Twilight MU Online Forum

Twilight MU Online Forum (http://forum.twilightmu.com/index.php)
-   Programming Section (http://forum.twilightmu.com/forumdisplay.php?f=128)
-   -   login script problem :D (http://forum.twilightmu.com/showthread.php?t=25319)

albsky 21-12-2008 08:51 AM
login script problem :D
 
mooo, made my first login script lol.
nothing connected to Database but it's my first try :D
k, it's located here: http://albsky.110mb.com/login
details:
voorbeeld
voorbeeld
K, it works, it redirects you to 'usercp.php'.
But, you can go to usercp.php without logging in as well!
How do I let it require to be logged in? What is the code? A new session or what? what ^^
Can someone read the codes and tell me what to add/change/whatever :D

Codes from the 3 files;

---Index.php---
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body bgcolor="000000">
<font color="ffffff">
<h1>Login</h1>
<form method="post" action="login.php">
    <p>
        <label for="user">Username:</label>
        <input type="text" name="user" id="users" />
    </p>
    <p>
        <label for="pass">Password:</label>
        <input type="password" name="pass" id="pass" />
    </p>
    <p>
        <input type="submit" value="Login" />
    </p>
</form>
</font>
</body>
</html>
---login.php---
Code:
<?php
session_start();
$sGebruikerControle = 'voorbeeld';
$sWachtwoordControle = 'voorbeeld';
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['user'], $_POST['pass']))
    {   
 $sGebruiker = trim($_POST['user']);
        $sWachtwoord = trim($_POST['pass']);
        if($sGebruiker == $sGebruikerControle && $sWachtwoord == $sWachtwoordControle)
        {
            $_SESSION['logged_in'] = true;
            $_SESSION['gebruiker'] = $sGebruiker;
            header('Refresh: 3; url=usercp.php');
            echo 'You have been succesfully logged in, please proceed, you will be redirected in 3 seconds!';
        }
        else
        {
            header('Refresh: 3; url=index.php');
            echo 'Wrong username and/or password!';
        }
    }
    else
    {
        header('Refresh: 3; url=index.php');
        echo 'Required field does not exist!';
    }
}
else
{
    header('Location: index.php');
    if(isset($_POST['user'], $_POST['pass']))
    {   
        $sGebruiker2 = trim($_POST['user']);
        $sWachtwoord2 = trim($_POST['pass']);
        if($sGebruiker2 == $sGebruikerControle2 && $sWachtwoord2 == $sWachtwoordControle2)
        {
            $_SESSION['logged_in'] = true;
            $_SESSION['gebruiker'] = $sGebruiker2;
            header('Refresh: 3; url=usercp.php');
            echo 'You have been succesfully logged in, please proceed, you will be redirected in 3 seconds!';
        }
        else
        {
            header('Refresh: 3; url=index.php');
            echo 'Wrong username and/or password!';
        }
    }
    else
    {
        header('Refresh: 3; url=index.php');
        echo 'Required field does not exist!';
    }
}

    exit();


?>
---UserCP.php---
Code:
<?
include 'login.php';
session_start()
$_SESSION['logged_in'] = true;
exit()
?>
<html>
<head>
<title></title>
</head>
<body bgcolor="ffffff">
<h3>Hoi</h3>
Hoi!
</body>
</html>

Judobreaker 21-12-2008 12:53 PM
You don't have to start a session in UserCP if you've already started one in login.php (cause you're including that).


login.php

Code:
<?php
session_start();
$sGebruikerControle = 'voorbeeld';
$sWachtwoordControle = 'voorbeeld';
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['user'], $_POST['pass']))
    {   
 $sGebruiker = trim($_POST['user']);
        $sWachtwoord = trim($_POST['pass']);
        if($sGebruiker == $sGebruikerControle && $sWachtwoord == $sWachtwoordControle)
        {
            $_SESSION['logged_in'] = true;
            $_SESSION['gebruiker'] = $sGebruiker;
            header('Refresh: 3; url=usercp.php');
            echo 'You have been succesfully logged in, please proceed, you will be redirected in 3 seconds!';
        }
        else
        {
        $_SESSION['logged_in'] = false;
            header('Refresh: 3; url=index.php');
            echo 'Wrong username and/or password!';
        }
    }
    else
    {
        $_SESSION['logged_in'] = false;
    header('Refresh: 3; url=index.php');
        echo 'Required field does not exist!';
    }
}
else
{
    header('Location: index.php');
    if(isset($_POST['user'], $_POST['pass']))
    {   
        $sGebruiker2 = trim($_POST['user']);
        $sWachtwoord2 = trim($_POST['pass']);
        if($sGebruiker2 == $sGebruikerControle2 && $sWachtwoord2 == $sWachtwoordControle2)
        {
            $_SESSION['logged_in'] = true;
            $_SESSION['gebruiker'] = $sGebruiker2;
            header('Refresh: 3; url=usercp.php');
            echo 'You have been succesfully logged in, please proceed, you will be redirected in 3 seconds!';
        }
        else
        {
        $_SESSION['logged_in'] = false;
            header('Refresh: 3; url=index.php');
            echo 'Wrong username and/or password!';
        }
    }
    else
    {
    $_SESSION['logged_in'] = false;
        header('Refresh: 3; url=index.php');
        echo 'Required field does not exist!';
    }
}

    exit();


?>

UserCP.php

Code:
<?
include 'login.php';

if( $_SESSION['logged_in'] != true );
die();
?>

<html>
<head>
<title></title>
</head>
<body bgcolor="ffffff">
<h3>Hoi</h3>
Hoi!
</body>
</html>

albsky 22-12-2008 02:14 AM
hmm, I can still enter it without 'logging in' and when I log in I can't see it.
I've tried making the 'true' in usercp to 'false' and 'die' to 'exit'.
But in this way it doesn't work =S, you have any other suggestions :D:D:D

Judobreaker 23-12-2008 04:01 PM
well yeah lol...

Code:
<?
include 'login.php';

if( $_SESSION['logged_in'] != true ) {
    die();
}
?>

<html>
<head>
<title></title>
</head>
<body bgcolor="ffffff">
<h3>Hoi</h3>
Hoi!
</body>
</html>
Try that. :P

albsky 27-12-2008 11:09 AM
doesn't work, the problem is that it requires login.php which in some way makes you login again, so you login over and over and over again :P

miszmaniac1 29-12-2008 02:03 AM
You guys, I've already told Albsky on Shoutbox, that he shouldn't do it this way. Login script is 1 thing, and another is auth check. Algorithm should work this way:
1. Check if user is authenticated
YES - go on,
NO - send him to login script.

If you load login.php script before checking it it's just not working.

IMAO the prettiest and still easy way to do this would be:
(lol, i've pressed post, instead of go advanced :signIRULE: )
Code:
function authcheck() {
  if($_SESSION['userauth'] !== true ) {
      require('login.php');
      exit;
  }
  return true;
}
Now in all later script you have to include your library files (which you'll probably need to do anyway). This way, in all files which need user authentication you'll just use authcheck(); and that's it.

Ok, now that is working:

Code:
<?
session_start();
if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != 1) {
    header('Location: index.php');
    exit();
}
?>
<html>
<head>
<title></title>
</head>
<body bgcolor="ffffff">
<h3>Hoi</h3>
Hoi!
</body>
</html>

Judobreaker 29-12-2008 08:04 AM
Yeah lol, that would probably do the trick. xD
I tried editing his code which is a bit harder... :P


All times are GMT -5. The time now is 04:12 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Copyright ©2006 - 2019 Twilight MU. All Rights Reserved