...

View Full Version : How to stop Redirect



cooldude159
05-05-2011, 10:29 PM
Okay so i have created a Beta Key Gen system for my site but the users are able to bypass it so they can just register without a beta key?? so for example they can just type site.com/register.php and bypassing my index page witch is the beta key

oracleguy
05-05-2011, 10:38 PM
You can use sessions to make sure that the key has been entered or validated or whatever. And if it isn't the register page can just redirect them back to the index page.

cooldude159
05-05-2011, 10:45 PM
How tho i need code like here is my site http://somethingtodo.x10.mx/ and your able to bypass the beta system just by doing /test.php

The reaper
05-05-2011, 10:55 PM
I would recommend using sessions as well, here is a link to read up on them: http://www.w3schools.com/php/php_sessions.asp


It could go something like this.
index.php


<?php
session_start(); // starts the session, needs to be on top of page

$_SESSION['beta_key'] = $key; // $key or whatever variable needs to have what the beta key is equal to.
?>






register.php


<?php
session_start();

if(isset($_SESSION['beta_key'])) // checks to see if the session exists
{
// if session does exist





}else{ // session else
header("Location: index.php"); //redirects if session doesn't exists.
}

?>


It is untested, an you will have to configure it yourself of course. But that should get the ol' brain thinking.

cooldude159
05-05-2011, 10:58 PM
kk now i have other problem when ever i enter Beta code it wont Redirect me now to my test.php

The reaper
05-05-2011, 11:03 PM
Could you please post the code you are working with?

cooldude159
05-05-2011, 11:09 PM
Index.php

<?php
session_start();
$_SESSION['beta_key'] = $key; // $key or whatever variable needs to have what the beta key is equal to.

$dbhost = 'localhost';
$dbuser = 'project9_root';
$dbpass = 'MYPASSWORD';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'project9_beta';
mysql_select_db($dbname);

?>
<?php
if(isset($_POST['login'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$query = sprintf("SELECT * FROM `users` WHERE `username` = '%s'", $username);
$usernamecheck = mysql_query($query);
if(mysql_num_rows($usernamecheck) > 0) {
// Username is in the database
$row = mysql_fetch_array($usernamecheck, MYSQL_ASSOC);
if ($row["password"] == md5($password)) {
// Password is correct
header('Location: test.php');
echo "Login successful, redirecting to <a href='test.php'>test.php</a> now.";
}
}
echo "<center>Login failed! Try a different username and, or password.</center>";
}
?>
<?php
$ibr=mysql_query('SELECT requirebeta FROM settings');
$ibrr=mysql_result($ibr, 0);
If ($ibrr == 'yes') {
?>
<?php
if(isset($_POST['register']))
if ($ibrr =='yes') { //beta required
{
$betakey = mysql_real_escape_string($_POST['beta']);



if($checkuserresult == 0)
{
$query = sprintf("SELECT COUNT(code) FROM `key` WHERE `code` = '%s'", mysql_real_escape_string($betakey));
$keycheck = mysql_query($query);
// $keycheck=mysql_query('SELECT COUNT(code) FROM `key` WHERE `code` like ' . $betakey);
$keyresult=mysql_result($keycheck, 0);
if ($keyresult) {
// echo "Beta key found!";
$deletekey=mysql_query('DELETE FROM `key` WHERE code="' . $betakey . '"');
// Add your redirect here
header( 'Location: test.php' ) ;
}else {
echo '<center><font color="#FF0000">Beta key Not valid.</font></center>';
// die("Beta key not valid.");
}
}
}
}
?>


<Title>Beta System</Title>
<center><form action"test.php" method="post">
Beta Key: <input type="text" name="beta"></br>
<input type="submit" name="register" value="Enter Beta Now"></form></center>
<?php
}

?>
<center><h2>OR</h2></center>
</br>
<center><h3>Login</h3></center>
<center>
<form action="index.php" method="post">
Username: <input type="text" name="username"></br>
Password: <input type="password" name="password"></br>
<input type="submit" name="login" value="Login"></form>
</form>
</center>
<!--
<center><h2>Login Section coming soon</h2></center>
-->

<div id="footer"><center><br />Created by unknown</center></div>




<table border="0" align="center" cellpadding="0" cellspacing="2" width="350">
<tr style="font-size: 9px;">
<td width="100" align="center" valign="middle"><a href="s13.myradiostream.com/13026.pls"><img src="/images/winamp_icon.jpg" alt="Listen in Winamp or iTunes" width="48" height="48" border="0" /></a><br />
<a href="/13026.pls">Winamp / iTunes</a></td>
<td width="100" align="center" valign="middle"><a href="s13.myradiostream.com/13026.asx"><img src="/images/winmedia_icon.jpg" alt="Listen in Windows Media Player" width="48" height="48" border="0" /></a><br />
<a href="/13026.asx">Windows Media</a></td>
<td width="100" align="center" valign="middle"><a href="s13.myradiostream.com/13026.ram"><img src="/images/real_icon.jpg" alt="Listen in RealPlayer" width="48" height="48" border="0" /></a><br />
<a href="/13026.ram">RealPlayer</a></td>
</tr>
</table>

test.php


<?php
session_start();

if(isset($_SESSION['beta_key'])) // checks to see if the session exists
{
// if session does exist





}else{ // session else
header("Location: index.php"); //redirects if session doesn't exists.
}

?>
<center>You have successful on getting this far on my beta system</center>
<center><b>NOTICE:</b>To keep testing this system do site link /admin and enter following details</center>
<h3><b>Username:</b>test</h3>
<h3><b>Password:</b>test1</h3>

The reaper
05-05-2011, 11:14 PM
That isn't quite what the example code I posted was meant for. You still need to place the example code in the correct spots.

cooldude159
05-05-2011, 11:16 PM
Can you Fix Please :)

The reaper
05-05-2011, 11:26 PM
index.php


session_start();
$dbhost = 'localhost';
$dbuser = 'project9_root';
$dbpass = 'MYPASSWORD';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'project9_beta';
mysql_select_db($dbname);

?>
<?php
if(isset($_POST['login'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$query = sprintf("SELECT * FROM `users` WHERE `username` = '%s'", $username);
$usernamecheck = mysql_query($query);
if(mysql_num_rows($usernamecheck) > 0) {
// Username is in the database
$row = mysql_fetch_array($usernamecheck, MYSQL_ASSOC);
if ($row["password"] == md5($password)) {
// Password is correct
header('Location: test.php');
echo "Login successful, redirecting to <a href='test.php'>test.php</a> now.";
}
}
echo "<center>Login failed! Try a different username and, or password.</center>";
}
?>
<?php
$ibr=mysql_query('SELECT requirebeta FROM settings');
$ibrr=mysql_result($ibr, 0);
If ($ibrr == 'yes') {
?>
<?php
if(isset($_POST['register']))
if ($ibrr =='yes') { //beta required
{
$betakey = mysql_real_escape_string($_POST['beta']);



if($checkuserresult == 0)
{
$query = sprintf("SELECT COUNT(code) FROM `key` WHERE `code` = '%s'", mysql_real_escape_string($betakey));
$keycheck = mysql_query($query);
// $keycheck=mysql_query('SELECT COUNT(code) FROM `key` WHERE `code` like ' . $betakey);
$keyresult=mysql_result($keycheck, 0);
if ($keyresult) {
// echo "Beta key found!";
$deletekey=mysql_query('DELETE FROM `key` WHERE code="' . $betakey . '"');
// Add your redirect here
$_SESSION['beta_key'] = $betakey;
header( 'Location: test.php' ) ;
}else {
echo '<center><font color="#FF0000">Beta key Not valid.</font></center>';
// die("Beta key not valid.");
}
}
}
}
?>


<Title>Beta System</Title>
<center><form action"test.php" method="post">
Beta Key: <input type="text" name="beta"></br>
<input type="submit" name="register" value="Enter Beta Now"></form></center>
<?php
}

?>
<center><h2>OR</h2></center>
</br>
<center><h3>Login</h3></center>
<center>
<form action="index.php" method="post">
Username: <input type="text" name="username"></br>
Password: <input type="password" name="password"></br>
<input type="submit" name="login" value="Login"></form>
</form>
</center>
<!--
<center><h2>Login Section coming soon</h2></center>
-->

<div id="footer"><center><br />Created by unknown</center></div>




<table border="0" align="center" cellpadding="0" cellspacing="2" width="350">
<tr style="font-size: 9px;">
<td width="100" align="center" valign="middle"><a href="s13.myradiostream.com/13026.pls"><img src="/images/winamp_icon.jpg" alt="Listen in Winamp or iTunes" width="48" height="48" border="0" /></a><br />
<a href="/13026.pls">Winamp / iTunes</a></td>
<td width="100" align="center" valign="middle"><a href="s13.myradiostream.com/13026.asx"><img src="/images/winmedia_icon.jpg" alt="Listen in Windows Media Player" width="48" height="48" border="0" /></a><br />
<a href="/13026.asx">Windows Media</a></td>
<td width="100" align="center" valign="middle"><a href="s13.myradiostream.com/13026.ram"><img src="/images/real_icon.jpg" alt="Listen in RealPlayer" width="48" height="48" border="0" /></a><br />
<a href="/13026.ram">RealPlayer</a></td>
</tr>
</table>





test.php


session_start();
if(isset($_SESSION['beta_key'])) // checks to see if the session exists
{
// if session does exist
echo '<center>You have successful on getting this far on my beta system</center>
<center><b>NOTICE:</b>To keep testing this system do site link /admin and enter following details</center>
<h3><b>Username:</b>test</h3>
<h3><b>Password:</b>test1</h3>';




}else{ // session else
header("Location: index.php"); //redirects if session doesn't exists.
}

?>



This is all untested for obvious reasons, I am not sure where some of the variables are coming from, but I hope you can get the idea off of this.

cooldude159
05-05-2011, 11:48 PM
Can you do the same thing but for Login. Username and Password section Please...



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum