I am using this sessions logic if user is not admin so he don't have to get access admin page function is it good sessions logic? approach or should i use another one please guide me further.LOOK this index page i have some links have to access the other member then admin and all links for admin please tell me what links is in url component you are using
<?php
include "config.php";
session_start();
if( (!isset($_SESSION['username'])) && (!isset($_SESSION['type'])) ){
header('location:login.php');
}
if($_SESSION['type'] != 'Administrator')
{
header('location:index.php');
}
?>
index.php
<?php
include "config.php";
session_start();
if(!isset($_SESSION['username']))
{
header('location:login.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-3">
<div class="list-group">
Article
Categories
<?php
if($_SESSION['type']=='Administrator'){
?>
Media
tempelate
Setting
<?php
}else{
?>
Profile
<?php
}
?>
Logout
</div>
</div>
</body>
</html>
Since you want the user to not get access to the admin page, a slightly more robust check would be to probably first ascertain whether the current page is indeed admin.php. If yes, then type can be verified so as to know if it's indeed set to Administrator, before the access can be granted.
If it is not set or is set to something else, then the user may be taken back to index.php page.
<?php
include "config.php";
session_start();
$url_components = explode('/', $_SERVER['SCRIPT_NAME']);
$current_url = $url_components[count($url_components) - 1];
if(!isset($_SESSION['username'])){
header('location:login.php');
}
if(!($current_url == 'admin.php'
&& isset($_SESSION['type'])
&& $_SESSION['type'] == 'Administrator')){
header('location:index.php');
}
?>
Related
All the page scripts (i.e. .php files) in my application use the "include" statement to include a menu (menu.php) on the page as follows:
<div id="menublock" class="menu">
<ul class="clearfix">
<li>Home</li>
<li>About Us</l1>
<li>Membership</l1>
<li>Gallery</li>
<?php
if (isset($_SESSION['valid_user'])) {
echo '<li>Sign Out</li>';
} else {
echo '<li>Sign In</li>';
}
?>
</ul>
</div>
<!-- end of menublock -->
The session variable "valid_user" indicates whether the user is logged in or not, and the final option on the menu should reflect this by showing either "Sign In" or "Sign Out".
The login.php and logout.php scripts, after performing their functions, will call themselves and display a message indicating that the user is now
logged in or out. However, the menu shows the wrong option. For example, when you sign out the menu will still show the "Sign Out" option. If you then click on one of the other menu options the relevant page is shown with the correct "sign In" option.
Here is logout.php in response to Levi's request. Inserting it has made me realize what the problem is. The php code in menu.php is executed before the logout request is processed, so the valid_user session variable still indicates that the user is logged in. A similar thing no doubt happens in login.php. Silly mistake, I know!
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
include( 'assnid.html' );
?>
</head>
<body>
<?php
include( 'menu.php' );
include( 'functions.php');
$db = dbconnect();
$temp = logAction( $db, 'Sign Out' );
$db->close();
?>
<div id="bodytext">
<!-- Main content -->
<?php
// store to test if they *were* logged in
$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']);
unset($_SESSION['gen_pw']);
session_destroy();
?>
<html>
<body>
<!-- <h2>Sign out</h2> -->
<?php
if (!empty($old_user))
{
echo '<h2>You have been signed out.</h2><br />';
}
else
{
// if they weren't signed in but came to this page somehow
echo '<h2>You were not signed in, and so have not been signed out.</h2><br />';
}
?>
<?php
include 'footer.html';
?>
</div>
</body>
</html>
This is sending me crazy in trying to resolve it, as many websites have similar logic, and I don't understand why this should not work.
Is this something to do with compile opcodes being cached and then retrieved, or is it something else?
I'm doing a pop-up login in home page (home.php). It can log in at first but after I clicked on the logout button the whole page went blank says"localhost redirected you too many times" and now the home.php cannot be access unless removing the php code. Both login and logout are at the same page (home.php). Can anyone explain to me what's wrong? I'm still new to php.
Here's the code:
outside html
<?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header("location: home.php");
}
if (isset($_GET['logout'])) {
unset($_SESSION['username']);
header("location: home.php");
}
?>
<!DOCTYPE html>
inside body
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<!-- logged in user information -->
<?php if (isset($_SESSION['username'])) : ?>
<p>Welcome <strong><?php echo $_SESSION['username']; ?></strong></p>
<p> logout </p>
<?php endif ?>
this bug happens when the browser stuck in redirect loop. it's because of this code:
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header("location: home.php");
}
If user not logged in the user will redirect to home.php , then the page will run again and the browser because of not logged in must redirect again to same page.
You can use many solutions to solve this , But i think the best solution is use another php file for login actions.
Please try following code:
<?php
session_start();
if (empty($_SESSION['username']))
{
$_SESSION['msg'] = "You must log in first";
header("location: home.php");
}
if (isset($_GET['logout']))
{
unset($_SESSION);
session_destroy();
header("location: home.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<?php
if(!empty($_SESSION['username']))
{
//Print Some session values
}
else
{
//Login page code
}
?>
</body>
</html>
The issue maybe while destroying the session.
So I am trying to practice PHP and I am stuck with using headers. I am using xampp in doing this. I have a simple form wherein the user will log in in the "index.php" now when the log in is successful the header function will start and redirect the page to "includes/profile.php". Now here is the problem, after the header I am currently in "includes" folder so when I use other .php or .css files outside includes folder i need to do "../example/example.php". This mess up my paths because my CSS file is in "css/example.css" so i need to put "../". Is there any way to always make the "pointer" go back to the parent directory even after using header so that i dont need to use "../"?
index.php
<?php
session_start();
if(isset($_SESSION['username'])&& isset($_SESSION['password']))
{header("Location: includes/profile.php");exit;}
if (isset($_POST['submit'])) {
if($_POST['username']=="junji" && $_POST['password']=="secret"){
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['expiry']=time();
$username = $_SESSION['username'];
$password = $_SESSION['password'];
header("Location:includes/profile.php");
exit;
}
else{
$username = "";
$password = "";
session_destroy();
}
}
?>
//end of index.php
now inside the profile.php
<?php
session_start();
if(isset($_SESSION['username'])&& isset($_SESSION['password']))
{if(time()-$_SESSION['expiry']<5){?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php include_once('head.php');
?>
</head>
<body>
<div class="container">
<h1>Junji's Bio</h1>
<div class="row">
<div class="col-xs-8">
<h2>Content</h2>
<?php
include_once ('content.php');?>
</div>
<form method="POST">
<div class="col-xs-4 sidebar">
<div class="alert alert-success"> <?php print "You are currenly logged in as ";
print '<br><h3>';
print $_SESSION['username'];print "\t".'<input type="submit" class="btn btn-info" name="submit" value="Logout">'; ?></h3> </div>
</div></form>
</div>
</div>
</body>
</html>
<?php if(isset($_POST['submit'])){
session_destroy();
header("Location: ../index.php?msg=You have been successfully logged out!");
exit;
}
}else
{session_destroy();
header("Location:../index.php?msg2=Your session has expired! Please Log-in again.");
exit;
}
}
else
{session_destroy();
header("Location:../index.php");exit;
}
as you can see the includes are directly called and no "includes/example.php" is needed. which means inside my "head.php" i need to make two
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="../css/bootstrap.min.css"> just so i can get the css to work on both "index.php" and "includes/profile.php"
If you don't mind using an absolute path,
Try using "http://localhost/css/example.css"
The way I handle this is to set a level variable at the top of the page:
$level = ''; This would be top level
$level = '../' This would be for files in a top level folder
$level - '../../'; This would be for files in a sub directory... and so on
Then all you need to do is set the $level var in the path:
$level.'css/example.css -- works everytime
NOTE: If you are using .htaccess you need to call the full url to both .css and .js files
You could define a constant containing the absolute root, and include that in each path. If you save your root in a variable or constant, instead of write it directly in your files, it will be easier for you if your root changes in the future.
define("ROOT", "http://localhost/");
include ROOT . 'example/example.php';
Or maybe construct a function to call?
function path($string, $echo = TRUE) {
$root = "http://localhost/";
if($echo === TRUE) {
echo $root . $string;
} else {
return $root . $string;
}
}
path('index.php');
header("Location: " . path('test.php', false));
I need some links (related to user account) to appear on the index page for the user who logged in. i have a session variable'email'.
i did this but it didn't work.
<div id="left">
left div content
</div>
<div id=-"right">
<?php
if(isset($_SESSION['email']))
{
?>
//show user some links to his account.
<?php
}
else
{
?>
//show login and register forms
<?php
}
?>
</div>
<?php
session_start(); // add this line
if(isset($_SESSION['email']))
{
?>
Link to php manual.
your first statement within the
<?php
session_start();
//followed by rest of the code.
?>
should be
session_start();
Then the further code.
<?php
session_start();
if(isset($_SESSION['login']))
{
include_once('includes/header.php'); ?>
<!DOCTYPE html>
<html>
<body>
<div id="mainframe">
<img src="img/header.png">
<div id="menu">
<?php include_once('includes/navbar.php'); ?>
</div>
<div id="content">
<h3>Shopping Cart</h3>
</div>
</div>
<?php include_once('includes/footer.php'); ?>
</body>
</html>
<?php }
else
{
header('location: login.php');
}
?>
Here is my small PhP code I've got at the moment, my login session is $_SESSION['login'].
And I'd like to display : Logged in As on my page when they are logged in, I've tried several things but it didn't work out.
Does anyone know a simple method / solution for this?
Put this somewhere in your if statement.
It will show Logged in as User at right top corner of page
<div style="position:absolute; right:0px; top:0px;">
<?php echo "Logged In as". $_SESSION['login']; ?>
</div>
U need to pass username using SESSION variable for the same
write a simple sql query to get the username from any variable you are taking from user to make sure that the particular user is the correct user.i am taking password.
$query = "SELECT name FROM users WHERE password='$password'";
$username = mysql_result(mysql_query($query),0);
$_SESSION['username'] = $username;
than proceed as you are doing
<?php
session_start();
if(isset($_SESSION['login']) && isset($_SESSION['username']))
{
echo "logged in as".$_SESSION['username'];
}