?
Solved

PHP redirection after loging in

Posted on 2009-02-13
54
Medium Priority
?
611 Views
Last Modified: 2013-11-19
Hello, I want to know how to make a script that will redirect my user after logging in to the page they was in.
Here is my log in page source code:
if (logged_in()) {
		redirect_to("staff.php");
	}
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				redirect_to("dashboard.php");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>

Open in new window

0
Comment
Question by:MrFahad
  • 28
  • 23
  • 3
54 Comments
 
LVL 5

Expert Comment

by:striker46
ID: 23635453
Have you tried adding the line:

header('Location:http://www.redirectedurl.com');
header('Location:http://www.redirectedurl.com');

Open in new window

0
 
LVL 3

Expert Comment

by:albrieu
ID: 23635492
Like say striker46: change the line 2 to:       header('Location:staff.php');


Like this:
if (logged_in()) {
             header('Location:staff.php');
        }
0
 

Author Comment

by:MrFahad
ID: 23635493
sorry, i forgot to add this, i want it to be dynamic. meaning that the header('Location:url') will dynamically change according to the page the user was previously.

Thank you
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 5

Expert Comment

by:striker46
ID: 23635573
You could get the current page url

curPageURL();

of the page where the user clicks on the login link; then pass the URL as a GET variable to the login page; then in the login page redirect the user to the URL contained in the GET variable read by the script.



0
 
LVL 5

Expert Comment

by:striker46
ID: 23635709
Add this function to the origin page, prior to the link to login:

function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}


The link to the login page, in the origin page, should be:

http://www.yourweb.com/login.php?url=<?= "curPageURL(); ?>


The redirection code would be like:

header("Location:$_GET['url']");

0
 

Author Comment

by:MrFahad
ID: 23635774
ok let's say the the user go to staff.php (require log in) he was redirected to login.php .

so i will put the curPageURL(); in staff.php and then pass the URL as a GET variable to the login page?

btw can u write the PHP code for the 2nd and 3rd step (pass the URL as a GET variable to the login page; then in the login page redirect the user to the URL contained in the GET variable read by the script.)

I'm new to PHP and my PHP is little rusty :p

Thank you sorry for taking time to response
0
 
LVL 5

Expert Comment

by:striker46
ID: 23635798
Sample of the link in any of the origin pages. Note that it builds a link like:

www.yourweb.com/login.php?url=http://www.yourweb.com/pageone.php

Then in the login code (one you posted above) add the already mentioned:

header("Location:$_GET['url']");


Which retrieves the url variable from the page URL and redirects the user there.
<? 
 
// Set full URL of login page
 
$loginurl = www.yoururl.com;
 
// Get origin URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
// Build link
 
$url = $loginurl . "?url=" . curPageURL();
 
echo $url;
 
?>
 
<a href="<? echo $url; ?>">login</a>

Open in new window

0
 
LVL 5

Expert Comment

by:striker46
ID: 23635818
(remove line 25 from the code above)
0
 
LVL 5

Expert Comment

by:striker46
ID: 23635875
I dump the code below, fixing a couple of missing " 

Notice that the code is to be put in two files: the first part to every page with a link to login, the second part is the header function you need to put in the code for processing the login

Let's see if it works

// PAGEONE.PHP
// This code builds login link for each page
// Simply modify accordingly the loginurl variable to point 
// to your login page.
 
 
<? 
 
// Set full URL of login page
 
$loginurl = "www.yoururl.com";
 
// Get origin URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
// Build link
 
$url = $loginurl . "?url=" . curPageURL();
 
echo $url;
 
?>
 
<a href="<? echo $url; ?>">login</a>
 
 
// LOGIN PHP
// This is the redirect, fetches the variable from the URL to
// know where the user came from
 
header("Location:$_GET['url']");

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23636284
I'm getting this error:


Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/checkhis/public_html/realestate/login.php on line 43
0
 
LVL 5

Expert Comment

by:striker46
ID: 23636352
Also the code below works to me. It creates a link like I told you.

Can you post the code of the login.php you just tested or it is the same line 43 in the code you posted in the question?
<? 
 
// Set full URL of login page
 
$loginurl = "http://www.yoururl.com";
 
// Get origin URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
// Build link
 
$url = $loginurl . "?url=" . curPageURL();
 
 
?>
 
<a href="<? echo $url; ?>">login</a>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23637400
I will post source code for 2 pages  1st one require log in and 2nd one is the log in page, can you please modify the code to make the script for the $loginurl you can use "login.php"


Here is the source code of 2 pages:
1) a page that requires log in
2) the log in page

Thank you very much for the help
1)<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php"); ?>
 
 
==========================================================================
 
2)<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
		redirect_to("staff.php");
	}
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
LVL 5

Expert Comment

by:striker46
ID: 23637430
Could I also see the code of the confirm_logged_in() function?
0
 
LVL 3

Expert Comment

by:albrieu
ID: 23638458
try someting like this

and add the function curPageURL()  to your punctions.php
1)
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php $_SESSION['cur_page']=curPageURL();?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 ?>
 
 
==========================================================================
 
2)<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
		if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
		{
			//if defined and not is blank
			header('Location: '.$_SESSION['cur_page'].'');
		}else{
			//redirect to the index page
			header('Location: index.php');
		}
	}
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23639199
I'm getting an error:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 8

here is how i wrote the function in functions.php:
function curPageURL() {
		
		header("Location:$_GET['url']");
	
	}

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23639203
i have added { } around $_GET['url']

and now it telling me this:

Fatal error: Cannot redeclare curpageurl() (previously declared in /Applications/MAMP/htdocs/realestate/asfasfasf.php:31) in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 10
function curPageURL() {
		
		header("Location: {$_GET['url']}");
	
	}

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23639209
this is my confir_logged_in() function:
	function confirm_logged_in() {
		if (!logged_in()) {
			redirect_to("login.php");
		}
	}

Open in new window

0
 
LVL 3

Expert Comment

by:albrieu
ID: 23639315
try this with:

in the login.php:

      if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 

 	function confirm_logged_in() {
               $_SESSION['cur_page']=curPageURL();
		if (!logged_in()) {
			redirect_to("login.php");
		}
	}

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23639342
This error come in the page that require log in

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/asfasfasf.php on line 32

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/asfasfasf.php on line 32

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/asfasfasf.php:32) in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 25
0
 

Author Comment

by:MrFahad
ID: 23639728
I will post the code to all the pages, please check what I'm doing wrong
i get this error:


Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 5


Thank you
                       asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
 ?>
 
=========================================================================
 
                               SESSION.PHP
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
============================================================================
 
                                functions.php
 
<?php
 
	function curPageURL() {
		
		header("Location:$_GET['url']");
	
	}
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23639745
i have added { } around $_GET['url']

and now it telling me this:

Fatal error: Cannot redeclare curpageurl() (previously declared in /Applications/MAMP/htdocs/realestate/asfasfasf.php:30) in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 7
function curPageURL() {
		
		header("Location: {$_GET['url']}");
	
	}

Open in new window

0
 
LVL 5

Expert Comment

by:striker46
ID: 23639933
Because you're redeclaring an already declared function (namely in the first and second files you posted, the function curPageURL()); remember that you're including the second file to the first already.

Give a try to the code below, slightly modified from that albrieu posted.

**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
<?
 
// Check if user is logged in, if not, redirect
 
confirm_logged_in();
 
?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
 
$url = curPageURL();
 
 ?>
 
=========================================================================
 
                               SESSION.PHP
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
============================================================================
 
                                functions.php
 
<?php 
 
function confirm_logged_in() {
		if (!logged_in()) {
			redirect_to("login.php" . "?url=" . $url);
		}
	}
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
LVL 5

Expert Comment

by:striker46
ID: 23639940
Wrong order, the code again:
**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
<?
$url = curPageURL();
 
// Check if user is logged in, if not, redirect
 
confirm_logged_in();
?>
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
=========================================================================
 
                               SESSION.PHP
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
============================================================================
 
                                functions.php
 
<?php 
 
function confirm_logged_in() {
		if (!logged_in()) {
			redirect_to("login.php" . "?url=" . $url);
		}
	}
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23639951
the page (asfasfasf.php) logs but show's this:

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 5

Fatal error: Call to undefined function logged_in() in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 4
0
 
LVL 5

Expert Comment

by:striker46
ID: 23640082
Let's see if now...


**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
=========================================================================
 
                               SESSION.PHP
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
session_start();
 
if ($_SESSION['login'] != "1" ) {
 
$goto = login.php" . "?url=" . $url);
 
header("Location: {$goto}");
 
exit();
 
}
 
 
 
 ?>
 
============================================================================
 
                                functions.php
 
<?php 
 
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if ($_SESSION['login'] == "1" ) {
            if(isset($_GET['url']) and $_GET['url']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_GET['url'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				
				$_SESSION['login'] = "1" 
				header("Location: $_GET['url']");
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23640158
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /Applications/MAMP/htdocs/realestate/includes/session.php on line 26
0
 

Author Comment

by:MrFahad
ID: 23640169
i found missing (" in like 26 and after adding the (" now it tells me:

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 7

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Notice: Undefined index: login in /Applications/MAMP/htdocs/realestate/includes/session.php on line 24

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 28


<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
session_start();
 
if ($_SESSION['login'] != "1" ) {
 
$goto = login.php" . "?url=" . $url);
 
header("Location: {$goto}");
 
exit();
 
}
 
 
 
 ?>

Open in new window

0
 
LVL 5

Expert Comment

by:striker46
ID: 23640182
There's no ( missing, it's the ) which shouldnt be there. Line should look like this:

$goto = login.php" . "?url=" . $url;


I don't think this is the problem but its also an issue
0
 
LVL 5

Expert Comment

by:striker46
ID: 23640189
$goto = "login.php" . "?url=" . $url;
0
 

Author Comment

by:MrFahad
ID: 23640204
nothing changed :(
0
 

Author Comment

by:MrFahad
ID: 23640210
do you know how they do it in vBulletin forum software
0
 

Author Comment

by:MrFahad
ID: 23641567
Help guys? please
0
 
LVL 5

Expert Comment

by:striker46
ID: 23641646
I fear there will be errors here too, but give it a try

(it is difficult to code when I cannot try it locally)

So tell us what errors pop out

 
**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
=========================================================================
 
                               SESSION.PHP
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
 
//check to make sure the session variable is registered
if($_SESSION['username'] != ""){
 
} else {
 
//the session variable isn't registered, send them back to the login page
 
$goto = 'login.php?url=' . $url;
 
header( "Location: $goto");
} 
 
 
 
 ?>
 
============================================================================
 
                                functions.php
 
<?php 
 
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
			
 				 //we will redirect the user to another page where we will make sure they're logged in
  				header( "Location: $_GET['url']" ); 
  				
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23641663
do you want me to send you the database and other things so you can test it locally or if you want i can upload it to my site
0
 
LVL 5

Expert Comment

by:striker46
ID: 23641671
If you send me the table structure of the table where the login info is stored into I can give it a try.
0
 

Author Comment

by:MrFahad
ID: 23641695
here are screen shots of my DB structure:
sss.jpg
0
 
LVL 5

Expert Comment

by:striker46
ID: 23641699
OK I will tell you when I've tried it
0
 

Author Comment

by:MrFahad
ID: 23641728
the page is showing up but this errors are there:

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 7

Notice: Undefined variable: _SESSION in /Applications/MAMP/htdocs/realestate/includes/session.php on line 24

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 32

Note: it is not detecting if I'm logged in or not

thank you
lokol.jpg
0
 
LVL 5

Expert Comment

by:striker46
ID: 23641765
I need the code of includes/form_functions.php, please
0
 

Author Comment

by:MrFahad
ID: 23641768
<?php
function check_required_fields($required_array) {
      $field_errors = array();
      foreach($required_array as $fieldname) {
            if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0)) {
                  $field_errors[] = $fieldname;
            }
      }
      return $field_errors;
}

function check_max_field_lengths($field_length_array) {
      $field_errors = array();
      foreach($field_length_array as $fieldname => $maxlength ) {
            if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $field_errors[] = $fieldname; }
      }
      return $field_errors;
}

function display_errors($error_array) {
      echo "<p class=\"errors\">";
      echo "Please review the following fields:<br />";
      foreach($error_array as $error) {
            echo " - " . $error . "<br />";
      }
      echo "</p>";
}

?>
0
 

Author Comment

by:MrFahad
ID: 23641771
here it is i'm not sure we need it
<?php
function check_required_fields($required_array) {
	$field_errors = array();
	foreach($required_array as $fieldname) {
		if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0)) { 
			$field_errors[] = $fieldname; 
		}
	}
	return $field_errors;
}
 
function check_max_field_lengths($field_length_array) {
	$field_errors = array();
	foreach($field_length_array as $fieldname => $maxlength ) {
		if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $field_errors[] = $fieldname; }
	}
	return $field_errors;
}
 
function display_errors($error_array) {
	echo "<p class=\"errors\">";
	echo "Please review the following fields:<br />";
	foreach($error_array as $error) {
		echo " - " . $error . "<br />";
	}
	echo "</p>";
}
 
?>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23641797
Note I'm not using this script anymore (using javascirpt now) and i was too lazy to delete it could it be the problem?
0
 
LVL 5

Expert Comment

by:striker46
ID: 23641857
No, it was not the problem. I deleted it too. Now i have the login working well but fixing this of returning to previous page...
0
 

Author Comment

by:MrFahad
ID: 23641868
ok thanks a lot pal you don't know how much this mean to me :D, i don't know how to thank you for all your afford to help me.
0
 
LVL 5

Accepted Solution

by:
striker46 earned 2000 total points
ID: 23641967
Got it to work in my local now.

Since it sets sessions, the login screen will appear until you login. Then will always consider you to be logged in until you restart browser. You can make a logout function to address this without having to close browser.


I post you the code you have to update below:

Let me know any problems or if you've finally got it to work ;)


LOGIN.PHP
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
 
	
 
	
	
	// START FORM PROCESSING
 
	
	if (isset($_POST['submit'])) { // Form has been submitted.
 
		$username = trim($_POST['username']);
		$password = trim($_POST['password']);
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			
			
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				
				session_start();
				
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
							
 				 //we will redirect the user to another page where we will make sure they're logged in
  				
 				$goto = urldecode($_POST['originurl']);
  				 header("Location: $goto");
  			   
  				
  			
  				
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			
			</table>
			<input type="hidden" name="originurl" value="<? echo $_GET['url']; ?>" />
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>
 
 
***************************************************************************************
SESSION.PHP
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
 session_start();
 
//check to make sure the session variable is registered
if(isset($_SESSION['username'])){
 
} else {
 
  //the session variable isn't registered, send them back to the login page
 
$goto = 'login.php?url=' . urlencode($url);
 
header( "Location: $goto");
 
} 
 
 
 
 ?>
 
 
**********************************************************
ASFASFASF.PHP
 
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="includes/update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>

Open in new window

0
 

Author Comment

by:MrFahad
ID: 23641978
ok please wait I'm checking it now
0
 

Author Comment

by:MrFahad
ID: 23641994
Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 7

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 33

:(

here is my code just to check if i copied everything correct, I'm also double checking now :
asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="includes/update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
--------------------------------------------------------------------------
session.php:
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
 session_start();
 
//check to make sure the session variable is registered
if(isset($_SESSION['username'])){
 
} else {
 
  //the session variable isn't registered, send them back to the login page
 
$goto = 'login.php?url=' . urlencode($url);
 
header( "Location: $goto");
 
} 
 
 
 
 ?>
=--------------------------------------------------------------------------=
login.php:
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
 
	
 
	
	
	// START FORM PROCESSING
 
	
	if (isset($_POST['submit'])) { // Form has been submitted.
 
		$username = trim($_POST['username']);
		$password = trim($_POST['password']);
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			
			
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				
				session_start();
				
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
							
 				 //we will redirect the user to another page where we will make sure they're logged in
  				
 				$goto = urldecode($_POST['originurl']);
  				 header("Location: $goto");
  			   
  				
  			
  				
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			
			</table>
			<input type="hidden" name="originurl" value="<? echo $_GET['url']; ?>" />
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>
 

Open in new window

0
 
LVL 5

Expert Comment

by:striker46
ID: 23642008
Do you use HTTPS at all or not? if not i will  remove part of code
0
 

Author Comment

by:MrFahad
ID: 23642026
lol i wanted to say that too, ok so i removed it. now it the redirection to login.php works but after logging in it keep me in login.php and show this error:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/realestate/includes/functions.php:2) in /Applications/MAMP/htdocs/realestate/login.php on line 34

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/functions.php:2) in /Applications/MAMP/htdocs/realestate/login.php on line 43

but note: it set the session
0
 
LVL 5

Expert Comment

by:striker46
ID: 23642028
Open session.php and replace:

// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}

With the code I post below
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http://';
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 
 return $pageURL;
}

Open in new window

0
 
LVL 5

Expert Comment

by:striker46
ID: 23642032
I didn't use the function causing the error in functions.php, so I think it's safe you remove it
Remove:

      function redirect_to( $location = NULL ) {
            if ($location != NULL) {
                  header("Location: {$location}");
                  exit;
            }
      }
0
 

Author Closing Comment

by:MrFahad
ID: 31546699
wooooohoooo  after 2 days of hard work striker did it thanks pal
0
 
LVL 5

Expert Comment

by:striker46
ID: 23642060
Glad to know it finally works, buddy

Now I take a well deserved rest! ;)
0
 

Author Comment

by:MrFahad
ID: 23642064
but don't let it be too long i still have other stuff to do :p but i will go to sleep now as it's mid-night here

take care
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question