|
|
| Dynamo 2004-11-20, 3:55 pm |
| Yep its me again,
I have succesfully created a login page for my site. I have used the PHP_SELF
so that once the user has succesfully logged on the page reloads. Everything
works fine the first time somebody tries to log in but when they revisit, the
log on page is bypassed and it goes straight to the information page. I have a
sneaky suspicion that this is due to the fact that the page is then in their
history of recently visited sites. How can I use PHP to refresh the page
automatically everytime it is requested?
Regards
Dynamo
| |
| Geoff Berrow 2004-11-20, 3:55 pm |
| I noticed that Message-ID: <cnnlkp023ph@drn.newsguy.com> from Dynamo
contained the following:
>I have succesfully created a login page for my site. I have used the PHP_SELF
>so that once the user has succesfully logged on the page reloads. Everything
>works fine the first time somebody tries to log in but when they revisit, the
>log on page is bypassed and it goes straight to the information page. I have a
>sneaky suspicion that this is due to the fact that the page is then in their
>history of recently visited sites. How can I use PHP to refresh the page
>automatically everytime it is requested?
How are you doing the log in?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
| |
| Dynamo 2004-11-21, 3:57 am |
| In article <9n1vp095c03ttov5nmn1or3n5lqp0og9qg@4ax.com>, Geoff Berrow says...
>
>
>How are you doing the log in?
Cutting out the irelevant coding it went along the lines of:
<?php
if (!isset($_POST['submit'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p align="center">
Username <input name="user" type="text" size="20"></br>
Password <input name="pass" type="password" size="20"></br>
<input type="submit" name="submit" value="Continue">
</form>
<?php
}
else {
$userpass = $_POST['user'] . $_POST['pass']
if ($userpass != "testtest") {
// write error message
}
else {
// load the page
}
}
?>
| |
| Geoff Berrow 2004-11-21, 8:55 am |
| I noticed that Message-ID: <cnpdq2014eh@drn.newsguy.com> from Dynamo
contained the following:
>Cutting out the irelevant coding
The 'load the page' bit is very relevant. There is nothing in your code
to stop someone going to the page by simply typing the URL.
Consider using sessions
For the login page
<?php
session_start();
if (!isset($_POST['submit'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p align="center">
Username <input name="user" type="text" size="20"></br>
Password <input name="pass" type="password" size="20"></br>
<input type="submit" name="submit" value="Continue">
</form>
<?php
}
else {
$userpass = $_POST['user'] . $_POST['pass']
if ($userpass != "testtest") {
// write error message
}
else {
$_SESSION['logged_in']="Userpass_OK";
header("Location: http://mypage.com/myindexpage.php");
//replace with whatever start page you have
}
}
?>
Then at the absolute begining of every page you wish to protect use an
include to put the following:
<?php
session_start();
if($_SESSION['logged_in']!="Userpass_OK"){
header("Location: URL of login page");
exit;
}
?>
Untested code.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
| |
| Dynamo 2004-11-22, 8:56 am |
| In article <sdp0q0dou4g8bfu405vms4n24cruuufvln@4ax.com>, Geoff Berrow says...
>
>I noticed that Message-ID: <cnpdq2014eh@drn.newsguy.com> from Dynamo
>contained the following:
>
>The 'load the page' bit is very relevant. There is nothing in your code
>to stop someone going to the page by simply typing the URL.
Perhaps my phrasiology of 'load the page' was not exactly true. A better trimmed
down example of what I was trying to do would be:
if ($userpass != "testtest") {
// write error message
echo "Login Error";
}
else {
// write welcome page
echo "Sucessfully logged in. Welcome to my site";
}
}
I was trying to be clever (perhaps too clever for a newbie) and use the same url
(customer.php) for both the login part and the welcome page. As stated in my
original message, everything works fine the first time. But when the site is
revisited the login part is bypassed and it goes straight to the welcome part.
However, having said that, perhaps using sessions with 2 seperate urls is a
better idea. I'll give it a try.
Regards
Dynamo
| |
| Geoff Berrow 2004-11-22, 8:56 am |
| I noticed that Message-ID: <cns9ta0c7o@drn.newsguy.com> from Dynamo
contained the following:
>However, having said that, perhaps using sessions with 2 seperate urls is a
>better idea. I'll give it a try.
You can still use sessions with your method. :-)
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
| |
| Dynamo 2004-11-23, 8:56 am |
|
----- Original Message -----
From: "Geoff Berrow" <blthecat@ckdog.co.uk>
Newsgroups: comp.lang.php
Sent: Sunday, November 21, 2004 12:11 PM
Subject: Re: Page reload
> I noticed that Message-ID: <cnpdq2014eh@drn.newsguy.com> from Dynamo
> contained the following:
>
> Consider using sessions
> Untested code.
OK so I tried it and failed miserably. This was my coding:
<html>
<head></head>
<body>
<?php
session_start();
if (!isset($_POST['login'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<font face="Arial" size="2"><b>
Username</b></font> <input type="text" name="user" size="20">
<font face="Arial" size="2"><b>Password</b></font> <input type="password"
name="pass" size="20">
<p align="center">
<input type="submit" name="login" value="Login">
</p>
</form>
<?php
}
else {
$userpass = $_POST['user'] . $_POST['pass'];
if ($userpass == "testtest"){
$_SESSION['logged_in'] = "Userpass_OK";
header("Location: http://www.mywebsite/index.htm");
}
else {
echo "Login Error";
}
}
?>
</body>
</html>
and these were the error messages I got back
Warning: session_start(): Cannot send session cookie - headers already sent
by (output started at
\\nas16ent\domains\p\mywebsite\user\htdo
cs\login4.php:4) in
\\nas16ent\domains\p\mywebsite\user\htdo
cs\login4.php on line 5
Warning: session_start(): Cannot send session cache limiter - headers
already sent (output started at
\\nas16ent\domains\p\mywebsite\user\htdo
cs\login4.php:4) in
\\nas16ent\domains\p\mywebsite\user\htdo
cs\login4.php on line 5
Any suggestions?
| |
| Pedro Graca 2004-11-23, 3:56 pm |
| Dynamo wrote:
> OK so I tried it and failed miserably. This was my coding:
>
> <html>
> <head></head>
> <body>
> <?php
> session_start();
> if (!isset($_POST['login'])) {
> ?>
<snip>
> and these were the error messages I got back
>
> Warning: session_start(): Cannot send session cookie - headers already sent
> by (output started at
<snip>
> Any suggestions?
session_start() must be called before any output to the browser.
You are calling it after outputting "<html><head</hrad><body>".
Move the session_start() call before the HTML:
<?php
session_start();
?>
<html><head><title>I'M TOO LAZY TO TITLE MY PAGES</title></head><body>
<?php
if (!isset($_POST['login'])) {
/* ... */
--
Mail sent to my "From:" address is publicly readable at http://www.dodgeit.com/
== ** ## !! !! ## ** ==
TEXT-ONLY mail to the complete "Reply-To:" address ("My Name" <my@address> ) may
bypass the spam filter. I will answer all pertinent mails from a valid address.
| |
| Geoff Berrow 2004-11-23, 8:55 pm |
| I noticed that Message-ID: <cnv5i701ps9@news2.newsguy.com> from Dynamo
contained the following:
>OK so I tried it and failed miserably.
What Pedro said.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
|
|
|
|