Member log in

Hi there,

I have a website that people register and log into , but i cant seem to figure out how on the member pages, how to make it that when your not a member it will give you the login.php page instead of going to the page itself?

can someone help?

Elaine

 

If you give us a URL we could help out

 

Better yet, the code. Specially the login part.

 

ok i got the registration part :

<? 
include 'db.php'; 
$msg = "First Name is a required field.  Please re-enter your information!";
$msga = "Last Name is a required field.  Please re-enter your information!"; 
$msgb = "Email Address is a required field.  Please re-enter your information!";
$msgc = "Username is a required field.  Please re-enter your information!";
$msgd = "Your membership information has been mailed to your email address! Please check it and follow the directions!";
$msge = "Your email address has already been used by another member in our database. Please submit a different Email address!";
$msgf = "The username you have selected has already been used by another member in our database. Please choose a different Username!";
// Define post fields into simple variables 
$first_name = $_POST['first_name']; 
$last_name = $_POST['last_name']; 
$email_address = $_POST['email_address']; 
$username = $_POST['username']; 
$info = $_POST['info']; 
/* Let's strip some slashes in case the user entered 
any escaped characters. */ 
$first_name = stripslashes($first_name); 
$last_name = stripslashes($last_name); 
$email_address = stripslashes($email_address); 
$username = stripslashes($username); 
$info = stripslashes($info); 
/* Do some error checking on the form posted fields */ 
if((!$first_name) || (!$last_name) || (!$email_address) || (!$username)){ 
    if(!$first_name){ 
        echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>";
    } 
    if(!$last_name){ 
        echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>";
    } 
    if(!$email_address){ 
        echo "<script langauge=\"javascript\">alert(\"".$msgb."\");</script>"; 
    } 
    if(!$username){ 
        echo "<script langauge=\"javascript\">alert(\"".$msgc."\");</script>"; 
    } 
    include 'form.php'; // Show the form again! 
    /* End the error checking and if everything is ok, we'll move on to 
     creating the user account */ 
    exit(); // if the error checking has failed, we'll exit the script! 
} 
/* checking and ensuring that the user's email address or username 
does not exist in the database */ 
 $sql_email_check = mysql_query("SELECT email_address FROM users  
            WHERE email_address='$email_address'"); 
 $sql_username_check = mysql_query("SELECT username FROM users  
            WHERE username='$username'"); 
 $email_check = mysql_num_rows($sql_email_check); 
 $username_check = mysql_num_rows($sql_username_check); 
 if(($email_check > 0) || ($username_check > 0)){ 
    if($email_check > 0){  
        echo "<script langauge=\"javascript\">alert(\"".$msge."\");</script>";
        unset($email_address); 
    } 
    if($username_check > 0){ 
        echo "<script langauge=\"javascript\">alert(\"".$msgf."\");</script>";
        unset($username); 
    } 
    include 'form.php'; // Show the form again! 
     exit();  // exit the script so that we do not create this account! 
 } 
/* Everything has passed both error checks that we have done. 
It's time to create the account! */ 
/* generate a random password for the 
user and encrypt it, email it and then enter it into the db. */
function makeRandomPassword() { 
  $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
  srand((double)microtime()*1000000);  
      $i = 0; 
      while ($i <= 7) { 
            $num = rand() % 33; 
            $tmp = substr($salt, $num, 1); 
            $pass = $pass . $tmp; 
            $i++; 
      } 
      return $pass; 
} 
$random_password = makeRandomPassword(); 
$db_password = md5($random_password); 
// Enter info into the Database. 
$info2 = htmlspecialchars($info); 
$sql = mysql_query("INSERT INTO users (first_name, last_name, 
        email_address, username, password, info, signup_date) 
        VALUES('$first_name', '$last_name', '$email_address', 
        '$username', '$db_password', '$info2', now())")  
        or die (mysql_error()); 
if(!$sql){ 
    echo 'There has been an error creating your account. Please contact the webmaster.';
     include 'contactus.php'; 
} else { 
    $userid = mysql_insert_id(); 
    // Let's mail the user! 
    $subject = "Your Membership at The Truth Discovered!"; 
    $message = "Dear $first_name $last_name, 
    Thank you for registering at our website, http://www.thetruthdiscovered.com! 
    You are two steps away from logging in and accessing our exclusive members area. 
    To activate your membership, 
    please click here: http://www.thetruthdiscovered.com/activate.php?id=$userid&code=$db_password 
    Once you activate your memebership, you will be able to login 
    with the following information: 
    Username: $username 
    Password: $random_password 
    Thank You 
    The Staff  
    This is an automated response, please do not reply!";  
    mail($email_address, $subject, $message,  
        "From: The Truth Discovered Webmaster<admin@thetruthdiscovered.com>\n 
        X-Mailer: PHP/" . phpversion());  
      echo "<script langauge=\"javascript\">alert(\"".$msgd."\");</script>";
include 'index.php';
} 
?>

PHP:

then the log in is :
checkuser.php

<?php 
/* Check User Script */ 
session_start();  // Start Session
include 'db.php'; 
$msg = "You could not be logged in! Either the username and password do not match or you have not validated your membership! Please Try again!";
$msga = "Please enter ALL the information!";
// Conver to simple variables 
$username = $_POST['username']; 
$password = $_POST['password']; 
if((!$username) || (!$password)){
    echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>"; 
    include 'login.php';
    exit();
}

// Convert password to md5 hash 
$password = md5($password);
// check if the user info validates the db 
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'"); 
$login_check = mysql_num_rows($sql);
if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){ 
    foreach( $row AS $key => $val ){ 
        $$key = stripslashes( $val ); 
    } 
        // Register some session variables! 
        session_register('first_name'); 
        $_SESSION['first_name'] = $first_name; 
        session_register('last_name'); 
        $_SESSION['last_name'] = $last_name; 
        session_register('email_address'); 
        $_SESSION['email_address'] = $email_address; 
        session_register('special_user'); 
        $_SESSION['user_level'] = $user_level;
        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
        header("Location: members/login_success.php"); 
    } 
} else { 
    echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>"; 
    include 'login.php'; 
} 
?> 

PHP:

now let me tell you alot of people have been telling me that it is old code, but i got it from a tutorial on creating member ship log ins, i am very new at this and i have been playing around with this for about a few weeks so i am familur with it so far , but to add and make it do stuff is hard for me ,

i appreciate the help

ELaine

 

First of all I suggest you to use one of the following functions to prevent SQL Injection:
mysql_real_escape_string or htmlspecialchars

Use them on the $_POST['username'] and other things you use in other queries...

In the members page put some code like that:

if(!isset($_SESSION['first_name']))
	Header("Location: login.php");

PHP:

 

Im sorry i dont no what to do with that ?

if(!isset($_SESSION['first_name']))    Header("Location: login.php");

PHP:

where would i put that ?

and the mysql_real_escape_string where would i put that on my
$username = $_POST['username'];

Elaine

 

// func: redirect($to,$code=307)
// spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
function redirect($to,$code=301)
{
  $location = null;
  $sn = $_SERVER['SCRIPT_NAME'];
  $cp = dirname($sn);
  if (substr($to,0,4)=='http') $location = $to; // Absolute URL
  else
  {
    $schema = $_SERVER['SERVER_PORT']=='443'?'https':'http';
    $host = strlen($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:$_SERVER['SERVER_NAME'];
    if (substr($to,0,1)=='/') $location = "$schema://$host$to";
    elseif (substr($to,0,1)=='.') // Relative Path
    {
      $location = "$schema://$host/";
      $pu = parse_url($to);
      $cd = dirname($_SERVER['SCRIPT_FILENAME']).'/';
      $np = realpath($cd.$pu['path']);
      $np = str_replace($_SERVER['DOCUMENT_ROOT'],'',$np);
      $location.= $np;
      if ((isset($pu['query'])) && (strlen($pu['query'])>0)) $location.= '?'.$pu['query'];
    }
  }

  $hs = headers_sent();
  if ($hs==false)
  {
    if ($code==301) header("301 Moved Permanently HTTP/1.1"); // Convert to GET
    elseif ($code==302) header("302 Found HTTP/1.1"); // Conform re-POST
    elseif ($code==303) header("303 See Other HTTP/1.1"); // dont cache, always use GET
    elseif ($code==304) header("304 Not Modified HTTP/1.1"); // use cache
    elseif ($code==305) header("305 Use Proxy HTTP/1.1");
    elseif ($code==306) header("306 Not Used HTTP/1.1");
    elseif ($code==307) header("307 Temorary Redirect HTTP/1.1");
    else trigger_error("Unhandled redirect() HTTP Code: $code",E_USER_ERROR);
    header("Location: $location");
    header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
  }
  elseif (($hs==true) || ($code==302) || ($code==303))
  {
    // todo: draw some javascript to redirect
    $cover_div_style = 'background-color: #ccc; height: 100%; left: 0px; position: absolute; top: 0px; width: 100%;'; 
    echo "<div style='$cover_div_style'>\n";
    $link_div_style = 'background-color: #fff; border: 2px solid #f00; left: 0px; margin: 5px; padding: 3px; ';
    $link_div_style.= 'position: absolute; text-align: center; top: 0px; width: 95%; z-index: 99;';
    echo "<div style='$link_div_style'>\n";
    echo "<p>Please See: <a href='$to'>".htmlspecialchars($location)."</a></p>\n";
    echo "</div>\n</div>\n";
  }
  exit(0);
}

PHP:

else { 
    echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>"; 
    include 'login.php'; 
    redirect("/index.php", 307)
} 

PHP:

I think that should work. I got this from http://www.edoceo.com/creo/php-redirect.php . I would of put the header function the other guy said but he already said it.

 

Put that code in the members page before everything, between <?php ?> tag

$username = mysql_real_escape_string($_POST['username']);

PHP:

 

ok done mysql_real_escape_string is on all the $_POST's , but can you just tell me what that statement does besides the one i had ?

just so i can know for futur reference and to actually learn this i appreciate it

Elaine

 

I found a better one, just put this in your else statement:

echo "<meta http-equiv='Refresh' content='2; URL=login.php'/>";

PHP:

I have not tested that.

 

This way works fine, there is another one:

echo "<script type=\"text/javascript\">document.location='login.php';</script>";

PHP:

 

But this won't work when JavaScript is disabled. So I'd suggest using D_C's code.

 

oh boy im confused

so i put $username = mysql_real_escape_string($_POST['username']); on every members page that i want people to log into ?

and then put echo "<meta http-equiv='Refresh' content='2; URL=login.php'/>";
as an Else statement?

, do any of these go into my register.php file ? or do they all go into my multiple member pages that are only accessable after you log in ?
ELaine

 

No, make another page with all that code and then in the member pages put an include.

include_once("checklogged.php");

PHP:

Or something...

nico_swd, I didn't so a computer with JavaScript disabled yet :\

 

im getting very confused now , i dont no where anything goes ! i have a register.php file to register and add information to the database, then i have a checkuser.php to verify the users log in when they want to log in, now all those things you guys stated go in which ones ?

Elaine

 

As I said before, my code is to place in a page that only logged in members can access... Put it in the top of the page but in exchange of the Header line put the code of D_C

 

ok i like that include thingy, that i can handle ,

so i will put all this :

<?php
if(!isset($_SESSION['first_name']))    Header("Location: login.php");
$username = mysql_real_escape_string($_POST['username']);
{
echo "<script type=\"text/javascript\">document.location='login.php';</script>";
}
?>

PHP:

then the include file in the member pages?

ELaine

 

You right but the code is as the following:

<?php
	if(!isset($_SESSION['first_name']))
		echo "<script type=\"text/javascript\">document.location='login.php';</script>";
?>

PHP:

Then include it...

About the mysql_real_escape_string you need to use it in the register page with all the data came from the form and as well in the login, but in the login page only for the username.

 

Oh my im so happy , thank you for all your help , i will test it all out now , i will let you know in a few

i appreciate it thank you thank you

Elaine

 

Sorry, but this is SO insecure. All pages will be visible for everyone by simply disabling JavaScript on the browser. At LEAST send an exit() after the echo.