...

View Full Version : submit variable help



nick_a
03-19-2004, 12:15 AM
I have one single php file for user authentication. The file is made up of an if that checks whether a submit variable exists. If it does than another if statement verifies the user through a database and if the username and password exists than it displayes an html page. If not is shows the error page.

The issue I have is that in the html page that is displayed when the user and password exist I have another if statement used for including the content. I pass variables through the url and that determines which content is loaded in the content area.

When I pass the variable it seems to get rid of $submit existing and it goes back to the login page as if the login info was never submitted.

Is there a way around this? Am I misinterpreting the use of the $submit variable? Should I base the main if statement around a variable other than $submit?

Thanks for any help. I can attatch the file if necessary but I assume this is more of a concept issue rather than a syntax one. I could be wrong though.

Spookster
03-19-2004, 12:55 AM
In a case like that you should really just keep your authentication code in a seperate file. A good way to work it is


Say this is a file called login.php




if(formsubmitted){
authenticated = check for authentication
if(authenticated is true)
redirect to member page
else
show login form



As for displaying different content don't worry about that until you get to the members page. The use of sessions is very handy as well. If the content to be shown depends on certain users logging in like say a regular user or an administrator for example you can store a value in the session to indicate what the user is and then check for that to display the appropriate content.

nick_a
03-19-2004, 01:00 AM
the reason i didnt want to just redirect is becuase then someone could just directly access that site by typing in the url skipping the login process. Unless there is someway to protect the redirected page?

Spookster
03-19-2004, 01:12 AM
Yes you would need to protect each page in the site that requires authentication. They key to that is using sessions and an include file like so:


Let's say this your include file is authenticated.php




$authentication = $_SESSION['authentication'];
if($authentication != true){
header("Location: http://domain.com/login.php");
}



Then you simply need to add this line to the top of each page that requires authentication




include("authenticated.php");



In your login authentication code when the successfully login you simple create and set that session variable to true or however you want to check it.




if(authenticated)
$_SESSION['authentication'] = true

nick_a
03-19-2004, 01:17 AM
awesome. thanks!

nick_a
03-19-2004, 03:36 AM
ok just to make sure I understand how to apply this to my site:

My main page is:



<?php

$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];

if ($submit) {

$connection = mysql_connect("xxxxx","xxxxx","xxxxx") or die("Can't connect to the host".mysql_error());
$dbconnection = mysql_select_db("xxxxxx", $connection) or die("Can't connect to the database".mysql_error());
$query = "SELECT password from xxxx WHERE xxxx = '$username'";
$result=mysql_query($query) or die ("Database Error");
$row = mysql_fetch_row($result);
if ($row[0]==$password) {


/*This is where I want to redirect to my main page after the user login info is correct according to the above if statement correct?*/

session_start();
header("Cache-control: private");
$_SESSION['authentication'] = true

include "adminpage.php";
?>



<?php
} else {
/* else if user name not is valid then this page is displayed so they can try to re-enter their info */

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>STM - Admin Control Panel</title>
<link rel="stylesheet" type="text/css" href="adminstyle.css">
<style type="text/css">
<!--
.style1 {color: #FFFFFF}
.style2 {color: #999999}
.style3 {
color: #CCCCCC;
font-weight: bold;
}
-->
</style>
</head>

<body>
<div align="center">
<table width="302" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="302" height="63">&nbsp;</td>
</tr>
<tr>
<td height="19" align="center" valign="middle" bgcolor="#424242"><img src="images/loginmenu_img.jpg" width="150" height="19"></td>
</tr>
<tr>
<td height="183" align="left" valign="middle" bgcolor="#2C2C2C" class="nav_bar2"><span class="style3">ERROR</span><br>
<span class="style2">No
User Account Found<br>
Please Try Again </span>
<form action="<?php echo $PHP_SELF ?>" method="post" class="style1">
<span class="style2">Username:&nbsp;</span>
<input type="text" name="username" class="textform" size="20">
<span class="style2"><br><br>
Password:&nbsp;&nbsp;</span>
<input type="password" name="username" class="passform" size="25"><br><br>
<input type="submit" name="submit" value="Log In" class="submitbutton">
</form>
<div align="right"><a href="#">Forget Your Info?</a>&nbsp;<br>
</span></div></td>
</tr>
<tr>
<td height="33">&nbsp;</td>
</tr>
</table>
</div>
</body>
</html>

<?php
}
} else {
// $submit not found
// so display a login form
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>STM - Admin Control Panel</title>
<link rel="stylesheet" type="text/css" href="adminstyle.css">
<style type="text/css">
<!--
.style1 {color: #FFFFFF}
.style2 {color: #999999}
-->
</style>
</head>

<body>
<div align="center">
<table width="302" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="302" height="63">&nbsp;</td>
</tr>
<tr>
<td height="19" align="center" valign="middle" bgcolor="#424242"><img src="images/loginmenu_img.jpg" width="150" height="19"></td>
</tr>
<tr>
<td height="151" align="left" valign="middle" bgcolor="#2C2C2C" class="nav_bar2">
<form action="<?php echo $PHP_SELF ?>" method="post" class="style1">
<span class="style2">Username:&nbsp;</span>
<input type="text" name="username" class="textform" size="20">
<span class="style2"><br><br>
Password:&nbsp;&nbsp;</span>
<input type="password" name="password" class="passform" size="25"><br><br>
<input type="submit" name="submit" value="Log In" class="submitbutton">
</form>
<div align="right"><a href="#">Forget Your Info?</a>&nbsp;<br></div>
</td>
</tr>
<tr>
<td height="65">&nbsp;</td>
</tr>
</table>
</div>
</body>
</html>


<?php } ?>




So to sum up what I did to try to follow what you told me....

I added $_SESSION['authentication'] = true inside the loop where the user was verified before I redirect to the main admin page.

And then I also need to enclose my whole admin page that I redirect to (in this example adminpage.php) in the following if statement:


$authentication = $_SESSION['authentication'];
if($authentication != true){
}

to make sure the session still exists.

Did I follow what you were trying to tell me?
Thanks.

Spookster
03-19-2004, 04:32 AM
You've gotten the general concept. There are some details in your coding that could use some changes but i'm about to go to bed and i'll try and point them out tomorrow if nobody else beats me to it.

nick_a
03-20-2004, 05:54 PM
I dont think I did the redirect right.
I doesnt like how I used the include().

Spookster
03-20-2004, 07:36 PM
Post your code as you have it now so we can take a look at it.

Some things you might want to look at are:

1. Unless you are using a version of PHP that is older than 4.1.0 then you should not be using $HTTP_POST_VARS. That is the old superglobal. The new one is $_POST.

2. Instead of checking a variable as such

if($submit)

you should check it like such using the isset() function.

if(isset($_POST['submit']))


3. When checking to see if their login is correct why would you check the username using SQL and check the password using PHP? Just use SQL.

Now all you need to do is check to see if a record was returned. If it was then obviously the login is valid.

$result = mysql_query($query);
if(mysql_num_rows($result) > 0){
//login is valid now do redirect

4. Another tip when you have a page like this that will submit to itself with a form that might need to be redisplayed then it is a good idea to put the code for just the form into a seperate file and then include it. That way you don't have to repeat the code over again. And if you ever need to make a change to that code you only need to do it once.

So basically like this:




if(isset($_POST['submit'])){

//database connection code goes here

$query = "SELECT * from tablename WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0){
//login is valid now do redirect
header("Location: http://domain.com/members.php");
}
else{
echo "Your login is not correct";
include("loginform.php");
}

else{
include("loginform.php");
}



That's a fairly common way of setting it up.

nick_a
03-20-2004, 08:23 PM
Quick question, is there a way to redirect after a correct login without having to click on a link. Such as just including the page?

Thanks again for your time.

Spookster
03-20-2004, 10:31 PM
Yes just use the redirect header in that code above. I know it had an anchor tag in it earlier but I didn't put that there this message board software saw the URL and tried to change it into a hyperlink.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum