Some PHP Help

[Jober68]

I'm designing a website and I really need some help with php. I have a login script however I can't make it log out like I want it to. I also want to be able to have a type of admin page, which would require a user to log in to see, where there would be a form that would ask for a title and content and then when they submit that it displays on the index page. If you think you could help me out with this please e-mail me at joemeyer@christian-debate.com. I will give all my credits to anyone who can successfully solve my problems.

 

[DeadBattery]

Are you using Sessions or Cookies?
To destroy a cookie, use this code:

<?php 
// set the expiration date to one hour ago.  you might need to change the time to however long you set it to.
setcookie("cookie_name", "", time()-3600);
?>

If you are using sessions, you can use this:

<?php
unset($_SESSION['session_name']);
?>

About the admin page, you might want to add a column `type` to your members table (assuming you are using MySQL). You could put 'u' in for a regular user and 'a' in for administrator.
When someone logs in, you could set a cookie with their username and their password (encrypted of course ) and check to see if that user has permission to view the AdminCP by their type.

 

[Jober68]

Ok the only problem... I have ended the session cookie however... I have all the login information on my main page... I have a members.php which says "Welcome (username). You are logged in" And my login script. However, once I've logged in I can't make it change on my main page back to the login script. I guess I just don't know how to make it re-check if the session cookie is still active? Not sure... which is why I need someone to take a look at it for me. My php is very basic knowledge and I just got into it last week so I'm kinda just in the trial by error stage which isn't really what I need right now since The people I'm doing this for want the website up ASAP.

 

[Salvatos]

To be honest I have never worked with cookies so I can only give you an overview, but your main page (or rather your members.php include) could look like this:

<?
if (logged in cookie is set) {
// echo the log out link
}
else {
// echo the login form
}
?>

This way, every time your page will load, it will check if the user is logged in or not and show the login or log out accordingly. All you have to do is change your IF clause to check your cookie and place your content (login/log out) in the proper clauses.

 

[freecrm]

OK, Logout needs some additional features (in addition to the cookie clear out above) to completely clear the session.

Very simply, just add the following code to a seperate page and amend the variables to suit your site.

// *** Logout the current user.

// specify the redirect after logout
$logoutGoTo = "../index.php";
// if there is no session, start session
if (!isset($_SESSION)) {
  session_start();
}
//Specify all session variables and null them out

  $_SESSION['Username'] = NULL;
  $_SESSION['WorkgroupID'] = NULL;
  $_SESSION['AccessLevel'] = NULL;
  $_SESSION['Usertimezone'] = NULL;
  $_SESSION['Usertimeformat'] = NULL;

//unset all session variables
  unset($_SESSION['Username']);
  unset($_SESSION['WorkgroupID']);
  unset($_SESSION['AccessLevel']);
  unset($_SESSION['Usertimezone']);
  unset($_SESSION['Usertimeformat']);

//use the redirect variable to forward to another specified page after logout.

if ($logoutGoTo != "") {header("Location: $logoutGoTo");
exit;
}

I use this on my site - check it out.

As for your other issue, I'm not sure if you want this "title" to alter depending on who is logged in. If this is what you want, simply add another field to the users record [TITLE, varchar (30)]

The admin entry form (which I'm assuming you can create) would then simply update that record with the new title.

To show it on your index page, there are two mthods I can think of.

1) set the [TITLE] from the database as a session variable like $_SESSION['var_page_title'] and then on each page you want to show it, simply use echo.

<?php echo $_SESSION['var_page_title'];?>

The other solution is a bit more complex and involves creating a recordset on each page that automatically loads from the DB.

You can then echo as before

<?php echo $row_RecordsetOfTitle['TITLE'];?>

...I prefer the session route and again, I use this method for users with time or timeformat preferences.

 

[VPmase]

I just want to say that this part is useless:

if ($logoutGoTo != "") {header("Location: $logoutGoTo");

considering you set the variable and never change it.

You should just change it to

header("Location: http://MYSITE.com/index.php");

 

[freecrm]

I just want to say that this part is useless:

if ($logoutGoTo != "") {header("Location: $logoutGoTo");

considering you set the variable and never change it.

You should just change it to

header("Location: [/quote'>http://MYSITE.com/index.php");

Good point!!!

This is what happens when you butcher part of a larger script!

 

[Jober68]

so would any of you masters like to have a look at my script and fix it for me? to be honest what you guys are putting in above doesn't look at all like it would work with my login script

 

[freecrm]

so would any of you masters like to have a look at my script and fix it for me? to be honest what you guys are putting in above doesn't look at all like it would work with my login script

Unless you have a very strange login/validation script, the above tools should work fine and they are pretty standard.

If you want any of us to have a go - try posting the login script and let us know all session variables you have running.

 

[Jober68]

the problem isn't with the login script it's my main page that I want to change depending on if someone is logged in or not but I shall post everything and maybe someone can edit my main page

This is what is on my index page that goes to my dynamic page that contains my login information:

  <div id="left">
<?php
require_once "./lmenu2.php";
?>

This is my lmenu2.php. This is what get's displayed on my main page and is where I think my error is. I want it so that if I am logged in it shows members.php and if I'm not logged in it shows the login.php however it only ever shows members.php.

<?php
	function checkLogin($levels)
	{
		if(!$_SESSION['logged_in'])
		{
			$access = FALSE;
		}
		else {
			$kt = split(' ', $levels);
			
			$query = mysql_query('SELECT Level_access FROM users WHERE ID = "'.mysql_real_escape_string($_SESSION['user_id']).'"');
			$row = mysql_fetch_assoc($query);
			
			$access = FALSE;
			
			while(list($key,$val)=each($kt))
			{
				if($val==$row['Level_access'])
				{//if the user level matches one of the allowed levels
					$access = TRUE;
				}
			}
		}
		if($access==FALSE)
		{
			include_once("login/members.php");

		}
		else {
			include_once("login/login.php");
		}
		if($access==TRUE)
		{
			include_once("login/login.php");			
		}
		
	}
checkLogin('1 2');
	?>

Here is my login code:

require_once('db.php');
include('functions.php');

	if(isset($_POST['Login']))
	{
		if($_POST['username']!='' && $_POST['password']!='')
		{
			//Use the input username and password and check against 'users' table
			$query = mysql_query('SELECT ID, Username, Active FROM users WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"');
			
			if(mysql_num_rows($query) == 1)
			{
				$row = mysql_fetch_assoc($query);
				if($row['Active'] == 1)
				{
					session_start();
					$_SESSION['user_id'] = $row['ID'];
					$_SESSION['logged_in'] = TRUE;
					header("Location: http://www.christian-debate.com/barbershop/index.php");
				}
				else {
					$error = 'Your membership was not activated. Please open the email that we sent and click on the activation link';
				}
			}
			else {		
				$error = 'Login failed !';		
			}
		}
		else {
			$error = 'Please user both your username and password to access your account';
		}
	}

And my members.php code: (btw can anyone write up the logout code for this using some type of submit form?

<?php 
session_start(); 
require_once('db.php'); 
include('functions.php'); 

$query = "SELECT * FROM users"; 
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());

echo "Welcome <b>" .$row['Username']."</b>. You are now logged in.";
?>
<form action="login/logout.php" >
	<input type="submit" value="Logout" action="$logout"/><br/>
</form>

 

[Jober68]

So does anyone have somethin for me?

 

[freecrm]

Just a quick thing really.

Your first few lines states;

If the logged_in session variable is not empty, then $access = FALSE.

Then, slightly lower down, as part of the same 'if' part, you state:

else if the logged_in session variable is empty, ..... $access = FALSE!!!

So either way, the $access variable is set to FALSE before the rest of teh script starts, which is why it always defaults to include members.php.

Does the top one want to be $access = TRUE ??

 

[VPmase]

I don't see a "session_start()" in the first two scripts. Maybe thats why.

 

[Jober68]

What I really want is to give someone ftp access and have them fix it for me if anyone is interested...

 

[dickey]

regarding your login code is that the complete listing? I think you should add $session_start() there because it is of the same level of hierarchy with your members.php

Do try it. Maybe it will work ask here again or pm me. I like a good challenge.