0

I'm trying to create a simple members only section. With the following code, I'm able to log in and get redirected to a page (that simply says: "hello") if the login is correct. If I then copy the URL from the page to which I was redirected, open up IE, and then paste the copied URL into the browser window, I'm told to log in. I would like to add a full web page of HTML (so that I can take advantage of CSS functionality and because I'm not that adept at PHP) to the redirected page, keeping it as a .php file, of course. Can someone help?


The current code is:


EXAMPLE_SESSION_FUNCTIONS.php

<?php
ini_set( 'session.name', 's' );
/* the URL to the login page*/
define( 'URL_LOGIN_PAGE', 'EXAMPLE_LOGIN.php' );

// start the session...
session_start();

/* check for valid user */
if( !defined('LOGGING_IN') )
{
  verify_if_valid_user();
}


function match_user_in_db( $user, $pass )
{
$host="localhost"; // Host name 
$username="a"; // Mysql username 
$password="b"; // Mysql password 
$db_name="c"; // Database name 
$tbl_name="d"; // Table name 

// Connect to server and select databse.
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['username']; 
$mypassword=$_POST['password']; 

// To protect MySQL injection 
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT username FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

  if( mysql_num_rows($result)==1 )
  {
    $_SESSION['valid_user'] = mysql_result( $result, 0, 0 );

Echo "<a href=http://www.myURL.com/EXAMPLE_TEST_PAGE.php</a>" ;

  }
  else
  {
Echo "Invalid login";
Echo "<a href=http://www.myURL.com/EXAMPLE_LOGIN.php>Login again!</a>" ;
  }
}


function process_login()
{
  $username = mysql_escape_string( trim($_POST['username']) );
  $password =  ($_POST['password']);



  match_user_in_db( $username, $password );  
}


function process_logout()
{
  /* used ONLY in the LOGOUT page.  */
  session_destroy();
  unset( $_SESSION );

Echo "You are logged out.";

}

function verify_if_valid_user()
{
  if( !isset($_SESSION['valid_user']) )
  {
    // user not logged in yet!
    // re-direct them to the login page

Echo "You are not logged in.";
Echo "<a href=http://www.myURL.com/EXAMPLE_LOGIN.php>Login now!</a>" ;

  }
}
?>

EXAMPLE_LOGOUT.php

<?php
// FILENAME: EXAMPLE_LOGOUT.PHP
// ---------------------------------------

include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
process_logout();
?>

EXAMPLE_LOGIN.php

<?php
if( isset($_POST['user_login']) )
{
  define( 'LOGGING_IN', true );
  // include the 'session functions' file
  include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
  process_login();
}
else
{
?>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<h1>Login Here</h1>
<form name="loginform" id="loginform" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <p>
    <input name="username" type="text" id="username" size="30" maxlength="30" />
    Username</p>
  <p> 
    <input name="password" type="password" id="password" size="30" maxlength="30" />
    Password</p>
  <p>
    <input type="submit" name="user_login" value="Submit" />
  </p>
</form>
</body>
</html>
<?php
}
?>

EXAMPLE_TEST_PAGE.php
THIS IS WHERE I WANT TO ADD A FULL HTML PAGE, REPLACING THE "echo "Hello";" with a full page of HTML code so that the only way to access that HTML page is to log in.

<?php
include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
?>

<html>
<head>
<title>TEST PAGE</title>
</head>
<body>

<?php
if ($_SESSION['valid_user'])

{
echo "Hello";//WANT TO REPLACE WITH A FULL HTML PAGE TO ACHIEVE RESULTS SPECIFIED ABOVE 
}


session_destroy();
?>

</body>
</html>
4
Contributors
11
Replies
16
Views
6 Years
Discussion Span
Last Post by Stefano Mtangoo
0

I'm trying to create a simple members only section. With the following code, I'm able to log in and get redirected to a page (that simply says: "hello") if the login is correct. If I then copy the URL from the page to which I was redirected, open up IE, and then paste the copied URL into the browser window, I'm told to log in. I would like to add a full web page of HTML (so that I can take advantage of CSS functionality and because I'm not that adept at PHP) to the redirected page, keeping it as a .php file, of course. Can someone help?


The current code is:


EXAMPLE_SESSION_FUNCTIONS.php

<?php
ini_set( 'session.name', 's' );
/* the URL to the login page*/
define( 'URL_LOGIN_PAGE', 'EXAMPLE_LOGIN.php' );

// start the session...
session_start();

/* check for valid user */
if( !defined('LOGGING_IN') )
{
  verify_if_valid_user();
}


function match_user_in_db( $user, $pass )
{
$host="localhost"; // Host name 
$username="a"; // Mysql username 
$password="b"; // Mysql password 
$db_name="c"; // Database name 
$tbl_name="d"; // Table name 

// Connect to server and select databse.
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['username']; 
$mypassword=$_POST['password']; 

// To protect MySQL injection 
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT username FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

  if( mysql_num_rows($result)==1 )
  {
    $_SESSION['valid_user'] = mysql_result( $result, 0, 0 );

Echo "<a href=http://www.myURL.com/EXAMPLE_TEST_PAGE.php</a>" ;

  }
  else
  {
Echo "Invalid login";
Echo "<a href=http://www.myURL.com/EXAMPLE_LOGIN.php>Login again!</a>" ;
  }
}


function process_login()
{
  $username = mysql_escape_string( trim($_POST['username']) );
  $password =  ($_POST['password']);



  match_user_in_db( $username, $password );  
}


function process_logout()
{
  /* used ONLY in the LOGOUT page.  */
  session_destroy();
  unset( $_SESSION );

Echo "You are logged out.";

}

function verify_if_valid_user()
{
  if( !isset($_SESSION['valid_user']) )
  {
    // user not logged in yet!
    // re-direct them to the login page

Echo "You are not logged in.";
Echo "<a href=http://www.myURL.com/EXAMPLE_LOGIN.php>Login now!</a>" ;

  }
}
?>

EXAMPLE_LOGOUT.php

<?php
// FILENAME: EXAMPLE_LOGOUT.PHP
// ---------------------------------------

include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
process_logout();
?>

EXAMPLE_LOGIN.php

<?php
if( isset($_POST['user_login']) )
{
  define( 'LOGGING_IN', true );
  // include the 'session functions' file
  include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
  process_login();
}
else
{
?>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<h1>Login Here</h1>
<form name="loginform" id="loginform" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <p>
    <input name="username" type="text" id="username" size="30" maxlength="30" />
    Username</p>
  <p> 
    <input name="password" type="password" id="password" size="30" maxlength="30" />
    Password</p>
  <p>
    <input type="submit" name="user_login" value="Submit" />
  </p>
</form>
</body>
</html>
<?php
}
?>

EXAMPLE_TEST_PAGE.php
THIS IS WHERE I WANT TO ADD A FULL HTML PAGE, REPLACING THE "echo "Hello";" with a full page of HTML code so that the only way to access that HTML page is to log in.

<?php
include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
?>

<html>
<head>
<title>TEST PAGE</title>
</head>
<body>

<?php
if ($_SESSION['valid_user'])

{
echo "Hello";//WANT TO REPLACE WITH A FULL HTML PAGE TO ACHIEVE RESULTS SPECIFIED ABOVE 
}


session_destroy();
?>

</body>
</html>

If I underatand what your asking (which is more of how to implement the HTML page instead of the proper PHP syntax, I would use something like the following. This code prevents you from having to echo HTML (meaning it will parse as is) while keeping it within the confines of the if statement

<?PHP if (whatever = whatever) { ?>

[B][Insert HTML Code Here][/B]

<?PHP } ?>

Is that what you were looking for?

0

No, I already tried that. The result is that when I login, using EXAMPLE_LOGIN.php, I am directed to the page (which is fine). However, when I then copy the URL, and open IE again and paste the URL into the browser window, I am sent directly to the page, without having to log in again. In the current setup, above, I am asked to log in (by the verify_if_valid(user) function).

If you replace lines 14-16, with a simple:

<p>hello</p>

and close off the php, before and after that html code, you'll see what I mean...

Any other thoughts?

0

php files do not have to include any php. they can be plain old html. just don't include any php or php tags.

0

php files do not have to include any php. they can be plain old html. just don't include any php or php tags.

Ok. But that doesn't solve my problem. I need an "if" statement to check the database to see if there's an ID and password. I'm using PHP to do this. Then I want to embed some HTML in between the PHP. Only users with a valid ID and password should be able to see the HTML.

Thoughts?

0

Sorry mgt - I misread - probably the Guinness!

jrotunda has the solution I believe.

0

JRotunda,

My bad - that worked....I must have left out a "{" or put something in the wrong place...., the first time I tried it

0

If I underatand what your asking (which is more of how to implement the HTML page instead of the proper PHP syntax, I would use something like the following. This code prevents you from having to echo HTML (meaning it will parse as is) while keeping it within the confines of the if statement

<?PHP if (whatever = whatever) { ?>

[B][Insert HTML Code Here][/B]

<?PHP } ?>

Is that what you were looking for?

Thanks for your help, JRotunda!!!!!

0

if solved, mark it so.

This is my first post in over 2 years. I'm not sure how to mark it "solved".

0

This is my first post in over 2 years. I'm not sure how to mark it "solved".

Link at the bottom

Edited by Stefano Mtangoo: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.