1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Member log in

Discussion in 'PHP' started by bmtpep, Apr 9, 2007.

  1. #1
    Hi there,

    I have a website that people register and log into , but i cant seem to figure out how on the member pages, how to make it that when your not a member it will give you the login.php page instead of going to the page itself?

    can someone help?

    Elaine
    SEMrush
     
    bmtpep, Apr 9, 2007 IP
    SEMrush
  2. frankcow

    frankcow Well-Known Member

    Messages:
    4,862
    Likes Received:
    264
    Best Answers:
    0
    Trophy Points:
    180
    #2
    If you give us a URL we could help out
     
    frankcow, Apr 9, 2007 IP
  3. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #3
    Better yet, the code. Specially the login part.
     
    nico_swd, Apr 9, 2007 IP
  4. bmtpep

    bmtpep Guest

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    ok i got the registration part :

    
    <? 
    include 'db.php'; 
    $msg = "First Name is a required field.  Please re-enter your information!";
    $msga = "Last Name is a required field.  Please re-enter your information!"; 
    $msgb = "Email Address is a required field.  Please re-enter your information!";
    $msgc = "Username is a required field.  Please re-enter your information!";
    $msgd = "Your membership information has been mailed to your email address! Please check it and follow the directions!";
    $msge = "Your email address has already been used by another member in our database. Please submit a different Email address!";
    $msgf = "The username you have selected has already been used by another member in our database. Please choose a different Username!";
    // Define post fields into simple variables 
    $first_name = $_POST['first_name']; 
    $last_name = $_POST['last_name']; 
    $email_address = $_POST['email_address']; 
    $username = $_POST['username']; 
    $info = $_POST['info']; 
    /* Let's strip some slashes in case the user entered 
    any escaped characters. */ 
    $first_name = stripslashes($first_name); 
    $last_name = stripslashes($last_name); 
    $email_address = stripslashes($email_address); 
    $username = stripslashes($username); 
    $info = stripslashes($info); 
    /* Do some error checking on the form posted fields */ 
    if((!$first_name) || (!$last_name) || (!$email_address) || (!$username)){ 
        if(!$first_name){ 
            echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>";
        } 
        if(!$last_name){ 
            echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>";
        } 
        if(!$email_address){ 
            echo "<script langauge=\"javascript\">alert(\"".$msgb."\");</script>"; 
        } 
        if(!$username){ 
            echo "<script langauge=\"javascript\">alert(\"".$msgc."\");</script>"; 
        } 
        include 'form.php'; // Show the form again! 
        /* End the error checking and if everything is ok, we'll move on to 
         creating the user account */ 
        exit(); // if the error checking has failed, we'll exit the script! 
    } 
    /* checking and ensuring that the user's email address or username 
    does not exist in the database */ 
     $sql_email_check = mysql_query("SELECT email_address FROM users  
                WHERE email_address='$email_address'"); 
     $sql_username_check = mysql_query("SELECT username FROM users  
                WHERE username='$username'"); 
     $email_check = mysql_num_rows($sql_email_check); 
     $username_check = mysql_num_rows($sql_username_check); 
     if(($email_check > 0) || ($username_check > 0)){ 
        if($email_check > 0){  
            echo "<script langauge=\"javascript\">alert(\"".$msge."\");</script>";
            unset($email_address); 
        } 
        if($username_check > 0){ 
            echo "<script langauge=\"javascript\">alert(\"".$msgf."\");</script>";
            unset($username); 
        } 
        include 'form.php'; // Show the form again! 
         exit();  // exit the script so that we do not create this account! 
     } 
    /* Everything has passed both error checks that we have done. 
    It's time to create the account! */ 
    /* generate a random password for the 
    user and encrypt it, email it and then enter it into the db. */
    function makeRandomPassword() { 
      $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
      srand((double)microtime()*1000000);  
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
                $i++; 
          } 
          return $pass; 
    } 
    $random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
    // Enter info into the Database. 
    $info2 = htmlspecialchars($info); 
    $sql = mysql_query("INSERT INTO users (first_name, last_name, 
            email_address, username, password, info, signup_date) 
            VALUES('$first_name', '$last_name', '$email_address', 
            '$username', '$db_password', '$info2', now())")  
            or die (mysql_error()); 
    if(!$sql){ 
        echo 'There has been an error creating your account. Please contact the webmaster.';
         include 'contactus.php'; 
    } else { 
        $userid = mysql_insert_id(); 
        // Let's mail the user! 
        $subject = "Your Membership at The Truth Discovered!"; 
        $message = "Dear $first_name $last_name, 
        Thank you for registering at our website, http://www.thetruthdiscovered.com! 
        You are two steps away from logging in and accessing our exclusive members area. 
        To activate your membership, 
        please click here: http://www.thetruthdiscovered.com/activate.php?id=$userid&code=$db_password 
        Once you activate your memebership, you will be able to login 
        with the following information: 
        Username: $username 
        Password: $random_password 
        Thank You 
        The Staff  
        This is an automated response, please do not reply!";  
        mail($email_address, $subject, $message,  
            "From: The Truth Discovered Webmaster<admin@thetruthdiscovered.com>\n 
            X-Mailer: PHP/" . phpversion());  
          echo "<script langauge=\"javascript\">alert(\"".$msgd."\");</script>";
    include 'index.php';
    } 
    ?>
    
    PHP:
    then the log in is :
    checkuser.php
    
    <?php 
    /* Check User Script */ 
    session_start();  // Start Session
    include 'db.php'; 
    $msg = "You could not be logged in! Either the username and password do not match or you have not validated your membership! Please Try again!";
    $msga = "Please enter ALL the information!";
    // Conver to simple variables 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    if((!$username) || (!$password)){
        echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>"; 
        include 'login.php';
        exit();
    }
    
    // Convert password to md5 hash 
    $password = md5($password);
    // check if the user info validates the db 
    $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'"); 
    $login_check = mysql_num_rows($sql);
    if($login_check > 0){ 
        while($row = mysql_fetch_array($sql)){ 
        foreach( $row AS $key => $val ){ 
            $$key = stripslashes( $val ); 
        } 
            // Register some session variables! 
            session_register('first_name'); 
            $_SESSION['first_name'] = $first_name; 
            session_register('last_name'); 
            $_SESSION['last_name'] = $last_name; 
            session_register('email_address'); 
            $_SESSION['email_address'] = $email_address; 
            session_register('special_user'); 
            $_SESSION['user_level'] = $user_level;
            mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
            header("Location: members/login_success.php"); 
        } 
    } else { 
        echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>"; 
        include 'login.php'; 
    } 
    ?> 
    
    PHP:
    now let me tell you alot of people have been telling me that it is old code, but i got it from a tutorial on creating member ship log ins, i am very new at this and i have been playing around with this for about a few weeks so i am familur with it so far , but to add and make it do stuff is hard for me ,

    i appreciate the help :)

    ELaine
     
    bmtpep, Apr 9, 2007 IP
  5. Eran-s

    Eran-s Peon

    Messages:
    50
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5
    First of all I suggest you to use one of the following functions to prevent SQL Injection:
    mysql_real_escape_string or htmlspecialchars

    Use them on the $_POST['username'] and other things you use in other queries...

    In the members page put some code like that:
    if(!isset($_SESSION['first_name']))
    	Header("Location: login.php");
    PHP:
     
    Eran-s, Apr 9, 2007 IP
  6. bmtpep

    bmtpep Guest

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Im sorry i dont no what to do with that ?

    
    if(!isset($_SESSION['first_name']))    Header("Location: login.php");
    
    PHP:
    where would i put that ?

    and the mysql_real_escape_string where would i put that on my
    $username = $_POST['username'];

    Elaine
     
    bmtpep, Apr 9, 2007 IP
  7. D_C

    D_C Well-Known Member

    Messages:
    1,107
    Likes Received:
    21
    Best Answers:
    1
    Trophy Points:
    160
    #7
    
    // func: redirect($to,$code=307)
    // spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    function redirect($to,$code=301)
    {
      $location = null;
      $sn = $_SERVER['SCRIPT_NAME'];
      $cp = dirname($sn);
      if (substr($to,0,4)=='http') $location = $to; // Absolute URL
      else
      {
        $schema = $_SERVER['SERVER_PORT']=='443'?'https':'http';
        $host = strlen($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:$_SERVER['SERVER_NAME'];
        if (substr($to,0,1)=='/') $location = "$schema://$host$to";
        elseif (substr($to,0,1)=='.') // Relative Path
        {
          $location = "$schema://$host/";
          $pu = parse_url($to);
          $cd = dirname($_SERVER['SCRIPT_FILENAME']).'/';
          $np = realpath($cd.$pu['path']);
          $np = str_replace($_SERVER['DOCUMENT_ROOT'],'',$np);
          $location.= $np;
          if ((isset($pu['query'])) && (strlen($pu['query'])>0)) $location.= '?'.$pu['query'];
        }
      }
    
      $hs = headers_sent();
      if ($hs==false)
      {
        if ($code==301) header("301 Moved Permanently HTTP/1.1"); // Convert to GET
        elseif ($code==302) header("302 Found HTTP/1.1"); // Conform re-POST
        elseif ($code==303) header("303 See Other HTTP/1.1"); // dont cache, always use GET
        elseif ($code==304) header("304 Not Modified HTTP/1.1"); // use cache
        elseif ($code==305) header("305 Use Proxy HTTP/1.1");
        elseif ($code==306) header("306 Not Used HTTP/1.1");
        elseif ($code==307) header("307 Temorary Redirect HTTP/1.1");
        else trigger_error("Unhandled redirect() HTTP Code: $code",E_USER_ERROR);
        header("Location: $location");
        header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
      }
      elseif (($hs==true) || ($code==302) || ($code==303))
      {
        // todo: draw some javascript to redirect
        $cover_div_style = 'background-color: #ccc; height: 100%; left: 0px; position: absolute; top: 0px; width: 100%;'; 
        echo "<div style='$cover_div_style'>\n";
        $link_div_style = 'background-color: #fff; border: 2px solid #f00; left: 0px; margin: 5px; padding: 3px; ';
        $link_div_style.= 'position: absolute; text-align: center; top: 0px; width: 95%; z-index: 99;';
        echo "<div style='$link_div_style'>\n";
        echo "<p>Please See: <a href='$to'>".htmlspecialchars($location)."</a></p>\n";
        echo "</div>\n</div>\n";
      }
      exit(0);
    }
    
    PHP:
    
    else { 
        echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>"; 
        include 'login.php'; 
        redirect("/index.php", 307)
    } 
    
    PHP:
    I think that should work. I got this from http://www.edoceo.com/creo/php-redirect.php . I would of put the header function the other guy said but he already said it.
     
    D_C, Apr 9, 2007 IP
  8. Eran-s

    Eran-s Peon

    Messages:
    50
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Put that code in the members page before everything, between <?php ?> tag

    
    $username = mysql_real_escape_string($_POST['username']);
    
    PHP:
     
    Eran-s, Apr 9, 2007 IP
  9. bmtpep

    bmtpep Guest

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    ok done mysql_real_escape_string is on all the $_POST's , but can you just tell me what that statement does besides the one i had ?

    just so i can know for futur reference and to actually learn this :) i appreciate it :)

    Elaine
     
    bmtpep, Apr 9, 2007 IP
  10. D_C

    D_C Well-Known Member

    Messages:
    1,107
    Likes Received:
    21
    Best Answers:
    1
    Trophy Points:
    160
    #10
    I found a better one, just put this in your else statement:

    
    echo "<meta http-equiv='Refresh' content='2; URL=login.php'/>";
    
    PHP:
    I have not tested that.
     
    D_C, Apr 9, 2007 IP
  11. Eran-s

    Eran-s Peon

    Messages:
    50
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #11
    This way works fine, there is another one:
    
    echo "<script type=\"text/javascript\">document.location='login.php';</script>";
    
    PHP:
     
    Eran-s, Apr 9, 2007 IP
  12. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #12
    But this won't work when JavaScript is disabled. So I'd suggest using D_C's code.
     
    nico_swd, Apr 9, 2007 IP
  13. bmtpep

    bmtpep Guest

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    oh boy im confused

    so i put $username = mysql_real_escape_string($_POST['username']); on every members page that i want people to log into ?

    and then put echo "<meta http-equiv='Refresh' content='2; URL=login.php'/>";
    as an Else statement?

    , do any of these go into my register.php file ? or do they all go into my multiple member pages that are only accessable after you log in ?
    ELaine
     
    bmtpep, Apr 9, 2007 IP
  14. Eran-s

    Eran-s Peon

    Messages:
    50
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #14
    No, make another page with all that code and then in the member pages put an include.

    include_once("checklogged.php");
    PHP:
    Or something...

    nico_swd, I didn't so a computer with JavaScript disabled yet :\
     
    Eran-s, Apr 9, 2007 IP
  15. bmtpep

    bmtpep Guest

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #15
    im getting very confused now , i dont no where anything goes ! i have a register.php file to register and add information to the database, then i have a checkuser.php to verify the users log in when they want to log in, now all those things you guys stated go in which ones ?

    Elaine
     
    bmtpep, Apr 9, 2007 IP
  16. Eran-s

    Eran-s Peon

    Messages:
    50
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #16
    As I said before, my code is to place in a page that only logged in members can access... Put it in the top of the page but in exchange of the Header line put the code of D_C
     
    Eran-s, Apr 9, 2007 IP
  17. bmtpep

    bmtpep Guest

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #17
    ok i like that include thingy, that i can handle ,

    so i will put all this :

    
    <?php
    if(!isset($_SESSION['first_name']))    Header("Location: login.php");
    $username = mysql_real_escape_string($_POST['username']);
    {
    echo "<script type=\"text/javascript\">document.location='login.php';</script>";
    }
    ?>
    
    PHP:
    then the include file in the member pages?

    ELaine
     
    bmtpep, Apr 9, 2007 IP
  18. Eran-s

    Eran-s Peon

    Messages:
    50
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #18
    You right but the code is as the following:
    
    <?php
    	if(!isset($_SESSION['first_name']))
    		echo "<script type=\"text/javascript\">document.location='login.php';</script>";
    ?>
    
    PHP:
    Then include it...

    About the mysql_real_escape_string you need to use it in the register page with all the data came from the form and as well in the login, but in the login page only for the username.
     
    Eran-s, Apr 9, 2007 IP
  19. bmtpep

    bmtpep Guest

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #19
    Oh my im so happy , thank you for all your help , i will test it all out now , i will let you know in a few ;)

    i appreciate it thank you thank you ;)

    Elaine
     
    bmtpep, Apr 9, 2007 IP
  20. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #20
    Sorry, but this is SO insecure. All pages will be visible for everyone by simply disabling JavaScript on the browser. At LEAST send an exit() after the echo.
     
    nico_swd, Apr 9, 2007 IP