Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New Coder
    Join Date
    Nov 2002
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts

    submit variable help

    I have one single php file for user authentication. The file is made up of an if that checks whether a submit variable exists. If it does than another if statement verifies the user through a database and if the username and password exists than it displayes an html page. If not is shows the error page.

    The issue I have is that in the html page that is displayed when the user and password exist I have another if statement used for including the content. I pass variables through the url and that determines which content is loaded in the content area.

    When I pass the variable it seems to get rid of $submit existing and it goes back to the login page as if the login info was never submitted.

    Is there a way around this? Am I misinterpreting the use of the $submit variable? Should I base the main if statement around a variable other than $submit?

    Thanks for any help. I can attatch the file if necessary but I assume this is more of a concept issue rather than a syntax one. I could be wrong though.

  • #2
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    In a case like that you should really just keep your authentication code in a seperate file. A good way to work it is


    Say this is a file called login.php

    PHP Code:

    if(formsubmitted){
        
    authenticated check for authentication
        
    if(authenticated is true)
            
    redirect to member page
    else
        
    show login form 
    As for displaying different content don't worry about that until you get to the members page. The use of sessions is very handy as well. If the content to be shown depends on certain users logging in like say a regular user or an administrator for example you can store a value in the session to indicate what the user is and then check for that to display the appropriate content.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #3
    New Coder
    Join Date
    Nov 2002
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    the reason i didnt want to just redirect is becuase then someone could just directly access that site by typing in the url skipping the login process. Unless there is someway to protect the redirected page?

  • #4
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Yes you would need to protect each page in the site that requires authentication. They key to that is using sessions and an include file like so:


    Let's say this your include file is authenticated.php

    PHP Code:

    $authentication 
    $_SESSION['authentication'];
    if(
    $authentication != true){
       
    header("Location: http://domain.com/login.php");

    Then you simply need to add this line to the top of each page that requires authentication

    PHP Code:

    include("authenticated.php"); 
    In your login authentication code when the successfully login you simple create and set that session variable to true or however you want to check it.

    PHP Code:

    if(authenticated)
      
    $_SESSION['authentication'] = true 
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #5
    New Coder
    Join Date
    Nov 2002
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    awesome. thanks!

  • #6
    New Coder
    Join Date
    Nov 2002
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok just to make sure I understand how to apply this to my site:

    My main page is:

    PHP Code:
    <?php

    $username 
    $HTTP_POST_VARS['username'];
    $password $HTTP_POST_VARS['password'];

    if (
    $submit) {

        
    $connection mysql_connect("xxxxx","xxxxx","xxxxx") or die("Can't connect to the host".mysql_error());
        
    $dbconnection mysql_select_db("xxxxxx"$connection) or die("Can't connect to the database".mysql_error());
        
    $query "SELECT password from xxxx WHERE xxxx = '$username'";
        
    $result=mysql_query($query) or die ("Database Error");
        
    $row mysql_fetch_row($result);
        if (
    $row[0]==$password) {


    /*This is where I want to redirect to my main page after the user login info is correct according to the above if statement correct?*/

    session_start(); 
    header("Cache-control: private");
    $_SESSION['authentication'] = true

    include "adminpage.php";
    ?>



    <?php
        
    } else {
                        
    /* else if user name not is valid then this page is  displayed so they can try to re-enter their info */
       
    ?>

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>STM - Admin Control Panel</title>
    <link rel="stylesheet" type="text/css" href="adminstyle.css">
    <style type="text/css">
    <!--
    .style1 {color: #FFFFFF}
    .style2 {color: #999999}
    .style3 {
        color: #CCCCCC;
        font-weight: bold;
    }
    -->
    </style>
    </head>

    <body>
    <div align="center">
    <table width="302" border="0" cellpadding="0" cellspacing="0">
      <!--DWLayoutTable-->
      <tr>
        <td width="302" height="63">&nbsp;</td>
        </tr>
      <tr>
        <td height="19" align="center" valign="middle" bgcolor="#424242"><img src="images/loginmenu_img.jpg" width="150" height="19"></td>
        </tr>
      <tr>
        <td height="183" align="left" valign="middle" bgcolor="#2C2C2C" class="nav_bar2"><span class="style3">ERROR</span><br>
          <span class="style2">No
          User Account Found<br>
          Please Try Again </span>      
           <form action="<?php echo $PHP_SELF ?>" method="post" class="style1">
              <span class="style2">Username:&nbsp;</span>          
              <input type="text" name="username" class="textform" size="20">
              <span class="style2"><br><br>
              Password:&nbsp;&nbsp;</span> 
              <input type="password" name="username" class="passform" size="25"><br><br>
              <input type="submit" name="submit" value="Log In" class="submitbutton">
            </form>      
          <div align="right"><a href="#">Forget Your Info?</a>&nbsp;<br>
          </span></div></td>
      </tr>
      <tr>
        <td height="33">&nbsp;</td>
      </tr>
    </table>
    </div>
    </body>
    </html>

    <?php
        
    }
    } else  {
          
    // $submit not found
          // so display a login form
    ?>

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>STM - Admin Control Panel</title>
    <link rel="stylesheet" type="text/css" href="adminstyle.css">
    <style type="text/css">
    <!--
    .style1 {color: #FFFFFF}
    .style2 {color: #999999}
    -->
    </style>
    </head>

    <body>
    <div align="center">
    <table width="302" border="0" cellpadding="0" cellspacing="0">
      <!--DWLayoutTable-->
      <tr>
        <td width="302" height="63">&nbsp;</td>
        </tr>
      <tr>
        <td height="19" align="center" valign="middle" bgcolor="#424242"><img src="images/loginmenu_img.jpg" width="150" height="19"></td>
        </tr>
      <tr>
        <td height="151" align="left" valign="middle" bgcolor="#2C2C2C" class="nav_bar2">
            <form action="<?php echo $PHP_SELF ?>" method="post" class="style1">
              <span class="style2">Username:&nbsp;</span>          
              <input type="text" name="username" class="textform" size="20">
              <span class="style2"><br><br>
              Password:&nbsp;&nbsp;</span> 
              <input type="password" name="password" class="passform" size="25"><br><br>
              <input type="submit" name="submit" value="Log In" class="submitbutton">
            </form>
            <div align="right"><a href="#">Forget Your Info?</a>&nbsp;<br></div>
        </td>
      </tr>
      <tr>
        <td height="65">&nbsp;</td>
      </tr>
    </table>
    </div>
    </body>
    </html>


    <?php ?>

    So to sum up what I did to try to follow what you told me....

    I added $_SESSION['authentication'] = true inside the loop where the user was verified before I redirect to the main admin page.

    And then I also need to enclose my whole admin page that I redirect to (in this example adminpage.php) in the following if statement:
    PHP Code:
    $authentication $_SESSION['authentication']; 
    if(
    $authentication != true){ 

    to make sure the session still exists.

    Did I follow what you were trying to tell me?
    Thanks.
    Last edited by nick_a; 03-19-2004 at 04:40 AM.

  • #7
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    You've gotten the general concept. There are some details in your coding that could use some changes but i'm about to go to bed and i'll try and point them out tomorrow if nobody else beats me to it.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #8
    New Coder
    Join Date
    Nov 2002
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I dont think I did the redirect right.
    I doesnt like how I used the include().

  • #9
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Post your code as you have it now so we can take a look at it.

    Some things you might want to look at are:

    1. Unless you are using a version of PHP that is older than 4.1.0 then you should not be using $HTTP_POST_VARS. That is the old superglobal. The new one is $_POST.

    2. Instead of checking a variable as such

    if($submit)

    you should check it like such using the isset() function.

    if(isset($_POST['submit']))


    3. When checking to see if their login is correct why would you check the username using SQL and check the password using PHP? Just use SQL.

    Now all you need to do is check to see if a record was returned. If it was then obviously the login is valid.

    $result = mysql_query($query);
    if(mysql_num_rows($result) > 0){
    //login is valid now do redirect

    4. Another tip when you have a page like this that will submit to itself with a form that might need to be redisplayed then it is a good idea to put the code for just the form into a seperate file and then include it. That way you don't have to repeat the code over again. And if you ever need to make a change to that code you only need to do it once.

    So basically like this:

    PHP Code:

    if(isset($_POST['submit'])){

        
    //database connection code goes here

        
    $query "SELECT * from tablename WHERE username = '$username' AND password = '$password'";
        
    $result mysql_query($query);
        if(
    mysql_num_rows($result) > 0){ 
            
    //login is valid now do redirect
            
    header("Location: http://domain.com/members.php");
        }
        else{
             echo 
    "Your login is not correct";
             include(
    "loginform.php");
        }

    else{
        include(
    "loginform.php");

    That's a fairly common way of setting it up.
    Last edited by Spookster; 03-20-2004 at 11:29 PM.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #10
    New Coder
    Join Date
    Nov 2002
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quick question, is there a way to redirect after a correct login without having to click on a link. Such as just including the page?

    Thanks again for your time.
    Last edited by nick_a; 03-20-2004 at 09:40 PM.

  • #11
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Yes just use the redirect header in that code above. I know it had an anchor tag in it earlier but I didn't put that there this message board software saw the URL and tried to change it into a hyperlink.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •