I'm working on page authentication. It can login already, but I want it to make user authentication on other pages a swell if someone tries to access pages through URL. If the person is not a logged in user, redirect that person to the login page. I tried it by working with sessions but it doesn't work. I'm following MVC structure
Here is how I did it
My loginController
<?php
//LoginController
if($_POST)
{
if(isset($_POST['submit']) AND $_POST['submit'] == "login")
{
$username = $_POST['username'];
$password = $_POST['password'];
try
{
include '../model/Login.php';
$login = new Login($db, $username, $password);
if($login == TRUE)
{
session_start();
$_SESSION['username'] = $username;
header("Location:../index.php");
}
}
catch (Exception $exc)
{
echo $exc->getMessage();
}
}
}
My index controller( for main page)
<?php
include 'model/Database.php';
session_start();
//Checks if the user is logged in.
if(!isset($_SESSION['username'])) {
//echo"<h2>You have no access to this page!";
include 'view/login.php';
die();
}
include 'c:/wamp/www/mvc/model/Display.php';
$displayPatients = new Display($db);
$dataDisplay = $displayPatients->getData();
include 'view/Main.php';
?>
Related
I register my user, but when I log in after registration I'm told to log in again. Please help.
Here's my code:
<?php
// include function files for this application
require_once('bookmark_fns.php');
session_start();
//create short variable names
if (!isset($_POST['username'])) {
//if not isset -> set with dummy value
$_POST['username'] = " ";
}
$username = $_POST['username'];
if (!isset($_POST['passwd'])) {
//if not isset -> set with dummy value
$_POST['passwd'] = " ";
}
$passwd = $_POST['passwd'];
if ($username && $passwd) {
// they have just tried logging in
try {
login($username, $passwd);
// if they are in the database register the user id
$_SESSION['valid_user'] = $username;
}
catch(Exception $e) {
// unsuccessful login
do_html_header('Problem:');
echo 'You could not be logged in.<br>
You must be logged in to view this page.';
do_html_url('login.php', 'Login');
do_html_footer();
exit;
}
}
do_html_header('Home');
check_valid_user();
// get the bookmarks this user has saved
if ($url_array = get_user_urls($_SESSION['valid_user'])) {
display_user_urls($url_array);
}
// give menu of options
display_user_menu();
do_html_footer();
?>
I tried using this member.php code but it doesn't work the way I want it to. Please help me get the book example to work properly and log me in right after registration
I am having problems with my code. This is a login/register script I've made by following a tutorial.
The problem I have is that I want the script to echo "logged in" ONLY when the user has entered correct login details, and yet it still echoes "logged in" even if I don't enter any login details. I checked it and if I delete the "session_start()" function, it doesn't do the same thing, but it still doesn't give me access to the session when I want to login.
This is the init.php file, used to initiate the connection with the database and define some other functions:
<?php
session_start();
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$errors = array();
?>
This is the connect.php file, used to connect to the database :
<?php
$connect_error = 'Sorry, we are experiencing connection issues. This will be solved as soon as possible.';
$con=mysqli_connect("localhost","root","","lr") or die ($connect_error);
mysqli_select_db($con,'lr') or die($connect_error);
mysqli_close($con);
?>
The general.php file is not important for this question.
This is the users.php file, where I keep some other functions.
function user_id_from_username ($username){
$username = sanitise($username);
$mysqli = new mysqli("localhost", "root", "", "lr");
$query = "SELECT * FROM users";
$result = $mysqli->query($query);
while($row=$result->fetch_row()){
if ($row[1]==$username){ //username == $username
return $row[0];//user_id;
}
}
}
function login ($username, $password){
$user_id= user_id_from_username($username);
$mysqli = new mysqli("localhost", "root", "", "lr");
$username = sanitise($username);
$password =md5 ($password);
$query = "SELECT * FROM users";
$result = $mysqli -> query($query);
while ($row =$result -> fetch_row()){
if($row[1]==$username && $row[2]==$password){
return TRUE;
}else {
return FALSE;
}
}
}
This is the file that calls the login function, presented above:
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) ===TRUE || empty ($password) === TRUE) {
$errors[]='You need to enter a username and password!';
} else if (user_exists($username) ===FALSE) {
$errors[]="We can't find that username, have you registered?";
} else if (user_active($username)===FALSE){
$errors[]="You have not activated your account!";
} else{
$login = login($username, $password);
session_start();
if ($login ==false) {
$errors[] ='That username/password combination is incorrect!';
}else if ($login==true) {
//set the user session
$_SESSION['username'] = $login;
//redirect user to homepage
header('Location: index.php');
exit();
}
}
if ($errors){
print_r($errors);
}
}
?>
And now the index.php file, in which I have the if statement that echoes 'logged in' even if I am not logged in :
<?php
if (empty($_SESSION['username'])) {
echo 'not logged_in';
}else {
echo 'logged in';
}
?>
Now I think the problem is located somewhere either in the users.php, login.php or in the index.php file. I presented all of the files so you could get an idea of what I am trying to achieve. This code is spread over so many files because I have functions and interfaces that I have included and I want to be able to reuse the code, so I am using includes.
For you to get a better idea, if my files did not help you enough, I will leave the Youtube link of the tutorial I am following :
https://www.youtube.com/watch?v=JUk2e8oqOvI&list=PLE134D877783367C7&index=7#t=6.296979
Thank you,
Waiting for your answer,
Best regards,
If you don't use $_GET requests to include the pages, you need to put session_start() on top of each file where you are using the $_SESSION variable otherwise you can't use the sessions.
<?php
session_start();
// Rest of your script
I hope this will help you.
I'm using adLDAP to logon to an intranet-site I'm building. I've just startet with LDAP integration, and I am relatively fresh in this game.
I've managed to authenticate and log on using the adLDAP library, but I want to display the users full name when they have logged in.
Heres the login-script I'm using. Basically the same as the adLDAP example.
<?php
//log them out
$logout = $_GET['logout'];
if ($logout == "yes") { //destroy the session
session_start();
$_SESSION = array();
session_destroy();
}
//you should look into using PECL filter or some form of filtering here for POST variables
$username = strtoupper($_POST["username"]); //remove case sensitivity on the username
$password = $_POST["password"];
$formage = $_POST["formage"];
if ($_POST["loginform"]) { //prevent null bind
if ($username != NULL && $password != NULL){
//include the class and create a connection
include (dirname(__FILE__) . "/src/adLDAP.php");
try {
$adldap = new adLDAP();
}
catch (adLDAPException $e) {
echo $e;
exit();
}
//authenticate the user
if ($adldap->authenticate($username, $password)){
//establish your session and redirect
session_start();
$_SESSION["username"] = $username;
$_SESSION["loggedin"] = true;
$redir = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php";
header($redir);
exit;
}
}
$failed = 1;
}
?>
On the logged-in page I have this code:
<?php
session_start();
?>
<?php
$redir = "Location: /Kart";
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
include ("main.php");
} else {
header($redir);
}
?>
And in main.php I try to include something like
<strong>Welcome </strong><?php printf("<b><i>$firstname $lastname</i></b>"); ?> - click here to log out!
How can I display the logged in users full name here?
Thanks!
The property you are looking for in adldap is displayName.
Check the documentation: http://adldap.sourceforge.net/wiki/doku.php?id=documentation_user_functions#infocollection_username_fields_null
so i have done this script below to check if logged in user is not admin and redirect non-admin to 404 page, but keep admin in the same page and show him his stuff
<?php
session_start();
$username = $_SESSION['username'];
$loggedin = $_SESSION['loggedin'];
if ($username != "administrator") {
header("location: 404.php");
exit;
} else {
include 'include/usermenu.php';
}
?>
but my admin is also redirected to 404(he shouldn't be), so could anybody tell me what have i done wrong? and by the way im having just one admin, so thats why its username
To test, change your code as follows:
<?php
session_start();
$username = $_SESSION['username'];
$loggedin = $_SESSION['loggedin'];
if ($username != "administrator") {
##header("location: 404.php"); exit;
print "normally I would redirect you because username is $username ";
} else {
include 'include/usermenu.php';
}
?>
See if username is coming up as a blank or some alternate spelling?
hi I have a login system for my admin section that i have a problem with, the problem is that the first time the user attempts to login, the $_SESSION isn't passed to the target page,
on the second attempt it works fine, this is what is called on the login page
$membership = new Membership();
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
$response = $membership->validate_User($_POST['username'], $_POST['pwd']);
}
in the class memebership
function validate_user($un, $pwd) {
$ensure_credentials = $this->verify_Username_and_Pass($un, $pwd);
if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
$_SESSION['id'] = $ensure_credentials;
header("location: ambassadorUpdate.php");
die;
} else return "Please enter a correct username and password";
}
i've checked the code when i don't then send to ambassadorUpdate and the SESSION is set however if i use the header to redirect to page then the first time the SESSION is not
there is a session_start on both pages,
the code runs fine when all the pages where in the same folder, however i am getting this problem when i have organised them in a separate admin folder however all of the files are included correctly,
any ideas greatly appreciated many thanks
Try to modify:
$membership = new Membership();
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
$response = $membership->validate_User($_POST['username'], $_POST['pwd']);
}
if ($response == true){
header("location: ambassadorUpdate.php");
} else echo "Please enter a correct username and password";
in the class memebership
function validate_user($un, $pwd) {
$ensure_credentials = $this->verify_Username_and_Pass($un, $pwd);
if($ensure_credentials) {
echo 'workied';
$_SESSION['status'] = 'authorized';
$_SESSION['id'] = $ensure_credentials;
echo $_SESSION['status'] . $_SESSION['id'];
return = true;
} else return false;
}
I can't create an comment, so i write an answer.
Have you check session_start() in ambassadorUpdate.php. Does your browser accept cookies?
If not, it is usefull to use "location: ambassadorUpdate.php".?SID or you can use session_name()=session_id() instead of SID
Hope this helps.