I have an index.php page, which behaves as follows :
if a session var exists and is set, it displays a menu + some info
about the user (userID, IP adress, link to disconnect)
if the session var is not set, it displays a login form
So if you go there for the first time, you'll see the login form.
When the user provides his login+password, there is an AJAX call to login_check.php. The main purpose of this page is to generate a session variable (if the user info meets several requirements), but it also sends error messages back to the bottom of the form (under the form of JSON var) in case of authentification failure.
Here is its core :
login_check.php
if (authentification($login, $password)) {
//creates the session variable
$_SESSION['auth'] = $login;
//? here I'd like to refresh the index page
}
else {
//the error that will be displayed at the bottom of the form
$json_err .= "Incorrect login or password";
}
index.php looks like this :
if (isset($_SESSION['auth'])) {
//the menu is displayed, because the user is looged-in
}
else {
//the login form is displayed, because the user is not authentificated
}
So far, I have to manually refresh the index page so that it takes the session var into account. Is there a way to do it automatically ?
Solutions like "location.reload" are not really suitable, because of the error messages that might be displayed. I also tried to call again index.php from login_check.php using "include" or "header" but it didn't work.
Should I make a conditional refresh within my jQuery function, depending on what data was sent back by login_check.php ?
What would you advice ?
Thanks
I think you need to eun your checklogged.php for example once every 5 min and if user if not logged redirect to login page.
<script type="text/javascript">
$(function() {
getStatus();
});
function getStatus() {
$status = $('#islogged').load('login_check.php');
setTimeout("getStatus()",50000);
}
</script>
Related
I'm using php
I have a process form for a comment page that when you click on submit, you will be redirected to the main page of the website
when I redirected to index.php from my processform.php, I want to see an alert in my index that "Your comment was saved!" (It needs that my index page understand that I'm coming from processform.php)
How can I do this?
you should use something like sessions.
set session on submit form. and on index.php check if session has set with the special key. then show the alert that you want.
on form submit and success :
// Start the session
session_start();
// Set session variables
$_SESSION["processform"] = "Your comment was saved!";
on index.php
if(isset($_SESSION["processform"]){
// do alert
}
I am trying this page structure to a part of my website but I cannot figure out how.
This is with a logged in user:
On page 1, user clicks button to get themselves to page 2
On page 2, user does OPERATION to get themselves to page 3
Now, I it will become:
On page 1, user clicks button to get themselves to page 3
(as in, the same button that originally got them to page 2 before, but since the user did OPERATION, the button that normally leads them to 2, leads them to 3 permanantly)
Specifically what I need help with is getting page 1 to redirct to page 3 instead of 2 after OPERATION happens. How do I go about this? Probably something using databases I assume?
Here you need to keep track of user's status in $_SESSION superglobal. Let me explain how.
When the user does an operation, records its status in session, like this:
$_SESSION['operation'] = true;
page1.php
if($_SESSION['operation']){
// user has already completed the operation
// redirect the user to page3.php
header("Location: page3.php");
exit();
}else{
// user didn't complete the operation
// redirect the user to page2.php
header("Location: page2.php");
exit();
}
page2.php
// when the user completes the operation, redirect the user to page3.php, like this
header("Location: page3.php");
exit();
Set a session variable to store whether the operation has been
performed.
The link to the button should be set dynamically based on session
variable
In your operation() do the following :
opertation()
{
//some stuff here
$_SESSION['op_done']=true;
}
In the button link
<a href="<?php
if(isset($_SESSION['op_done']) && $_SESSION['op_done'])
{
echo "link_to_page3";
}
else
{
echo "link_to_page2";
}
?>"> Button_Name
</a>
In short, make a dynamic button link which will adjust with your session variable.
i want a hard coded Login Page (login.html), with no database.
If a person writes correct username and password, it redirects to (page2.html).
Now my problem is that if a person write the URL directly for page2.html , he will be able to access it, without any login.
Ideal Case => www.example.com/login.html => if Correct => www.example.com/page2.html
Problem Case => www.example.com/page2.html => page2.html , NO LogIN :(
You can control all this with a php session like this
//set the session on the login page
$_SESSION['loggedIn'] = true;
//on the second page you check if that session is true, else redirect to the login page
if($_SESSION['loggedIn'])
//allow
else
//redirect to the login page
header('Location: /login.html');
A session is a way to store information (in variables) to be used across multiple pages. By default, session variables last until the user closes the browser.
To make things simple, you can change your pages into php (e.g login.php).
Line 1: In your login.php page, you will first check if the username and password are correct, if they are, set the $_SESSION['loggedIn'] = true
Line 2: In your second page (page2.php), you will first check that the user did login by checking if the session have a value if($_SESSION['loggedIn']) {//allow processing}
Line 3: If that session variable is empty, then this means the user did not login, redirect him to the login page else { header('Location:/login.php');}
To start off: I have no idea how you would like to compare the password and username with something and check whether it's correct or not, but for now I would do something like this (again, this is without database).
You have 2 options: Either use a session as stated above, or the bit easier way: Just use theisset() function.
<form action="page2.php" method="POST">
<input type="text" name="userName" required>
<input type="password" name="password" required>
<button type="submit" name="submit">Send!</button>
</form>
page2.php will contain the next code:
if(!isset($_POST['submit']) {
//direct back to a certain page, could look like this:
header('Location: xxx.php');
exit();
//exit() prevents the code from running, it litterly EXITS the code as soon as it hits that line.
} else {
//direct to page2.php
}
Let's break it down: Why did I use the extension .php? Because you cannot do this purely with HTML.
Why did I use (!isset()) instead of isset()? Because a good practice is to think in security first, you don't access an important area and THEN check whether someone has lethal weapons or not. You check first and then you allow him either in or denie access. This is a quite simple and common way to prevent someone from accessing your page with the URL, however a SESSION is better and a bit more experienced practice.
This problem cannot be solved with a pure HTML solution. Your question is tagged as php so I'll base my answer on that:
Post your form to a php script (such as login.php)
Script checks the login details and sets a cookie
page2.html must be php instead, and checks for the cookie before displaying the HTML
Another option is using HTTP authentication, see this article for a tutorial.
You could block that page's access from external locations in your server securtiy settings,
then send the html of that page to the browser on successful login with fil_get_contents('page2.htm') in php. the php is run on the server so the file request won't be from an external source. you could overwrite html on the page using javascript or you could echo the contents on an if in php that will show the normal page on else
eg
if(isset($_GET['Login'])
{
//check login details
//if(....) //put your login check logic here
{
echo file_get_contents('page2.html');
}
else
{
//normal page's code goes here
}
}
Note:how to set the file to disallow external access is outside the scope of my answer
I had the same problem and found this and it works perfectly: (in javascript)
Just put it at the top of the document.
var x = document.referrer;
if (x == "page2.html") {
console.log(x);
} else {
window.location.href = "login.html";
};
change the default path for your website by using complete path to login.php. Next time when any of the user will type your url, they will be redirected to the given path which is yourpath>login.php
Hope it will help.
If you are using Asp.net, perhaps you can use TempData. They stay with the session between pages.
if (/*username and password are correct*/){
TempData["LoggedIn"] = "True";
} else {
TempData["LoggedIn"] = "False";
}
Then, when your controller tries to load page2 you just check the value of TempData.
var validate = TempData.Peek("LoggedIn");
if (validate == null || validate.ToString() == "False"){
return RedirectToAction("login");
} else {
/*allow access to page*/
}
Using .Peek keeps the TempData, as it would normally be marked for deletion if it was accessed. You also want to check it for null as it may have never been assigned if the user does not first go through the login page.
You can prevent that by checking if the user is already logged in
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: login.php'); //here you put your login page
exit;
}
I've came across a problem with using a 'hashbang' to keep track of which page has been loaded via AJAX.
When a link is clicked which loads content through an AJAX request into the content div, the hash of the URL changes to the page name. For example, if the user comes directly to pageA (http://www.domain.com/pageA) and then clicks a link for pageB, the URL will change to http://www.domain.com/pageA#/pageB
I'm using CodeIgniter for my application, and the code which handles the hash changing is in my header view, and it does the following:
<script type="text/javascript">
window.redirect = function() {
if(window.location.hash.substring(0, 2) == "#!") {
if(window.location.hash.substring(2).length > 2) {
window.location = window.location.hash.substring(2);
} else {
return false;
}
}
return false;
}
window.redirect();
</script>
<script type="text/javascript">
$(function() {
$(window).hashchange(function() {
if(ajax_loading == true) {
return false;
} else {
loadPage(window.location.hash.substring(2), 'internal', '');
}
});
});
</script>
There are two steps to this. The first one checks if there is a hashbang when coming directly to a page by refreshing, or entering the URL for example. If there is a hashbang, redirect to the page stored in the hash.
The second step checks for a change to the hash, which catches the likes of the user pressing the back button, for example.
My issue is with the first block - when a user refreshes or directly enters a URL with a hashbang.
If the user enters http://www.domain.com/pageA#/pageB, any server side code on pageA will run before the window is then redirected pageB
This is causing problems in cases such as:
User directly goes to pageA - pageA sets a session variable to 'abc'
User clicks on link to pageB - pageB then sets that session variable to 'xyz' - the URL is currently http://www.domain.com/pageA#/pageB
User clicks on link to pageC - the session variable is still set to 'xyz' and pageC doesn't change this - the URL is currently http://www.domain.com/pageA#/pageC
User now hits refresh. pageA is executed first, before redirecting to pageC - but because pageA was executed first, the session variable has now been set back to 'abc' when it should be 'xyz'.
Due to loading the views at the last point of the code within a CodeIgniter controller - I can't do the window redirect at any point other than when the code of the page before the hashbang has executed.
Does any have any ideas of how I can prevent this from happening?
Just don't send user to http://www.domain.com/pageA#/pageC.
You should have a unique page, that does not set any session variable, and load other pages via AJAX. Then users never goes directly to pageA but through http://www.domain.com/index#/pageA.
User goes to /index#/pageA - pageA sets a session variable to 'abc'
User clicks on link to pageB - pageB then sets that session variable to 'xyz' - the URL is currently http://www.domain.com/index#/pageB
User clicks on link to pageC - the session variable is still set to 'xyz' and pageC doesn't change this - the URL is currently http://www.domain.com/index#/pageC
User now hits refresh. index is executed first, before redirecting to pageC - but because index does not set anything, the session variable is now still 'xyz'.
As I suppose you provides yourself the links to the user, there should be no problem setting it up.
I have a strange problem that does not set the user as logged in to the SESSION until a second click (although they are logged in)
So, I have a login dropdown that looks like this:
I send the user to the ACCOUNT-SELECTOR. PHP to determine the approprirate validation based on a business or individual account:
if (isset($_POST['loginAccountType']) && $_POST['loginAccountType'] == 'individual') {
include('ind_login.php');;
} elseif (isset($_POST['loginAccountType']) && $_POST['loginAccountType'] == 'business') {
include('bus_login.php');
} else {
include('error_login.php');
}
I have session_start(); on my account-selector.php page as well as my ind_login.php page. And, both are located at the very top of the page (before anything else).
Once I log in, this is my view:
As you can see, I am able to set and return the $_SESSION['Ind_ID'] on the ind_login.php page and VIEW YOUR PROFILE works (which is linked to the SESSION ID).
However, we still see a LOG IN button on the navigation when the code says this button should be set to display:none:
if(isset($_SESSION['Ind_ID'])) {
$accIndStyle = "visibility: visible;";
} else {
$accIndStyle = "display:none;";
}
I know this is the correct code as the button does become display: none for other buttons. However, if I log in a second time, or go to a different page with the session(start), the site will read the $_SESSION['Ind_ID'] as set and hide the Login button and replace it with a logout button.
Any help very much appreciated.
Put your session_start() on the top of your index.php file (That file which includes the others.)
seem like your page needs to be refreshed, or just throw an ajax call in there to update the button value according to session.