Restricting links without valid login but getting ERROR

Question

vishalonne 12 Junior Poster in Training

11 Years Ago

After lots of home work I came here for support and help.
Please see the siteClick Here on home page I have menu Computer Science and sub menu XI which open XICS.php on this page threr are few links. From those links few must work if user already logged in like (Upload, Solved Materials, Forum) else move to login page or show a message "Login Required". Here are code with which I am fighting since 2 days.

Problem is I don't want to hide entire page without login but some specific links should not work. And if come in with login then all links will work.

Right Now with following code if I try to access directly entering the url of page XICS.php Half page is displayed warnings, notices, and finally Fatal Error

Notice: Use of undefined constant HOST - assumed 'HOST' in C:\xampp\htdocs\secure\XICS.php on line 2
Notice: Use of undefined constant USER - assumed 'USER' in C:\xampp\htdocs\secure\XICS.php on line 2
Notice: Use of undefined constant PASSWORD - assumed 'PASSWORD' in C:\xampp\htdocs\secure\XICS.php on line 2
Notice: Use of undefined constant DATABASE - assumed 'DATABASE' in C:\xampp\htdocs\secure\XICS.php on line 2
Warning: mysqli::mysqli() [mysqli.mysqli]: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2
Warning: mysqli::mysqli() [mysqli.mysqli]: [2002] php_network_getaddresses: getaddrinfo failed: No such host is known. (trying to connect via tcp://HOST:3306) in C:\xampp\htdocs\secure\XICS.php on line 2
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2002): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2

Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on line 94

XICS.PHP

<?php
  $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
  sec_session_start(); ?>
some other HTML code lines.....

if(login_check($mysqli) == true){ ?>
    <div id="nav" class="image002-03">
     <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
    <ul id="ul1" class="serviceul">
        <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
        <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
        <li class="serviceli"><a href="#">Notes</a></li>
        <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
        <li class="serviceli"><a href="#">Presentations</a></li>
        <li class="serviceli"><a href="#">Uploads</a></li>
        <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
        <li class="serviceli"><a href="forum.php">Forum</a></li>
        <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
  </div>
  <?php
   }
    else{   ?>
  <div id="nav" class="image002-03">
    <span id="smalltext" 
        style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
    <ul id="ul1" class="serviceul">
       <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
       <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
        <li class="serviceli"><a href="#">Notes</a></li>
        <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
        <li class="serviceli"><a href="#">Presentations</a></li>
        <li class="serviceli"><a href="login.php">Uploads</a></li>
        <li class="serviceli"><a href="login.php">Solved Materials</a></li>
        <li class="serviceli"><a href="login.php">Forum</a></li>
        <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
   </div>
  <?php } ?>

process_login.php

<?php
 define("HOST", "localhost"); // The host you want to connect to.
 define("USER", "root"); // The database username.
 define("PASSWORD", ""); // The database password. 
 define("DATABASE", "check1"); // The database name.
 $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
 echo "Process Login";
 include 'functions.php';
 sec_session_start(); // Our custom secure way of starting a php session. 
 if(isset($_POST['email'], $_POST['p'])) { 
 $email = $_POST['email'];
 $password = $_POST['p']; // The hashed password.
    if(login($email, $password, $mysqli) == true)
    {
        // Login success
        include("XICS.php");
     } else {
     // Login failed
     header('Location: ./login.php?error=1');
    }
    } else { 
  // The correct POST variables were not sent to this page.
  echo 'Invalid Request';
}
?>

php

4 Contributors
34 Replies
515 Views
13 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by diafol

All 34 Replies

phorce 131 Posting Whiz in Training

11 Years Ago

@vishalonne

In that file, are you including/requring where the function is? For example, you use the function in XICS.php but I can't see where you include "functions.php". Is the function inside dbconnect.php OR a reference to the function?

phorce 131 Posting Whiz in Training

11 Years Ago

Pardon?

Ok, to me you have included the "functions.php" file and initalised the sessions in the wrong place.. It needs to be delcared at the top of the script, before anything else.. So, the code I posted, should now work?

vishalonne commented: 3 +2

diafol

11 Years Ago

AHA!

<?php
include 'dbconnection.php';
include 'functions.php';
//sec_session_start(); // Our custom secure way of starting a php session. 
if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   ...

You include function.php in line 3, but then it's included again when you include XICS.php on line 10. So the server has to deal with declaring the function sec_session_start() twice. This is regardless of wether you call the function.

Edited 11 Years Ago by diafol

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

phorce 131 Posting Whiz in Training Featured Poster · Answer 1 · 2012-08-26T09:36:10+00:00

On the first line of XICS.php you have this line:

<?php
  $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
  sec_session_start(); 
 ?>

Well, you're defining the constant "HOST", "USER", "PASSWORD", "DATABASE" in the file, process_login.php - So it looks, from looking at the code it doesn't know where it is.. So in that case, you need to include CICS.php in the process_login.php..

Alternatively, why not have just a file that connects to the database itself, and, everytime you want to connect to the database, just include/require this file?

You could have a file that JUST has the DATABASE CONNECTION details in and then require it.. Either way, you need a way of making sure the server knows where HOST and other credentials is.

vishalonne 12 Junior Poster in Training · Answer 2 · 2012-08-26T09:52:42+00:00

Thank you Phorce for looking into my problem
Yes I am doing same thing creating a dbconnection.php and using it where ever required. But by this also my problem will not solved. Finally all the warnings and notices gone but
FATAL ERROR still standing
Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on line 92
Now delete all php code fromm top and just added on top the NAV just take look into code

<?php
include 'dbconnection.php';
sec_session_start();
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="#">Uploads</a></li>
            <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
            <li class="serviceli"><a href="forum.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php
}
else{        ?>

<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="login.php">Uploads</a></li>
            <li class="serviceli"><a href="login.php">Solved Materials</a></li>
            <li class="serviceli"><a href="login.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>

guide me please

diafol · Answer 3 · 2012-08-26T09:58:59+00:00

sec_session_start() is not defined. The usual function is session_start(). Do you have a user-defined function called sec_session_start()?

vishalonne 12 Junior Poster in Training · Answer 4 · 2012-08-26T10:11:21+00:00

YES Here it is -

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}

defined in functions.php and this file is include in process_login.php

vishalonne 12 Junior Poster in Training · Answer 5 · 2012-08-26T10:14:08+00:00

If I include functions.php in XICS.php like this -

<?php
include 'dbconnection.php';
include 'functions.php';
sec_session_start();
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">

then again I get these warnings
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\secure\XICS.php:90) in C:\xampp\htdocs\secure\functions.php on line 13

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in C:\xampp\htdocs\secure\functions.php on line 14

But I can see the links also

vishalonne 12 Junior Poster in Training · Answer 6 · 2012-08-26T10:23:07+00:00

Thank you for giving your time
Here is the full code of XICS.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
        <meta name="description" content="Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" />
        <meta name="keywords" content="cbse cs and ip,11 cbse,11 cbse sample papers," />

        <link href="css/other.css" rel="stylesheet" type="text/css" />  
        <link href="css/other2.css" rel="stylesheet" type="text/css" />
        <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
        <script type="text/javascript" src="csshorizontalmenu.js"></script>
        <script type="text/javascript">
            var _gaq = _gaq || [];
            _gaq.push(['_setAccount', 'UA-34001071-1']);
            _gaq.push(['_trackPageview']);
            (function() {
                var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
                ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
                var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
            })();
        </script>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
    <script type="text/javascript">
     /*$(document).ready(function() {
      $('#ul1 li a').click(function(e) {
       e.preventDefault();
       $('#content').load($(this).attr('href'));
      });
     });*/
     $(function(){
        $('#ul1 li a').on('click', function(e){
            e.preventDefault();
            var page_url=$(this).prop('href');
            $('#content').load(page_url);
        });
    });
    </script>
    <body>
        <div id="main_container">
            <div id="container">
                <div id="banner_container">
                    <div id="login_container">
                        <span class="style1" >Email or Phonee</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    <span class="style1" >Password</span>&nbsp;&nbsp;<br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
                <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="#">Informatics Practices</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Software</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Register</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Get Together</a></li>
                    </ul>
                    <br style="clear: left;" />
               </div>
              </div>   
            </div>
            <div class="panel_container">

   ** <?php
    include 'dbconnection.php';
    include 'functions.php';
    sec_session_start();
    if(login_check($mysqli) == true){ ?>**
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="#">Uploads</a></li>
                <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
                <li class="serviceli"><a href="forum.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php
    }
    else{        ?>

    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="login.php">Uploads</a></li>
                <li class="serviceli"><a href="login.php">Solved Materials</a></li>
                <li class="serviceli"><a href="login.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php } ?>

phorce 131 Posting Whiz in Training Featured Poster · Answer 7 · 2012-08-26T10:27:12+00:00

<?php
include "functions.php";
sec_session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
        <meta name="description" content="Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" />
        <meta name="keywords" content="cbse cs and ip,11 cbse,11 cbse sample papers," />

        <link href="css/other.css" rel="stylesheet" type="text/css" />  
        <link href="css/other2.css" rel="stylesheet" type="text/css" />
        <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
        <script type="text/javascript" src="csshorizontalmenu.js"></script>
        <script type="text/javascript">
            var _gaq = _gaq || [];
            _gaq.push(['_setAccount', 'UA-34001071-1']);
            _gaq.push(['_trackPageview']);
            (function() {
                var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
                ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
                var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
            })();
        </script>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
    <script type="text/javascript">
     /*$(document).ready(function() {
      $('#ul1 li a').click(function(e) {
       e.preventDefault();
       $('#content').load($(this).attr('href'));
      });
     });*/
     $(function(){
        $('#ul1 li a').on('click', function(e){
            e.preventDefault();
            var page_url=$(this).prop('href');
            $('#content').load(page_url);
        });
    });
    </script>
    <body>
        <div id="main_container">
            <div id="container">
                <div id="banner_container">
                    <div id="login_container">
                        <span class="style1" >Email or Phonee</span>                                    <span class="style1" >Password</span>  <br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
                <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="#">Informatics Practices</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Software</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Register</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Get Together</a></li>
                    </ul>
                    <br style="clear: left;" />
               </div>
              </div>   
            </div>
            <div class="panel_container">

   ** <?php
    include 'dbconnection.php';
    if(login_check($mysqli) == true){ ?>**
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="#">Uploads</a></li>
                <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
                <li class="serviceli"><a href="forum.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php
    }
    else{        ?>

    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="login.php">Uploads</a></li>
                <li class="serviceli"><a href="login.php">Solved Materials</a></li>
                <li class="serviceli"><a href="login.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php } ?>

Dunno if that will help; I always initalise sessions before any code, solves problems with headers etc..

vishalonne 12 Junior Poster in Training · Answer 8 · 2012-08-26T10:37:20+00:00

vishalonne 12 Junior Poster in Training

11 Years Ago

???? What you want to say I can't get it

Squidge 101 Newbie Poster · Answer 9 · 2012-08-26T10:46:24+00:00

I thought session_start() had to be the first line before any output?

**Note:

To use cookie-based sessions, session_start() must be called before outputing anything to the browser. **

PHP.net

vishalonne 12 Junior Poster in Training · Answer 10 · 2012-08-26T10:49:15+00:00

Great Superb Fantastic
Thank you
Phorce
This is silly mistake
But you point my sillyness, and rctified it. Thank you. Its working
A personal request can I get your help in future, if you can then how can I contact you.

vishalonne 12 Junior Poster in Training · Answer 11 · 2012-08-26T10:54:31+00:00

OOOOOOOOOOOOFFFFFFFFF....! Now again a new problem
IF I come through proper way means entering valid id and password in it started giving FATAL Error
Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}

phorce 131 Posting Whiz in Training Featured Poster · Answer 12 · 2012-08-26T11:04:58+00:00

Are you re-delcaring the function and including "functions.php"?

Please post the script in which you get this problem on.. I don't see the problem in the script you've just posted above..

vishalonne 12 Junior Poster in Training · Answer 13 · 2012-08-26T11:10:35+00:00

this is complete code of process_login.php

<?php
include 'dbconnection.php';
include 'functions.php';
sec_session_start(); // Our custom secure way of starting a php session. 

if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   } else {
      // Login failed
      header('Location: login.php?error=1');
   }
} else { 
   // The correct POST variables were not sent to this page.
   echo 'Invalid Request';
}

?>

And the above function is a small part of functions.php

vishalonne 12 Junior Poster in Training · Answer 14 · 2012-08-26T11:21:47+00:00

I think this error

Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15

is coming due to this liine of function.php

session_regenerate_id(true); // regenerated the session, delete the old one.

entire function is posted in my post no. 109

vishalonne 12 Junior Poster in Training · Answer 15 · 2012-08-26T11:34:11+00:00

Yes somthing I found if I remove include 'function.php' line from XICS.php and try to get XICS.php by login process
then it displays the XICS.php page with these message

Notice: A session had already been started - ignoring session_start() in C:\xampp\htdocs\secure\functions.php on line 13
Notice: Constant HOST already defined in C:\xampp\htdocs\secure\dbconnection.php on line 2
Notice: Constant USER already defined in C:\xampp\htdocs\secure\dbconnection.php on line 3
Notice: Constant PASSWORD already defined in C:\xampp\htdocs\secure\dbconnection.php on line 4
Notice: Constant DATABASE already defined in C:\xampp\htdocs\secure\dbconnection.php on line 5

and if I directly hit the XICS.php url then this is the problem
Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on

phorce 131 Posting Whiz in Training Featured Poster · Answer 16 · 2012-08-26T11:36:50+00:00

Please re-post XICS.php again, with the fixes, exactly how it is with the error :)

vishalonne 12 Junior Poster in Training · Answer 17 · 2012-08-26T11:55:27+00:00

vishalonne 12 Junior Poster in Training

11 Years Ago

OK

vishalonne 12 Junior Poster in Training · Answer 18 · 2012-08-26T12:07:22+00:00

XICS.php

<?php
include "functions.php";
sec_session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
    <meta name="description" content="Portal For CBSE India, CBSE Guess Sample Questions Papers" />
    <meta name="keywords" content="cbse cs and ip,11 cbse,11 cbse sample papers" />

    <link href="css/other.css" rel="stylesheet" type="text/css" />  
    <link href="css/other2.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
    <script type="text/javascript" src="csshorizontalmenu.js"></script>
    <script type="text/javascript">
        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-34001071-1']);
        _gaq.push(['_trackPageview']);
        (function() {
            var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
        })();
    </script>
    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
 /*$(document).ready(function() {
  $('#ul1 li a').click(function(e) {
   e.preventDefault();
   $('#content').load($(this).attr('href'));
  });
 });*/
 $(function(){
    $('#ul1 li a').on('click', function(e){
        e.preventDefault();
        var page_url=$(this).prop('href');
        $('#content').load(page_url);
    });
});
</script>
    <style type="text/css">
        .style1
        {
            color: #FFFF99;
        }                        
        .ul
        {
            margin-left: 15px;
        }                        
    </style>
    </head>
<body>
    <div id="main_container">
        <div id="container">
            <div id="banner_container">    
                <div id="login_container>    
                    <span class="style1" >Email or Phonee</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    <span class="style1" >Password</span>&nbsp;&nbsp;<br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
            <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="#">Informatics Practices</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
<li><a href="http://www.cbsecsnip.in">Software</a></li>                    
<li><a href="http://www.cbsecsnip.in">Register</a></li>                    
<li><a href="http://www.cbsecsnip.in">Get Together</a></li>    
                </ul>    
                <br style="clear: left;" />
            </div>
        </div>   
        </div>
        <div class="panel_container">        
<?php
include 'dbconnection.php';
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="#">Uploads</a></li>
            <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
            <li class="serviceli"><a href="forum.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php
}
else{        ?>

<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="login.php">Uploads</a></li>
            <li class="serviceli"><a href="login.php">Solved Materials</a></li>
            <li class="serviceli"><a href="login.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php } ?>

    <div class="image002-07">
        Site Map</div>
    <div class="image002-08">
        Advertisement
        </div>
    <div class="image002-09">
        Advertisement</div>
    <div id="content" class="image002-10">
    </div>
    <div class="image002-11">
    Advertisement
        </div>
    <div class="image002-13">
        Footer</div>
      </div>
    </div>

</body>    
</html>

If I try to see this page after login then this is displayed
Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15
And url in address bar is

http://localhost/secure/process_login.php

And if I directly give page URL in address bar

http://localhost/secure/XICS.php

Then every thing work fine till now.

phorce 131 Posting Whiz in Training Featured Poster · Answer 19 · 2012-08-26T12:16:18+00:00

Aha, please forgive me.. If everything is working fine when you access XICS.php then the problem isn't there ;) post process_login.php! Apologies :)

vishalonne 12 Junior Poster in Training · Answer 20 · 2012-08-26T12:22:36+00:00

process_login.php

<?php
include 'dbconnection.php';
include 'functions.php';
sec_session_start(); // Our custom secure way of starting a php session. 

if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   } else {
      // Login failed
      header('Location: login.php?error=1');
   }
} else { 
   // The correct POST variables were not sent to this page.
   echo 'Invalid Request';
}

?>

vishalonne 12 Junior Poster in Training · Answer 21 · 2012-08-26T12:30:31+00:00

Dear Phorce
Is it possible to send all files to you so you can test it on your local server.

diafol · Answer 22 · 2012-08-26T13:08:31+00:00

sounds as though you have function sec_session_start() twice in functions.php (lines 5 and 15?)

vishalonne 12 Junior Poster in Training · Answer 23 · 2012-08-26T13:14:13+00:00

No... Diafol
Just see the code in last 2 post actually function.php is include in process_login.php and in process_login.php, XICS.php is included, something happeninh in this chain only.
Here I'm including function.php code for your reference.

<?php
//Secure Session Start Function:Securely start a PHP session.

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}


  //Secure Login Function:
function login($email, $password, $mysqli) {
   // Using prepared Statements means that SQL injection is not possible. 
   if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { 
      $stmt->bind_param('s', $email); // Bind "$email" to parameter.
      $stmt->execute(); // Execute the prepared query.
      $stmt->store_result();
      $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result.
      $stmt->fetch();
      $password = hash('sha512', $password.$salt); // hash the password with the unique salt.

      if($stmt->num_rows == 1) { // If the user exists
         // We check if the account is locked from too many login attempts
         if(checkbrute($user_id, $mysqli) == true) { 
            // Account is locked
            // Send an email to user saying their account is locked
            return false;
         } else {
         if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
            // Password is correct!

               $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
               $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

               $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
               $_SESSION['user_id'] = $user_id; 
               $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
               $_SESSION['username'] = $username;
               $_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser);
               // Login successful.
               return true;    
         } else {
            // Password is not correct
            // We record this attempt in the database
            $now = time();
            $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
            return false;
         }
      }
      } else {
         // No user exists. 
         return false;
      }
   }
}


//Create login_check function:Brute Force Function

function checkbrute($user_id, $mysqli) {
   // Get timestamp of current time
   $now = time();
   // All login attempts are counted from the past 2 hours. 
   $valid_attempts = $now - (2 * 60 * 60); 

   if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '$valid_attempts'")) { 
      $stmt->bind_param('i', $user_id); 
      // Execute the prepared query.
      $stmt->execute();
      $stmt->store_result();
      // If there has been more than 5 failed logins
      if($stmt->num_rows > 5) {
         return true;
      } else {
         return false;
      }
   }
}


//Create login_check function:Check logged in status.

function login_check($mysqli) {
   // Check if all session variables are set
   if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
     $user_id = $_SESSION['user_id'];
     $login_string = $_SESSION['login_string'];
     $username = $_SESSION['username'];
     $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
     $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

     if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { 
        $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
        $stmt->execute(); // Execute the prepared query.
        $stmt->store_result();

        if($stmt->num_rows == 1) { // If the user exists
           $stmt->bind_result($password); // get variables from result.
           $stmt->fetch();
           $login_check = hash('sha512', $password.$ip_address.$user_browser);
           if($login_check == $login_string) {
              // Logged In!!!!
              return true;
           } else {
              // Not logged in
              return false;
           }
        } else {
            // Not logged in
            return false;
        }
     } else {
        // Not logged in
        return false;
     }
   } else {
     // Not logged in
     return false;
   }
}

?>

diafol · Answer 24 · 2012-08-26T18:46:18+00:00

OK, sorry, missed that. Lot of code to peruse. :)

vishalonne 12 Junior Poster in Training · Answer 25 · 2012-08-26T19:22:06+00:00

Thanks for coming back and botheration...! I have made lots of change in between but Issue is same when I logged in with valid id and password I am getting same error fatal error I removed sec_session_start(); from process.php and XICS.php then also it is giving same error.

Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15

IF possible then please just take a look. And guide me. Now I am posting updated code of all files -
Login.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="forms.js"></script>

<script type="text/javascript">
function formhash(form, password) {

   // Create a new element input, this will be out hashed password field.
   var p = document.createElement("input");
   // Add the new element to our form.

   p.name = "p";
   p.type = "hidden"
   p.value = hex_sha512(password.value);
   // Make sure the plaintext password doesn't get sent.
   password.value = "";
   // Finally submit the form.
   form.appendChild(p);
   form.submit();

}
</script>
<?php
if(isset($_GET['error'])) { 
   echo 'Error Logging In!';
}
?>

</head>

<body><form action="process_login.php" method="post" name="login_form">
   Email: <input type="text" name="email" /><br />
   Password: <input type="password" name="password" id="password"/><br />
   <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" />
</form>
</body>
</html>

Process_login.php

<?php
include 'dbconnection.php';
include 'functions.php';
//sec_session_start(); // Our custom secure way of starting a php session. 

if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   } else {
      // Login failed
      header('Location: login.php?error=1');
   }
} else { 
   // The correct POST variables were not sent to this page.
   echo 'Invalid Request';
}

?>

XICS.php

<?php
include "functions.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
    <meta name="description" content="DOWNLOAD LATEST PROJECTS FOR CBSE CLASS XII INFORMATICS PRACTICES and Computer Science,Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" />
    <meta name="keywords" content="cbse cs and ip,xi science syllabus,xi syllabus,xii cbse syllabus,xii computer science,xii computer science question paper,xii question papers" />

    <link href="css/other.css" rel="stylesheet" type="text/css" />  
    <link href="css/other2.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
    <script type="text/javascript" src="csshorizontalmenu.js"></script>
    <script type="text/javascript">
        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-34001071-1']);
        _gaq.push(['_trackPageview']);
        (function() {
            var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
        })();
    </script>
    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
 /*$(document).ready(function() {
  $('#ul1 li a').click(function(e) {
   e.preventDefault();
   $('#content').load($(this).attr('href'));
  });
 });*/
 $(function(){
    $('#ul1 li a').on('click', function(e){
        e.preventDefault();
        var page_url=$(this).prop('href');
        $('#content').load(page_url);
    });
});
</script>
    <style type="text/css">
        .style1
        {
            color: #FFFF99;
        }
        .ul
        {
            margin-left: 15px;
        }
    </style>
    </head>
<body>
    <div id="main_container">
        <div id="container">
            <div id="banner_container">
                <div id="login_container">
       <span class="style1" >Email or Phonee</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    <span class="style1" >Password</span>&nbsp;&nbsp;<br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
     <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="#">Informatics Practices</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
<li><a href="http://www.cbsecsnip.in">Software</a></li>                    
<li><a href="http://www.cbsecsnip.in">Register</a></li>                    
<li><a href="http://www.cbsecsnip.in">Get Together</a></li>
                </ul>
                <br style="clear: left;" />
            </div>
          </div>   
        </div>
        <div class="panel_container">

<?php
include 'dbconnection.php';
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="#">Uploads</a></li>
            <li class="serviceli"><a href="#">Solved Materials</a></li>
            <li class="serviceli"><a href="forum.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php
}
else{        ?>

<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="login.php">Uploads</a></li>
            <li class="serviceli"><a href="login.php">Solved Materials</a></li>
            <li class="serviceli"><a href="login.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php } ?>

    <div class="image002-07">
        Site Map</div>
    <div class="image002-08">
        Advertisement
        </div>
    <div class="image002-09">
        Advertisement</div>
    <div id="content" class="image002-10">
    </div>
    <div class="image002-11">
    Advertisement
        </div>
    <div class="image002-13">
        Footer</div>
      </div>
    </div>    
</body>    
</html>

Functions.php

<?php
//Secure Session Start Function:Securely start a PHP session.

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}


  //Secure Login Function:
function login($email, $password, $mysqli) {
   // Using prepared Statements means that SQL injection is not possible. 
   if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { 
      $stmt->bind_param('s', $email); // Bind "$email" to parameter.
      $stmt->execute(); // Execute the prepared query.
      $stmt->store_result();
      $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result.
      $stmt->fetch();
      $password = hash('sha512', $password.$salt); // hash the password with the unique salt.

      if($stmt->num_rows == 1) { // If the user exists
         // We check if the account is locked from too many login attempts
         if(checkbrute($user_id, $mysqli) == true) { 
            // Account is locked
            // Send an email to user saying their account is locked
            return false;
         } else {
         if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
            // Password is correct!

               $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
               $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

               $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
               $_SESSION['user_id'] = $user_id; 
               $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
               $_SESSION['username'] = $username;
               $_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser);
               // Login successful.
               return true;    
         } else {
            // Password is not correct
            // We record this attempt in the database
            $now = time();
            $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
            return false;
         }
      }
      } else {
         // No user exists. 
         return false;
      }
   }
}
//Create login_check function:Check logged in status.

function login_check($mysqli) {
   // Check if all session variables are set
   if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
     $user_id = $_SESSION['user_id'];
     $login_string = $_SESSION['login_string'];
     $username = $_SESSION['username'];
     $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
     $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

     if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { 
        $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
        $stmt->execute(); // Execute the prepared query.
        $stmt->store_result();

        if($stmt->num_rows == 1) { // If the user exists
           $stmt->bind_result($password); // get variables from result.
           $stmt->fetch();
           $login_check = hash('sha512', $password.$ip_address.$user_browser);
           if($login_check == $login_string) {
              // Logged In!!!!
              return true;
           } else {
              // Not logged in
              return false;
           }
        } else {
            // Not logged in
            return false;
        }
     } else {
        // Not logged in
        return false;
     }
   } else {
     // Not logged in
     return false;
   }
}

?>

vishalonne 12 Junior Poster in Training · Answer 26 · 2012-08-26T20:02:29+00:00

So what you suggest how can go on the PAge XICS.php where my links are. Or advice what should I do now? Should I remove functions.php from XICS.php

Restricting links without valid login but getting ERROR

Recommended Answers Collapse Answers

All 34 Replies

Recommended Answers