Thank you Fortunechanger, I'm trying what you suggest since yesterday but till now I'm I'm not able to achieve. You can see this here login.php <script type="text/javascript" src="sha512.js"></script> <script type="text/javascript"> function formhash(form, password) { // Create a new element input, this will be out hashed password field. var p = document.createElement("input"); // Add the new element to our form. p.name = "p"; p.type = "hidden" p.value = hex_sha512(password.value); // Make sure the plaintext password doesn't get sent. password.value = ""; // Finally submit the form. form.appendChild(p); form.submit(); } </script> <?php if(isset($_GET['error'])) { echo 'Error Logging In!'; } ?> </head> <body><form action="[b]process_login.php[/b]" method="post" name="login_form"> Email: <input type="text" name="email" /><br /> Password: <input type="password" name="password" id="password"/><br /> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form> PHP: process_login.php <?php define("HOST", "localhost"); // The host you want to connect to. define("USER", "root"); // The database username. define("PASSWORD", ""); // The database password. define("DATABASE", "check1"); // The database name. $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); include 'functions.php'; sec_session_start(); // Our custom secure way of starting a php session. if(isset($_POST['email']) && isset($_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if(login($email, $password, $mysqli) === true) { // Login success include("XICS..php"); } else { // Login failed header('Location: login.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?> PHP: XICS.php <?php $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); echo "Process Login"; sec_session_start(); ?> <HTML code .........> if(login_check($mysqli) == true){ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="#">Uploads</a></li> <li class="serviceli"><a href="downloads.php">Solved Materials</a></li> <li class="serviceli"><a href="forum.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } else{ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="login.php">Uploads</a></li> <li class="serviceli"><a href="login.php">Solved Materials</a></li> <li class="serviceli"><a href="login.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } ?> PHP: I just want to show a 'please login to see this page' message if a non logged in user clicks the link or redirect on login.php.
Problem is I don't want to hide entire page without login but some specific links should not work. And if come in with login then all links will work. Right Now with following code if try to access directly entering the url of page. Half page is displayed with warning, notices, and finally Fatal Error Notice: Use of undefined constant HOST - assumed 'HOST' in C:\xampp\htdocs\secure\XICS.php on line 2 Notice: Use of undefined constant USER - assumed 'USER' in C:\xampp\htdocs\secure\XICS.php on line 2 Notice: Use of undefined constant PASSWORD - assumed 'PASSWORD' in C:\xampp\htdocs\secure\XICS.php on line 2 Notice: Use of undefined constant DATABASE - assumed 'DATABASE' in C:\xampp\htdocs\secure\XICS.php on line 2 Warning: mysqli::mysqli() [mysqli.mysqli]: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2 Warning: mysqli::mysqli() [mysqli.mysqli]: [2002] php_network_getaddresses: getaddrinfo failed: No such host is known. (trying to connect via tcp://HOST:3306) in C:\xampp\htdocs\secure\XICS.php on line 2 Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2002): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2 Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on line 94 XICS.PHP <?php $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); sec_session_start(); ?> some other HTML code lines..... if(login_check($mysqli) == true){ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="#">Uploads</a></li> <li class="serviceli"><a href="downloads.php">Solved Materials</a></li> <li class="serviceli"><a href="forum.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } else{ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="login.php">Uploads</a></li> <li class="serviceli"><a href="login.php">Solved Materials</a></li> <li class="serviceli"><a href="login.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } ?> PHP: process_login.php <?php define("HOST", "localhost"); // The host you want to connect to. define("USER", "root"); // The database username. define("PASSWORD", ""); // The database password. define("DATABASE", "check1"); // The database name. $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); echo "Process Login"; include 'functions.php'; sec_session_start(); // Our custom secure way of starting a php session. if(isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if(login($email, $password, $mysqli) == true) { // Login success include("XICS.php"); } else { // Login failed header('Location: ./login.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?> PHP:
In top of XICS.php, you have to declare db config variables(define db setting constants like in process.php file). before $mysqli=new mysqli(HOST, USER, PASSWORD, DATABASE); I think it will be better if you save these db config as a config.php file, then include it when needed. Fatal error: Call to undefined function sec_session_start() have to include functions.php before this line.
Hello Fastestsms I made the changes as you suggested just take a look - At top of XICS.php page <?php include "functions.php"; sec_session_start(); ?> PHP: And before the links <?php include 'dbconnection.php'; if(login_check($mysqli) == true){ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="#">Uploads</a></li> <li class="serviceli"><a href="#">Solved Materials</a></li> <li class="serviceli"><a href="forum.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } else{ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="login.php">Uploads</a></li> <li class="serviceli"><a href="login.php">Solved Materials</a></li> <li class="serviceli"><a href="login.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } ?> PHP: This solved problem some extend but - If I try to see this page after login then page displayed Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15 And url in address bar is http://localhost/secure/process_login.php And if I directly give page URL in address bar http://localhost/secure/XICS.php Then every thing work fine till now. Why I getting Error when sec_session_start() function is declare only once in functions.php file.
Post your functions.php file. It's telling you already that you have set the sec_session_start(); So why are you doing it again in any other file like the XICS.php ?
Ah my bad, look what you wrote: If I try to see this page after login then page displayed Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15 And url in address bar is http://localhost/secure/process_login.php sec_session_start(); // Our custom secure way of starting a php session. Is already in your functions.php file so you shouldn't need it in process_login.php That should stop the error.
And look at the top of your XICS.php file you said: But inside functions.php the sec_session_start() is already declared there - as you admitted and we know! So - why is it now in the top of the XICS.php file? It's previously been declared right?
OK I removed sec_session_start(); but still getting same error. <?php include "functions.php"; sec_session_start(); //REMOVED FROM XICS.PHP file ?>
If that is how you removed it - then you didn't remove it at all but only commented it The proper way to remove it (or at least uncomment it) is: <?php include "functions.php"; // sec_session_start(); ?>
Thank you InstaCoders for your botheration - Here I am giving you the updated code for each file Login.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <script type="text/javascript" src="sha512.js"></script> <script type="text/javascript" src="forms.js"></script> <script type="text/javascript"> function formhash(form, password) { // Create a new element input, this will be out hashed password field. var p = document.createElement("input"); // Add the new element to our form. p.name = "p"; p.type = "hidden" p.value = hex_sha512(password.value); // Make sure the plaintext password doesn't get sent. password.value = ""; // Finally submit the form. form.appendChild(p); form.submit(); } </script> <?php if(isset($_GET['error'])) { echo 'Error Logging In!'; } ?> </head> <body><form action="process_login.php" method="post" name="login_form"> Email: <input type="text" name="email" /><br /> Password: <input type="password" name="password" id="password"/><br /> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form> </body> </html> PHP: Process_login.php <?php include 'dbconnection.php'; include 'functions.php'; sec_session_start(); // Our custom secure way of starting a php session. if(isset($_POST['email']) && isset($_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if(login($email, $password, $mysqli) === true) { // Login success include("XICS.php"); } else { // Login failed header('Location: login.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?> PHP: XICS.php <?php include "functions.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title> <meta name="description" content="Find DOWNLOAD LATEST PROJECTS FOR CBSE CLASS XII INFORMATICS PRACTICES and Computer Science,Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" /> <meta name="keywords" content="cbse cs and ip,xi cbse syllabus,xi class syllabus,xi computer science notes,xi science syllabus,xi syllabus,xii cbse syllabus,xii computer science,xii computer science question paper,xii question papers" /> <link href="css/other.css" rel="stylesheet" type="text/css" /> <link href="css/other2.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" /> <script type="text/javascript" src="csshorizontalmenu.js"></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-34001071-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script> <script type="text/javascript"> /*$(document).ready(function() { $('#ul1 li a').click(function(e) { e.preventDefault(); $('#content').load($(this).attr('href')); }); });*/ $(function(){ $('#ul1 li a').on('click', function(e){ e.preventDefault(); var page_url=$(this).prop('href'); $('#content').load(page_url); }); }); </script> <style type="text/css"> .style1 { color: #FFFF99; } .ul { margin-left: 15px; } </style> </head> <body> <div id="main_container"> <div id="container"> <div id="banner_container"> <div id="login_container"> <span class="style1" >Email or Phonee</span> <span class="style1" >Password</span> <br /> <input type="text" id="Text1" class="box" /> <input type="password" id="Password1" class="box" /> <input id="Submit1" type="submit" value="Log In" /><br /> <span class="style1" >Forgot your password?</span> </div> <div class="horizontalcssmenu"> <ul id="cssmenu1"> <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li> <li><a href="#">Computer Science</a> <ul> <li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li> <li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li> </ul> </li> <li><a href="#">Informatics Practices</a> <ul> <li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li> <li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li> </ul> </li> <li><a href="http://www.cbsecsnip.in">Take Test</a></li> <li><a href="http://www.cbsecsnip.in">Software</a></li> <li><a href="http://www.cbsecsnip.in">Register</a></li> <li><a href="http://www.cbsecsnip.in">Get Together</a></li> </ul> <br style="clear: left;" /> </div> </div> </div> <div class="panel_container"> <?php include 'dbconnection.php'; if(login_check($mysqli) == true){ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="#">Uploads</a></li> <li class="serviceli"><a href="#">Solved Materials</a></li> <li class="serviceli"><a href="forum.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } else{ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="login.php">Uploads</a></li> <li class="serviceli"><a href="login.php">Solved Materials</a></li> <li class="serviceli"><a href="login.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } ?> <div class="image002-07"> Site Map</div> </body> </html> PHP: functions.php //Secure Session Start Function:Securely start a PHP session. function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = false; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. $cookieParams = session_get_cookie_params(); // Gets current cookies params. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); // Sets the session name to the one set above. session_start(); // Start the php session session_regenerate_id(true); // regenerated the session, delete the old one. } //Secure Login Function: function login($email, $password, $mysqli) { // Using prepared Statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result. $stmt->fetch(); $password = hash('sha512', $password.$salt); // hash the password with the unique salt. if($stmt->num_rows == 1) { // If the user exists // We check if the account is locked from too many login attempts if(checkbrute($user_id, $mysqli) == true) { // Account is locked // Send an email to user saying their account is locked return false; } else { if($db_password == $password) { // Check if the password in the database matches the password the user submitted. // Password is correct! $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user. $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value $_SESSION['user_id'] = $user_id; $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser); // Login successful. return true; } else { // Password is not correct // We record this attempt in the database $now = time(); $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')"); return false; } } } else { // No user exists. return false; } } } //Create login_check function:Check logged in status. function login_check($mysqli) { // Check if all session variables are set if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user. if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if($stmt->num_rows == 1) { // If the user exists $stmt->bind_result($password); // get variables from result. $stmt->fetch(); $login_check = hash('sha512', $password.$ip_address.$user_browser); if($login_check == $login_string) { // Logged In!!!! return true; } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Not logged in return false; } } ?> PHP: As you suggested me to completely delete sec_session_start(); from XICS.php I deleted it. But error is still same Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15