Dear php pro guys i need your help please;

i have 3 files; index.php login.php and member.php

my major problem i cant prevent the link to be copied after logging in


in php4 ---file:memeber.php--- if ($_SESSION["login"] !=1 -- it works great when the user log in and link can not be copied it redirect him to index.php

after migrating to php5

now in php5---file;member.php- if ($_SESSION["login"] !=1 ---- wont access the page and neither i can log in from index.php
so if i set that to if ($_SESSION["login"] !=0--- it works great
but my problem is that the link can be copied and can be accessed
in other words not good ;user can access without logging in i can not redirect; please i need your full support guys and part of my script is below ;

<?php ob_start() ?>
<?php
session_start();

// date calculation function
// adds or subtracts a date based upon the input.
// $this_date is a string format of a valid date ie.. "2006/08/11"
// $num_days is the number of days that you would like to add (positive number) or subtract (negative number)
function fnc_date_calc($this_date,$num_days){
   $my_time = strtotime ($this_date); //converts date string to UNIX timestamp
   $timestamp = $my_time + ($num_days * 86400); //calculates # of days passed ($num_days) * # seconds in a day (86400)
   $return_date = date("Y/m/d",$timestamp);  //puts the UNIX timestamp back into string format
   return $return_date;//exit function and return string
}//end of function

$UID=$_SESSION["logID"];

//echo $UID;
//Check to see if the user was already logged on
if ($_SESSION["login"] !=0 && $_SESSION["login"] !=3)
{
header ('Location: index.php?Msg=3');
}
//echo $_SESSION["login"];

//Connect to DB and Get the mailing list
$dbcnx = mysql_connect('my host', 'my username', 'my pass');


//we could connect to the database
//Select the DB we want to deal with
mysql_select_db ("charbel");
?>

Well php4 or php5 sessions are based on cookies so there is no concept of "copying the url" to duplicate the session which leads me to believe you are checking logged-in state based on a GET variable in which case the code you posted isn't the code that's being executed.

thks for the reply , but this not what iam looking for , i mean if i copy the url to different computer and different connection still the page can be opened where it should ask for the log in, if u read carefully the problem i think maybe u can tell me what to write and thks for now much

Well if you read my reply I point out that what you're dealing with isn't a session problem OR the code you posted isn't the code that is the issue. Post the rest of your code.

The only code that could be wrong in what you posted is this

#
if ($_SESSION["login"] !=0 && $_SESSION["login"] !=3)
#
{
#
header ('Location: index.php?Msg=3');
#
}

If $_SESSION['login'] isn't set then that will return true.

thanks again for being helpful

I will make it easier for you; iam making a website http://www.forexbank-signals.com

now log in access with username ; 1 and password; 1

it will leads you to Member.php page
the code i posted before is the member.php
still i have to send you the login.php how also made cos related to member.php

now if you copy that page url again to another computer ; it will be opened again ; so here iam tyring for that page member.php cant be opened by url directly; now in php4 ; if i set that login=1 it will works and url cant be copied; now php5 it only works with login=0 and url can be copied which is not good; i can send you the php files in case u have email and thanks again really

In what page are you setting $_SESSION['login'] ?

Also, don't email files around when you're on a forum asking for help that limits your audience to one person. Post the code here

ok iam new here; i will post the 2 codes; member.php login.php and the login button is on the index.php

member.php


<?php ob_start() ?>
<?php
session_start();

// date calculation function
// adds or subtracts a date based upon the input.
// $this_date is a string format of a valid date ie.. "2006/08/11"
// $num_days is the number of days that you would like to add (positive number) or subtract (negative number)
function fnc_date_calc($this_date,$num_days){
   $my_time = strtotime ($this_date); //converts date string to UNIX timestamp
   $timestamp = $my_time + ($num_days * 86400); //calculates # of days passed ($num_days) * # seconds in a day (86400)
   $return_date = date("Y/m/d",$timestamp);  //puts the UNIX timestamp back into string format
   return $return_date;//exit function and return string
}//end of function

$UID=$_SESSION["logID"];

//echo $UID;
//Check to see if the user was already logged on
if ($_SESSION["login"] !=0 && $_SESSION["login"] !=3)
{
header ('Location: index.php?Msg=3');
}
//echo $_SESSION["login"];

//Connect to DB and Get the mailing list
$dbcnx = mysql_connect('my host', 'my username', 'my pass');


//we could connect to the database
//Select the DB we want to deal with
mysql_select_db ("charbel");
?>
login.php

<?php ob_start() ?>
<?php
session_start();

$UName = $_REQUEST['UserName'];
$PWD = $_REQUEST['PWD'];

$dbcnx = mysql_connect('my host', 'username', 'password');
if (!$dbcnx) {
 header ('Location: index.php?Msg=2');
 exit();
}

//we could connect to the database

//Select the DB we want to deal with
mysql_select_db ("charbel");

//Now we have to check if the username and password entered are correct
$MyDate = date("Y-m-d", time());
$sql="Select * from Member where UserName='$UName' AND PWD='$PWD' AND ExpiryDate>='$MyDate'";
//echo $sql;
//exit();

$result=mysql_query($sql);
$num=mysql_numrows($result);


	if($num!=0)
	{


		$RegistrationType = mysql_result($result,0,"RegType");
		$login = $RegistrationType;
		session_register("login");

		$logID = mysql_result($result,0,"MemberID");
		session_register("logID");

		$Email = mysql_result($result,0,"Email");


		session_register("Email");

		//redirect users depending on registration type
		if($RegistrationType=="1" || $RegistrationType=="3")
		header ('Location: Members.php');
		if($RegistrationType==2)
		header ('Location: Members2.php');
		exit();
	}
	else
	{
		 header ('Location: index.php?Msg=1');
		 exit();
	}

header ('Location: index.php?Msg=1');
?>

<?php ob_end_flush() ?>

and the click button is on the index.php
thks again

I tried logging in and then I logged out. Assuming that the logout button does something, there is something missing because I can then still go directly to Members.php. I didn't try accessing Members.php before I tried to log in, but maybe that will work as well. There is something wrong in your login checking in Member.php. If it is the code at the start of this post, then $_SESSION["login"] isn't 0 and it isn't 3. It seems like pretty straightforward debugging to figure out what the value is and change something in one module or the other to make it work.

Where are you getting $_SESSION["login"] from, you're not setting it anywhere? It doesn't just magically appear.

u r right;but i tried everything and why in php4 it works well;
i dont know anymore what session should i put here ;i have tried everything 0,1 and 2 and 3; even if i remove the logout button the page cabe enetered ; so do u have any idea about for to put something in url so when i logg in can be accessed and when i log out can not be accesed again till he put again his username and password, i mean it is easy and iam stuck on it-

i have a file also to register the members; that is working great with the sql ; my only problem is the url not being opened directly without access

u r right;but i tried everything and why in php4 it works well;
i dont know anymore what session should i put here ;i have tried everything 0,1 and 2 and 3; even if i remove the logout button the page cabe enetered ; so do u have any idea about for to put something in url so when i logg in can be accessed and when i log out can not be accesed again till he put again his username and password, i mean it is easy and iam stuck on it-

It's because PHP4 is a big bag of crap. All you have to do is set the damn variable in login.php. You're never setting it. PHP5 is supposed to give you an error when you try to access an index that doesn't exist (in this case, "login") which means you have error reporting off.

the login.php will only verify the username and password to log in; but also i set that in login it wont work; i tried that; the script is well done but only problem is the session written in members; if u got any ideas about that session if we can write it in another way the one with equal to zero; and i displayed in php.ini the display_errors=On and no errors;strange


and again as i told you if i set session=1 it works perfectly in php4; it wont work if u copy the link ;it ask for log in

the login.php will only verify the username and password to log in; but also i set that in login it wont work; i tried that; the script is well done but only problem is the session written in members; if u got any ideas about that session if we can write it in another way the one with equal to zero; and i displayed in php.ini the display_errors=On and no errors;strange

I don't think you're hearing me. Right now you're trying to figure out what to check $_SESSION["login"] against but that's not your problem. The problem is that $_SESSION["login"] never EXISTS in the first place to check against. Session variables aren't just magically set because you want them to.

ok what we do in that case;iam little bit confused with that script
ok what should i do to prevent that link being opened by copy url

ok what we do in that case;iam little bit confused with that script
ok what should i do to prevent that link being opened by copy url

What do you mean "what do we do"? I just told you what to do. You have to set $_SESSION["login"] when a user logs in. I think its the 4th time I've said it now

Comments
I'm wondering if you will have pulled all your hair out before this is done.

this how in index.php the button script is written

</div>
			<form action="login.php" name="frmloging" method="post" style="margin:0px; padding:0px; size:auto;">
						<table width="156" border="0" cellspacing="0" cellpadding="0" style="margin:0 0 0 10px">

						<table width="168" border="0" cellspacing="0" cellpadding="0" bgcolor="#FFFFFF" background="http://www.forexbank-signals.com/images/done2.jpg" style="border:1px solid #C0C0C0; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px">
    <?php
	$Msg=$_REQUEST['Msg'];
	if($Msg=='1') echo '<tr><td valign=top height=27 class=t1 colspan=2><font color=red>Wrong User Name or Password.</font></td></tr>';
	if($Msg=='2') echo '<tr><td valign=top height=27 class=t1 colspan=2><font color=red>Unable to connect to the '.'database server at this time.</font></td></tr>';
	if($Msg=='3') echo '<tr><td valign=top height=27 class=t1 colspan=2><font color=red>Session expired, please enter your UserName and Password to log in.</font></td></tr>';
    ?>
  <tr>
    <td width="62" height="27" valign="top" class=t1 align="left">
	<p style="margin-top: 5px" align="center"><font face="Tahoma"><b>
	<font size="2">
	Username:</font> </b>
	</font></td>
    <td width="99" height="27" valign="top" align="left">
	<p align="center"><font face=arial size=5>
	<input name="UserName" type="text"  onKeyPress="checkEnter(event)" value="" size="14" >
    </font></td>
  </tr>
  <tr>
    <td height="27" valign="top" class=t1 align="left">
	<p style="margin-top: 7px" align="center"><b><font size="2"><font face="Tahoma">
	Password:</font> </font></b></td>
    <td valign="top" height="31" align="left">
    <p align="center">
    <font face=arial size=5>
	<input name="PWD" type="password"  onKeyPress="checkEnter(event)" value="" size="14">
    </font>
    </td>
  </tr>
  <tr>
    <td valign="top" colspan=2 align=left>
	<p style="margin-right: -13px" align="center"><a href="#" onclick="javascript:fctlogin();">
    <input type='submit' value='Log In' style="cursor:pointer;cursor:hand; height:22; width:51; font-size:10px; font-weight:bold; text-transform:uppercase; font-family:Tahoma; float:right" class="style1">
    </a>

		 <a href="#" class="t1" ></a>

users will log on to member.php and i have already set that

ok to be clear if i set that in login.php =wont work
if i set that in member.php=already set

now should i change the phrase for session;please if u can clarify more;

maybe iam little confused with session; is it possible you set that in my code exactly as u wanted to be and i would appreciate that; i mean if u can set it for me in member.php and login.php how it will be the script and i ask from you if you can,and thanks for today also
i do appreciate your reply

and if u want i give you my ftp access; iam starting to get frustrated in that little script

As noted in my comment. session_register does NOT work in PHP4

<?php
session_start();

$UName = $_REQUEST['UserName'];
$PWD = $_REQUEST['PWD'];

$dbcnx = mysql_connect('my host', 'username', 'password');
if (!$dbcnx) {
  header ('Location: index.php?Msg=2');
  exit();
}

//we could connect to the database

//Select the DB we want to deal with
mysql_select_db ("charbel");

//Now we have to check if the username and password entered are correct
$MyDate = date("Y-m-d", time());
$sql="Select * from Member where UserName='$UName' AND PWD='$PWD' AND ExpiryDate>='$MyDate'";

$result=mysql_query($sql);
$num=mysql_num_rows($result);


if($num!=0)
{


  $RegistrationType = mysql_result($result,0,"RegType");
  $login = $RegistrationType;
  // session_register does NOT work in PHP4
  $_SESSION['login'] = $login;

  $logID = mysql_result($result,0,"MemberID");
  $_SESSION['logID'] = $logID;

  $Email = mysql_result($result,0,"Email");
  $_SESSION['Email'] = $Email;

  //redirect users depending on registration type
  if($RegistrationType=="1" || $RegistrationType=="3")
    header ('Location: Members.php');
  if($RegistrationType==2)
    header ('Location: Members2.php');
  exit();
}
else
{
  header ('Location: index.php?Msg=1');
  exit();
}

header ('Location: index.php?Msg=1');
exit;
?>

Whenever you upgrade a version of PHP make sure you read on php.net what has changed so stuff like this doesn't break.

within your login.php you have to set the login session

if($num!=0)
	{


		$RegistrationType = mysql_result($result,0,"RegType");
		$login = $RegistrationType;
		session_register("login");

		$logID = mysql_result($result,0,"MemberID");
		session_register("logID");

		$Email = mysql_result($result,0,"Email");


		session_register("Email");

		//redirect users depending on registration type
		if($RegistrationType=="1" || $RegistrationType=="3")
		header ('Location: Members.php');
		if($RegistrationType==2)
		header ('Location: Members2.php');
		exit();
	}
	else
	{
		 header ('Location: index.php?Msg=1');
		 exit();
	}

somewhere within there is where you have to add
$_SESSION = "1";
or 0 which ever one you choose to put.
\\this creates the session.

then on the members page you have to check it if it doesn't equal 1 then go back the the login.php

within your login.php you have to set the login session
somewhere within there is where you have to add
$_SESSION = "1";
or 0 which ever one you choose to put.
\\this creates the session.

then on the members page you have to check it if it doesn't equal 1 then go back the the login.php

I gave him the answer, you can't use session_register in PHP5

I gave him the answer, you can't use session_register in PHP5

sry i must of not seen that.

i just found out how to change my files over to _sessions

Finally i put that in the login.php and it works fine,as you said, i appreciate that from you and special thanks from both help of today from you

THANKS A LOT DEAR SHAWN, by the way iam in canada do not know what country u r , i wish you the best take care

Fist Thanks for four first answer shawn, somehow iam on the right track; I have my last question shawn what is the best way to use the echo welcome; i mean when the user log in to his member page ; he must see his username and date of today; can u provide quick echo in your php way to use it according my script which u know it;if u have time no urgent and thank you much again
regards
charbel

This article has been dead for over six months. Start a new discussion instead.