
|
now for the actual calling of the name
put this at the top of the page where ever you want to use the users name
| Code: |
<?
start_session();
$username = $_SESSION['user'];
?>
<!-- in your html you would put this -->
<p>welcome <? echo "$username"; ?> , </p>
|
that should be all the parts that you need to be able to display that information and have a proper login system. Gundamxxg, this is what the page shows when i put your code in:
Fatal error: Call to undefined function: start_session() in /home/bejewele/domains/bejeweledhorses.frih.net/public_html/stafflist.php on line 12
i dont need a login page! i already have one! i need a layout/homepage for each user that can be viewed! Yikes! my brain hurts!
| Bejeweledhorses wrote: |
Gundamxxg, this is what the page shows when i put your code in:
Fatal error: Call to undefined function: start_session() in /home/bejewele/domains/bejeweledhorses.frih.net/public_html/stafflist.php on line 12 |
the function should be session_start() I believe | Bejeweledhorses wrote: |
| i dont need a login page! i already have one! i need a layout/homepage for each user that can be viewed! Yikes! my brain hurts! |
what you are going to need to do then is add dynamic links to each persons page and have the information in the database called in with php. To do so you will need to make a templated page that you will use. To get the information from the database you should use the GET method and make the links use that format. eg. /yourpage.php?user=$id where $id is available for each and every user that you have. That id will be me the main force behind all your information. If you need any additional help with this you can PM me and I can try to walk you through it step by step.bejeweledhorses:
I suggest you post your database structure for the users table,a nd the table where you store the info about each person's horses in the stable.
http://uk2.php.net/session_start that is the link, and yes the function should be session_start()
also, I think most of the scripts here would display the page, even if the user had no credentials to do so.
I think you should place exit(); after the part of the script that displays something if the user is logged in.
that would stop the rest of the script from executing.
here's my idea for you bejeweled horses:
| Code: |
<PHP
function mydie($error, $email, $subject){
echo "We appear to have a problem :(<br />The admin has been mailed";
$date = date('l dS \of F Y h:i:s A');
$message = "Admin, \n an error occured at $date . \n Error: \n\n\n $error \n\n\n Thanks, \n\n Auto gend error";
mail ($email, $subject, $message);
}
$dispuser = addslashes($_GET['uid']);
//At this point, I presume a connection to the correct database is open
$getpersonquery = "SELECT * FROM stableinfo WHERE uid='$dispuser'";
$executequery = mysql_query($getpersonquery);
if (!$executequery) {
die(mydie(mysql_error(), 'admin@thesite.com', 'A MYSQL ERROR HAS OCCURED');
}//If something has gone wrong, the script will mail you the error and 'die' after showing the user a message
if(mysql_num_rows ($executequery) == '0'){
echo "No results were returned";
exit();
}
$row = mysql_fetch_assoc($executequery)
echo "Hello, this is ".$row['ownername']."'s stable";
echo "They have horse: <b> $row['horsename'] </b><br/>";
echo "Their stable number is: <b> $row['stablenumber'] </b><br />";
?>
|
It will get the uid from the url, ie: http://www.yourdomain.com/showstable.php?uid=1 and display info from the DB about that person's stable / horse
it should hopefully work ok, but may need a bit of modifying to work with your script.
If all goes well it should display something like:
Hellothis is Bejeweled's stable
They have horse: Bejeweledhorses
Their stable number is: 001
email me if you have any trouble (the email button below this post)
