1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to restrict some links to be click without valid login

Discussion in 'PHP' started by vishalonne, Aug 25, 2012.

  1. vishalonne

    vishalonne Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #21
    Thank you Fortunechanger, I'm trying what you suggest since yesterday but till now I'm I'm not able to achieve. You can see this here
    login.php
    
    <script type="text/javascript" src="sha512.js"></script>
    <script type="text/javascript">
    function formhash(form, password) {
    	
       // Create a new element input, this will be out hashed password field.
       var p = document.createElement("input");
       // Add the new element to our form.
       
       p.name = "p";
       p.type = "hidden"
       p.value = hex_sha512(password.value);
       // Make sure the plaintext password doesn't get sent.
       password.value = "";
       // Finally submit the form.
       form.appendChild(p);
       form.submit();
    
    }
    </script>
    <?php
    if(isset($_GET['error'])) { 
       echo 'Error Logging In!';
    }
    ?>
    
    </head>
    
    <body><form action="[b]process_login.php[/b]" method="post" name="login_form">
       Email: <input type="text" name="email" /><br />
       Password: <input type="password" name="password" id="password"/><br />
       <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" />
    </form>
    
    PHP:
    process_login.php
    
    <?php
    define("HOST", "localhost"); // The host you want to connect to.
    define("USER", "root"); // The database username.
    define("PASSWORD", ""); // The database password. 
    define("DATABASE", "check1"); // The database name.
     
    $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
    
    include 'functions.php';
    sec_session_start(); // Our custom secure way of starting a php session. 
     
    if(isset($_POST['email']) && isset($_POST['p'])) { 
       $email = $_POST['email'];
       $password = $_POST['p']; // The hashed password.
       if(login($email, $password, $mysqli) === true) {
          // Login success
          include("XICS..php");
       } else {
          // Login failed
          header('Location: login.php?error=1');
       }
    } else { 
       // The correct POST variables were not sent to this page.
       echo 'Invalid Request';
    }
    ?>
    
    PHP:
    XICS.php
    
    <?php
    $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
    echo "Process Login";
    sec_session_start();
    ?>
    <HTML code .........>
    
    if(login_check($mysqli) == true){ ?>
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="#">Uploads</a></li>
                <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
                <li class="serviceli"><a href="forum.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php
    }
    else{        ?>
    
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="login.php">Uploads</a></li>
                <li class="serviceli"><a href="login.php">Solved Materials</a></li>
                <li class="serviceli"><a href="login.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php } ?>
    
    PHP:
    I just want to show a 'please login to see this page' message if a non logged in user clicks the link or redirect on login.php.
     
    vishalonne, Aug 26, 2012 IP
  2. vishalonne

    vishalonne Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #22
    Problem is I don't want to hide entire page without login but some specific links should not work. And if come in with login then all links will work.

    Right Now with following code if try to access directly entering the url of page. Half page is displayed with warning, notices, and finally Fatal Error Notice: Use of undefined constant HOST - assumed 'HOST' in C:\xampp\htdocs\secure\XICS.php on line 2

    Notice: Use of undefined constant USER - assumed 'USER' in C:\xampp\htdocs\secure\XICS.php on line 2

    Notice: Use of undefined constant PASSWORD - assumed 'PASSWORD' in C:\xampp\htdocs\secure\XICS.php on line 2

    Notice: Use of undefined constant DATABASE - assumed 'DATABASE' in C:\xampp\htdocs\secure\XICS.php on line 2

    Warning: mysqli::mysqli() [mysqli.mysqli]: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2

    Warning: mysqli::mysqli() [mysqli.mysqli]: [2002] php_network_getaddresses: getaddrinfo failed: No such host is known. (trying to connect via tcp://HOST:3306) in C:\xampp\htdocs\secure\XICS.php on line 2

    Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2002): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2

    Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on line 94

    XICS.PHP

     <?php
      $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
      sec_session_start(); ?>
    some other HTML code lines.....
    
    if(login_check($mysqli) == true){ ?>
        <div id="nav" class="image002-03">
         <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="#">Uploads</a></li>
            <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
            <li class="serviceli"><a href="forum.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
      </div>
      <?php
       }
        else{   ?>
      <div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
           <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
           <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="login.php">Uploads</a></li>
            <li class="serviceli"><a href="login.php">Solved Materials</a></li>
            <li class="serviceli"><a href="login.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
       </div>
      <?php } ?>
    PHP:
    process_login.php
    
    <?php
     define("HOST", "localhost"); // The host you want to connect to.
     define("USER", "root"); // The database username.
     define("PASSWORD", ""); // The database password. 
     define("DATABASE", "check1"); // The database name.
     $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
     echo "Process Login";
     include 'functions.php';
     sec_session_start(); // Our custom secure way of starting a php session. 
     if(isset($_POST['email'], $_POST['p'])) { 
     $email = $_POST['email'];
     $password = $_POST['p']; // The hashed password.
        if(login($email, $password, $mysqli) == true)
        {
            // Login success
            include("XICS.php");
         } else {
         // Login failed
         header('Location: ./login.php?error=1');
        }
        } else { 
      // The correct POST variables were not sent to this page.
      echo 'Invalid Request';
    }
    ?>
    
    PHP:
     
    vishalonne, Aug 26, 2012 IP
  3. fastestsms

    fastestsms Greenhorn

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    6
    #23
    In top of XICS.php, you have to declare db config variables(define db setting constants like in process.php file).

    before $mysqli=new mysqli(HOST, USER, PASSWORD, DATABASE);

    I think it will be better if you save these db config as a config.php file, then include it when needed.


    Fatal error: Call to undefined function sec_session_start()


    have to include functions.php before this line. :)
     
    fastestsms, Aug 26, 2012 IP
  4. vishalonne

    vishalonne Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #24
    Hello Fastestsms

    I made the changes as you suggested just take a look -
    At top of XICS.php page

    
    <?php
    include "functions.php";
    sec_session_start();
    ?>
    PHP:
    And before the links
    
    <?php
    include 'dbconnection.php';
    if(login_check($mysqli) == true){ ?>
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="#">Uploads</a></li>
                <li class="serviceli"><a href="#">Solved Materials</a></li>
                <li class="serviceli"><a href="forum.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php
    }
    else{        ?>
    
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="login.php">Uploads</a></li>
                <li class="serviceli"><a href="login.php">Solved Materials</a></li>
                <li class="serviceli"><a href="login.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php } ?>
    
    PHP:
    This solved problem some extend but -
    If I try to see this page after login then page displayed
    Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15
    And url in address bar is http://localhost/secure/process_login.php

    And if I directly give page URL in address bar http://localhost/secure/XICS.php

    Then every thing work fine till now.

    Why I getting Error when sec_session_start() function is declare only once in functions.php file.
     
    vishalonne, Aug 26, 2012 IP
  5. InstaCoders

    InstaCoders Peon

    Messages:
    53
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #25
    Post your functions.php file.

    It's telling you already that you have set the
    sec_session_start();

    So why are you doing it again in any other file like the XICS.php ?
     
    InstaCoders, Aug 26, 2012 IP
  6. InstaCoders

    InstaCoders Peon

    Messages:
    53
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #26
    Ah my bad, look what you wrote:


    If I try to see this page after login then page displayed
    Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15
    And url in address bar is http://localhost/secure/process_login.php


    sec_session_start(); // Our custom secure way of starting a php session.
    Is already in your functions.php file so you shouldn't need it in process_login.php
    That should stop the error.
     
    InstaCoders, Aug 26, 2012 IP
  7. InstaCoders

    InstaCoders Peon

    Messages:
    53
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #27
    And look at the top of your XICS.php file you said:

    But inside functions.php the sec_session_start() is already declared there - as you admitted and we know!
    So - why is it now in the top of the XICS.php file? It's previously been declared right?
     
    InstaCoders, Aug 26, 2012 IP
  8. vishalonne

    vishalonne Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #28
    So from where should I remove sec_session_start()???:confused:
     
    vishalonne, Aug 26, 2012 IP
  9. vishalonne

    vishalonne Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #29
    Should I remove sec_session_start(); from both process_login.php & XICS.php:(
     
    vishalonne, Aug 26, 2012 IP
  10. InstaCoders

    InstaCoders Peon

    Messages:
    53
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #30
    you should probably remove it from XICS.php
     
    InstaCoders, Aug 26, 2012 IP
  11. vishalonne

    vishalonne Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #31
    OK I removed sec_session_start(); but still getting same error.

    <?php
    include "functions.php";
    sec_session_start(); //REMOVED FROM XICS.PHP file
    ?>
     
    vishalonne, Aug 26, 2012 IP
  12. InstaCoders

    InstaCoders Peon

    Messages:
    53
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #32
    If that is how you removed it - then you didn't remove it at all but only commented it
    The proper way to remove it (or at least uncomment it) is:

    <?php
    include "functions.php";
    // sec_session_start();
    ?>
     
    InstaCoders, Aug 26, 2012 IP
  13. InstaCoders

    InstaCoders Peon

    Messages:
    53
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #33
    It's probably best to post your updated code at this point so we can see it.
     
    InstaCoders, Aug 26, 2012 IP
  14. vishalonne

    vishalonne Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #34
    Thank you InstaCoders for your botheration -
    Here I am giving you the updated code for each file
    Login.php
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
    <script type="text/javascript" src="sha512.js"></script>
    <script type="text/javascript" src="forms.js"></script>
    
    <script type="text/javascript">
    function formhash(form, password) {
    	
       // Create a new element input, this will be out hashed password field.
       var p = document.createElement("input");
       // Add the new element to our form.
       
       p.name = "p";
       p.type = "hidden"
       p.value = hex_sha512(password.value);
       // Make sure the plaintext password doesn't get sent.
       password.value = "";
       // Finally submit the form.
       form.appendChild(p);
       form.submit();
    
    }
    </script>
    <?php
    if(isset($_GET['error'])) { 
       echo 'Error Logging In!';
    }
    ?>
    
    </head>
    
    <body><form action="process_login.php" method="post" name="login_form">
       Email: <input type="text" name="email" /><br />
       Password: <input type="password" name="password" id="password"/><br />
       <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" />
    </form>
    </body>
    </html>
    PHP:
    Process_login.php
    <?php
    include 'dbconnection.php';
    include 'functions.php';
    sec_session_start(); // Our custom secure way of starting a php session. 
     
    if(isset($_POST['email']) && isset($_POST['p'])) { 
       $email = $_POST['email'];
       $password = $_POST['p']; // The hashed password.
       if(login($email, $password, $mysqli) === true) {
          // Login success
          include("XICS.php");
       } else {
          // Login failed
          header('Location: login.php?error=1');
       }
    } else { 
       // The correct POST variables were not sent to this page.
       echo 'Invalid Request';
    }
    
    ?>
    
    PHP:
    XICS.php
    <?php
    include "functions.php";
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
        <meta name="description" content="Find DOWNLOAD LATEST PROJECTS FOR CBSE CLASS XII INFORMATICS PRACTICES and Computer Science,Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" />
        <meta name="keywords" content="cbse cs and ip,xi cbse syllabus,xi class syllabus,xi computer science notes,xi science syllabus,xi syllabus,xii cbse syllabus,xii computer science,xii computer science question paper,xii question papers" />
     
        <link href="css/other.css" rel="stylesheet" type="text/css" />  
        <link href="css/other2.css" rel="stylesheet" type="text/css" />
        <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
        <script type="text/javascript" src="csshorizontalmenu.js"></script>
        <script type="text/javascript">
            var _gaq = _gaq || [];
            _gaq.push(['_setAccount', 'UA-34001071-1']);
            _gaq.push(['_trackPageview']);
            (function() {
                var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
                ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
                var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
            })();
        </script>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
    <script type="text/javascript">
     /*$(document).ready(function() {
      $('#ul1 li a').click(function(e) {
       e.preventDefault();
       $('#content').load($(this).attr('href'));
      });
     });*/
     $(function(){
        $('#ul1 li a').on('click', function(e){
            e.preventDefault();
            var page_url=$(this).prop('href');
            $('#content').load(page_url);
        });
    });
    </script>
        <style type="text/css">
            .style1
            {
                color: #FFFF99;
            }
            .ul
            {
                margin-left: 15px;
            }
        </style>
        </head>
    <body>
        <div id="main_container">
            <div id="container">
                <div id="banner_container">
                    <div id="login_container">
           <span class="style1" >Email or Phonee</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    <span class="style1" >Password</span>&nbsp;&nbsp;<br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
         <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="#">Informatics Practices</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Software</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Register</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Get Together</a></li>
                    </ul>
                    <br style="clear: left;" />
                </div>
              </div>   
            </div>
            <div class="panel_container">
    	
    <?php
    include 'dbconnection.php';
    if(login_check($mysqli) == true){ ?>
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="#">Uploads</a></li>
                <li class="serviceli"><a href="#">Solved Materials</a></li>
                <li class="serviceli"><a href="forum.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php
    }
    else{        ?>
    
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="login.php">Uploads</a></li>
                <li class="serviceli"><a href="login.php">Solved Materials</a></li>
                <li class="serviceli"><a href="login.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php } ?>
    	
    	<div class="image002-07">
    		Site Map</div>
    	
    </body>
    </html>
    PHP:
    functions.php
    //Secure Session Start Function:Securely start a PHP session.
    
    function sec_session_start() {
            $session_name = 'sec_session_id'; // Set a custom session name
            $secure = false; // Set to true if using https.
            $httponly = true; // This stops javascript being able to access the session id. 
     
            ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
            $cookieParams = session_get_cookie_params(); // Gets current cookies params.
            session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
            session_name($session_name); // Sets the session name to the one set above.
            session_start(); // Start the php session
            session_regenerate_id(true); // regenerated the session, delete the old one.     
    }
    
    
      //Secure Login Function:
    function login($email, $password, $mysqli) {
       // Using prepared Statements means that SQL injection is not possible. 
       if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { 
          $stmt->bind_param('s', $email); // Bind "$email" to parameter.
          $stmt->execute(); // Execute the prepared query.
          $stmt->store_result();
          $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result.
          $stmt->fetch();
          $password = hash('sha512', $password.$salt); // hash the password with the unique salt.
     
          if($stmt->num_rows == 1) { // If the user exists
             // We check if the account is locked from too many login attempts
             if(checkbrute($user_id, $mysqli) == true) { 
                // Account is locked
                // Send an email to user saying their account is locked
                return false;
             } else {
             if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
                // Password is correct!
     
                   $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
                   $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
     
                   $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
                   $_SESSION['user_id'] = $user_id; 
                   $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
                   $_SESSION['username'] = $username;
                   $_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser);
                   // Login successful.
                   return true;    
             } else {
                // Password is not correct
                // We record this attempt in the database
                $now = time();
                $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
                return false;
             }
          }
          } else {
             // No user exists. 
             return false;
          }
       }
    }
    
    //Create login_check function:Check logged in status.
    function login_check($mysqli) {
       // Check if all session variables are set
       if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
         $user_id = $_SESSION['user_id'];
         $login_string = $_SESSION['login_string'];
         $username = $_SESSION['username'];
         $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
         $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
     
         if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { 
            $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
            $stmt->execute(); // Execute the prepared query.
            $stmt->store_result();
     
            if($stmt->num_rows == 1) { // If the user exists
               $stmt->bind_result($password); // get variables from result.
               $stmt->fetch();
               $login_check = hash('sha512', $password.$ip_address.$user_browser);
               if($login_check == $login_string) {
                  // Logged In!!!!
                  return true;
               } else {
                  // Not logged in
                  return false;
               }
            } else {
                // Not logged in
                return false;
            }
         } else {
            // Not logged in
            return false;
         }
       } else {
         // Not logged in
         return false;
       }
    }
    
    ?>
    PHP:
    As you suggested me to completely delete sec_session_start(); from XICS.php I deleted it. But error is still same

    Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15
     
    Last edited: Aug 26, 2012
    vishalonne, Aug 26, 2012 IP