Hi, i need help, who knows and wants to help me with a problem I would greatly appreciate.

I downloaded a page to my site I instalato and work well only have one problem, anyone can access any without having to login, and must do so to be able to access only after being logged.

The page whit problem:

<!-- content -->
> <div id="content">
> <div class="boxui box-top"></div>
> <div class="boxui box-con">
> <?PHP include("./conectare/slide.php"); ?>      
> <div class="boxui box-end"></div>
> </div
> <br>
> 
> 
> <div class="boxui box-title">
> <span class="title-icon icon-status"></span>
> <h2><b>loguri accesari cont</b></a></h2></div>
> <div class="boxui box-con"><div class="wrap"><p>
> 
>                         <?php
>                       
> echo '<div align="center" style="margin-bottom: 10px; background: #FFF; padding: 6px; height:auto; border: 1px solid #c8c8c8; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px;">';
> echo '        <table border="1" bordercolor="FFCC00" style="background-color:FFFFCC" width="400" cellpadding="3" cellspacing="3">
> <thead>
> <td> id cont</td>
> <td> status logare</td>
> <td> ch</td>
> <td> info logare</td>
> <td> info delogare</td>
> <td> id pc</td>
> </thead>
> ';
>                   
>                   $id = $_SESSION['id'];
>                       mysql_select_db("account");
>                       $sql = mysql_query("SELECT * FROM `account` WHERE `login` = '" . $id . "'") or die (mysql_error());
>                       $row2 = mysql_fetch_array($sql);
>                       $idnou = $row2['id'];
>                       mysql_select_db("log");
>    $SQL = mysql_query("SELECT * FROM `loginlog2` WHERE `account_id` = '" . $idnou . "' ORDER BY `login_time` DESC") or die (mysql_error()); //gata merge:) nu ai date inca in baza de date :))
>      $x1 = 0;$afisari = 25;
>      while(($row = mysql_fetch_array($SQL)) && ($afisari > 0))
>                         {
> 
> echo '
> 
>   <tr>
>       <td> '. $row["account_id"]. ' </td>
>       <td> '. $row["type"]. ' </td>
>       <td> '. $row["channel"]. ' </td>
>       <td> '. $row["login_time"]. ' </td>
>       <td> '. $row["logout_time"]. ' </td>
>       <td> '. $row["ip"]. ' </td>
>   </tr>
>   ';
> 
>                             $x1++;$afisari--;
>                         }
>                         if($x1 == 0)
>                         {
>                           echo "<tr><td>Nu avem destule date in baza de date pentru a genera aceasta informatie!</td><td></td></tr>";
>                         }
>                       
>                   echo '  </table>
>                           </div>';
>                       
> 
>                         ?>
>                       <br>
> 
>       <div class="meta"></div></div></div>
>               <div class="boxui box-end"></div>     
>               <!-- news post -->
> 
> 
> </p>
> 
> 
>   
>   <div style="margin-bottom: 10px; background: #FFF; padding: 6px; height:auto; border: 1px solid #c8c8c8; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px;">
>    Aici se pot vedea loguri referitoare la ultimele logari in joc.
> <br><br>
> 
> Daca la "<u>Stare</u>" apare <u>"INVALID</u>", inseamna ca logarea a fost esuata sau clientul a fost inchis fara a se face delogare.
> </div>
> 
> 
>             
>       </div>
>       <!-- end content -->

and look at a page that runs on login:

> <div id="content">
> <div class="boxui box-top"></div>
> <div class="boxui box-con">
> <?PHP include("./conectare/slide.php"); ?>      
> <div class="boxui box-end"></div></div>
>   
> <div class="boxui box-title"><span class="title-icon icon-status"></span>
> <h2>listarea caracterelor</a></h2>
> </div><div class="boxui box-con"><div class="wrap"><p><span class="news-content">
> 
> <div style="margin-bottom: 0px; background: #FFF; padding: 6px; height:auto; border: 1px solid #c8c8c8; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px;">
> 
> <?PHP
> 
> if(isset($_SESSION['user_id']) && checkInt($_SESSION['user_id']) && $_SESSION['user_id']>=0) {
>  
> echo"<br/>";
> $cmdChars = "SELECT player.id,player.name,player.job,player.level,player.playtime,guild.name AS guild_name
> FROM player.player
> LEFT JOIN player.guild_member 
> ON guild_member.pid=player.id 
> LEFT JOIN player.guild 
> ON guild.id=guild_member.guild_id
> WHERE player.account_id='".$_SESSION['user_id']."'";
> $qryChars = mysql_query($cmdChars,$sqlServ);
> $x=0;
> echo'<table>
> 
> <tr>
> <th class="topLine">    Caracter               </th>
> <th class="topLine">Rasă            </th>
> <th class="topLine">Nivel          </th>
> <th class="topLine">Timp joc             </th>
> <th class="topLine">Breaslă          </th>
> <th class="topLine">   </th></tr>';
> 
> while($getChars = mysql_fetch_object($qryChars)) {
> $zF = ($x%2==0) ? "tdunkel" : "thell";
> echo'<tr>
> <td class="'.$zF.'">     <a href="?s=debugare&char='.$getChars->id.'" title="Deblocare caracter">'.$getChars->name.'</a></td>
> <td class="'.$zF.'"> '.$aRassen[$getChars->job].'</td>
> <td class="'.$zF.'"> '.$getChars->level.'</td>
> <td class="'.$zF.'"> '.$getChars->playtime.' Minute</td>
> <td class="'.$zF.'"> '.$getChars->guild_name.'</td>
> 
> </td>
> </tr>';
> $x++;
> }
> echo'</table>';
> echo" <br/><br/>";
> }
>   else {
>     echo' <center><p class="meldung">You must be logged in to access this page</p></center>';
>   }
>   
> ?>
> 
> </div><br>
> <div class="meta"></div></div></div>
> <div class="boxui box-end"></div></div>

What all you need to add that it can not be accessed whitout login.
or if someone kindly modify my code it.Thank you!

Recommended Answers

@cristian.stilpeanu.1

What all you need to add that it can not be accessed whitout login. or if someone kindly modify my code it.

What error appear when you ran this code, since you are using JOIN in your query then must have be at least an error?

Jump to Post

Add session protection. If user logged in - search for $_SESSION['user_id'] or whatever you're using.

Jump to Post

@cristian.stilpeanu.1

I downloaded a page to my site I instalato and work well only have one problem, anyone can access any without having to login, and must do so to be able to access only after being logged.

Try to included this Pear Package:

Jump to Post

Ok, solved?

Jump to Post

All 14 Replies

Member Avatar

@cristian.stilpeanu.1

What all you need to add that it can not be accessed whitout login. or if someone kindly modify my code it.

What error appear when you ran this code, since you are using JOIN in your query then must have be at least an error?

here, did not intend to advertise

<urls snipped>

Thank you!

Member Avatar

Add session protection. If user logged in - search for $_SESSION['user_id'] or whatever you're using.

Member Avatar

@cristian.stilpeanu.1

I downloaded a page to my site I instalato and work well only have one problem, anyone can access any without having to login, and must do so to be able to access only after being logged.

Try to included this Pear Package:

http://pear.php.net/package/LiveUser/redirected

It comes with a code so you really need to take time adding this.

What daifol mention is about protecting your session:

http://phpsec.org/projects/guide/4.html

Member Avatar

Ok, solved?

I apologize for any inconvenience, but can someone delete my php code posted by me?

Member Avatar

Why?

this discussion appears in google search words of my pages and i don't want to see the people my code, please. Thank you!

Member Avatar

@cristian.stilpeanu.1

this discussion appears in google search words of my pages and i don't want to see the people my code, please. Thank you!

The question you ask is weird. I mean you have to understand when you post anything on the web it will appear sooner or later on google. You can't prevent that from happening.

Member Avatar

DW has a general policy not to delete posts, especially when there have been replies to it. If you want to PM me with further info and a reason why this needs to happen, feel free, perhaps I could advise you further.

Member Avatar

.... sad

I'm afraid that's the size of it. If you could outline the issue in a PM perhaps?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.