Coding Forum

**Mankiy** · 04-08-2003, 08:36 PM

I need some help trying to get a members area set up, I dont know how i can make sure that ppl can't see the members pg if they aren't logged in or anything like that........

And I also Need help with getting the username and password to pass onto the next pg (*from login script to the members area pg)

PLZ help, i want to get this done :P

Heres the code for each pg....

Login.php

PHP Code:


			


<html>

<head>

<title>Login</title>

</head>



<body bgcolor="#FFFFFF" text="#000000">

<p><font face="Arial, Helvetica, sans-serif" size="5"><b>Login</b></font></p>



<form name="login" method="post" action="<?=$PHP_SELF?>"> 

Username: <input type="text" name="username" size="15" maxlength="15">

<br>

Password: <input type="password" name="password" size="15" maxlength="15">

<br><br>

<input type="submit" name="Login" value="Login">

<input type="reset" name="Clear" value="Clear">

</form>



<?php 

// Connect to the database server 

include("config.php");



// Request the info of all the info

$result = @mysql_query("SELECT username,password FROM members"); 



if (!$result) { 



echo("<p>Error getting information: " . mysql_error() . "</p>"); 



} else {



while ( $row = mysql_fetch_array($result)) {



$dbusername = $row[username]; 

$dbpassword = $row[password];



if (($HTTP_POST_VARS[username] == $dbusername) && ($HTTP_POST_VARS[password] == $dbpassword)){

?>



        <SCRIPT language="JavaScript1.1">

        <!--

            location.replace("http://members.lycos.co.uk/clanx/ex.php");

        //-->

        </SCRIPT>



<?php

} // endif



} // endwhile



} // endif



?>



</body>

</html>

ex.php (members pg)

PHP Code:


			


<?php



   session_start();



   session_register("username");

   $username="$sername";

   session_register("password");

   $password="$password";



   require("config.php");



?>



<html> 

<head>

<title> Your msg's </title> 

</head> 

<body bgcolor="#000000" text="#C0C0C0"> 



<p><font color="#BB0000"> Messages: </font></p>

<blockquote> 

<?php 



 // Request the info of all the msg's

 $result = @mysql_query("SELECT * FROM msg WHERE reciever='$username' ORDER BY id ASC LIMIT 0,  30"); 

 if (!$result) { 

   echo("<p>Error getting information:<br> " . mysql_error() . "</p>"); 

   exit(); 

 } 



   // If a game has been deleted, 

   // remove it from the database. 

   if (isset($deletemsg)) { 

     $sql = "DELETE FROM msg 

             WHERE ID=$deletemsg"; 

     if (@mysql_query($sql)) { 

       echo("<font color=#0000B0 size=2>The message has been deleted.</font>"); 

     } else { 

       echo("<font color=#0000C0 size=2>Error deleting message: " . 

            mysql_error() . "</font>"); 

     } 

   } 

?>



<?php

 // Display the text of each msg 

   while ( $row = mysql_fetch_array($result) ) { 

     $ID = $row["ID"]; 

     $message = $row["message"]; 

     $sender = $row["sender"];

     $subject = $row["subject"];

     $reciever = $row["reciever"];

     echo("<table width=\"600\"><tr bgcolor=\"#000080\"><td><font size=\"1\"> <b>From:</b> $sender &nbsp; &nbsp; &nbsp; <b>To:</b> $reciever </font></td>" .  

     "<tr bgcolor=\"#0000C0\"><td><font size=\"1\"> <b>Subject:</b> $subject </font></td></tr>" .

     "<tr><td><font size=\"1\"> $message <br><br><a href='$PHP_SELF?deletemsg=$ID'>" . 

     "Delete</a></font></td></tr></table>" ); 

   } 

?> 

</blockquote> 

</body> 

</html>

TY for any help, a REALLY appreciate it

P.S. I use a javascript redirect sicne the header of PHP never seems to work for me....

**david** · 04-09-2003, 07:24 AM

I haven't got time to find the code for this right now (sorry!) but basically the easiest way is to create a PHP file:

Start Session
Query database to find rows with matching username and password
If result is 0 rows, display login box and then exit

Then include that script at the top of all pages you want to password protect. It should give an error (and login box) to any incorrect user.

**Mankiy** · 04-09-2003, 04:57 PM

ok, so i make a new PHP check file (IE: check.php)
I put the session data in it [IE: session_register("password") ]

I put to see if their username is the same as in the database (IE use some of the code fromt he login script, put instead of HHT_POST_VARS i use $username variable to do it...)

would that be all I would have to do???

**david** · 05:15 PM

Sounds about right. Here's the code I'm using:

PHP Code:


			
<?php // accesscontrol.php



include("dbconnect.inc.php");



session_start();



if(!isset($uid)) {



    // Do this if user name has not been set (not logged in)

    $output=" <h1> Login Required </h1>  <p>You must log in to access this area of the site. If you are     not a registered user, <a href=\"signup.htm\">click here</a>     to sign up for instant access!</p>  <p><form method=\"post\" action=\"".$PHP_SELF."\">    Username: <input type=\"text\" name=\"uid\" size=\"8\"><br>    Password: <input type=\"password\" name=\"pwd\" SIZE=\"8\"><br>    <input type=\"submit\" value=\"Log in\">  </form></p>";

    $pagetitle="Please Log In For Access";

    include("../templatemachine.php");

                  // Stop processing PHP Here

      exit;

}



session_register("uid");

session_register("pwd");



// Encrypt password to check against database

$realpass=md5($pwd);



// Get all rows with this username and the encrypted password

$checkusr="SELECT * FROM psys_companies WHERE un='".$uid."' AND pw='".$realpass."'";

$checkres=mysql_query($checkusr);

$checknum=mysql_numrows($checkres);



if ($checknum == 0) {

                // Invalid details. Get rid of data user entered

    session_unregister("uid"); 

    session_unregister("pwd"); 

       

     // Tell them it didn't work

    $output="<h1> Access Denied </h1>  <p>Your username or password is incorrect, or you are not a     registered user on this site. To try logging in again, click  <a href=\"".$PHP_SELF."\">here</a>. To register for instant     access, click <a href=\"signup.htm\">here</a>.</p>";



    $pagetitle="Access Denied";

    include("../templatemachine.php");

      // Stop processing PHP from here

     exit;

}



mysql_close();

?>

The include of templatemachine.php is basically to output into my template ($pagetitle sets the title for the page), it could be replaced with a simple echo statement.

This is included at the top of each page.