PHP redirection after loging in

Hello, I want to know how to make a script that will redirect my user after logging in to the page they was in.
Here is my log in page source code:
if (logged_in()) {
		redirect_to("staff.php");
	}
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				redirect_to("dashboard.php");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>

Open in new window

MrFahadAsked:
Who is Participating?
 
striker46Commented:
Got it to work in my local now.

Since it sets sessions, the login screen will appear until you login. Then will always consider you to be logged in until you restart browser. You can make a logout function to address this without having to close browser.


I post you the code you have to update below:

Let me know any problems or if you've finally got it to work ;)


LOGIN.PHP
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
 
	
 
	
	
	// START FORM PROCESSING
 
	
	if (isset($_POST['submit'])) { // Form has been submitted.
 
		$username = trim($_POST['username']);
		$password = trim($_POST['password']);
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			
			
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				
				session_start();
				
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
							
 				 //we will redirect the user to another page where we will make sure they're logged in
  				
 				$goto = urldecode($_POST['originurl']);
  				 header("Location: $goto");
  			   
  				
  			
  				
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			
			</table>
			<input type="hidden" name="originurl" value="<? echo $_GET['url']; ?>" />
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>
 
 
***************************************************************************************
SESSION.PHP
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
 session_start();
 
//check to make sure the session variable is registered
if(isset($_SESSION['username'])){
 
} else {
 
  //the session variable isn't registered, send them back to the login page
 
$goto = 'login.php?url=' . urlencode($url);
 
header( "Location: $goto");
 
} 
 
 
 
 ?>
 
 
**********************************************************
ASFASFASF.PHP
 
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="includes/update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>

Open in new window

0
 
striker46Commented:
Have you tried adding the line:

header('Location:http://www.redirectedurl.com');
header('Location:http://www.redirectedurl.com');

Open in new window

0
 
albrieuCommented:
Like say striker46: change the line 2 to:       header('Location:staff.php');


Like this:
if (logged_in()) {
             header('Location:staff.php');
        }
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
MrFahadAuthor Commented:
sorry, i forgot to add this, i want it to be dynamic. meaning that the header('Location:url') will dynamically change according to the page the user was previously.

Thank you
0
 
striker46Commented:
You could get the current page url

curPageURL();

of the page where the user clicks on the login link; then pass the URL as a GET variable to the login page; then in the login page redirect the user to the URL contained in the GET variable read by the script.



0
 
striker46Commented:
Add this function to the origin page, prior to the link to login:

function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}


The link to the login page, in the origin page, should be:

http://www.yourweb.com/login.php?url=<?= "curPageURL(); ?>


The redirection code would be like:

header("Location:$_GET['url']");

0
 
MrFahadAuthor Commented:
ok let's say the the user go to staff.php (require log in) he was redirected to login.php .

so i will put the curPageURL(); in staff.php and then pass the URL as a GET variable to the login page?

btw can u write the PHP code for the 2nd and 3rd step (pass the URL as a GET variable to the login page; then in the login page redirect the user to the URL contained in the GET variable read by the script.)

I'm new to PHP and my PHP is little rusty :p

Thank you sorry for taking time to response
0
 
striker46Commented:
Sample of the link in any of the origin pages. Note that it builds a link like:

www.yourweb.com/login.php?url=http://www.yourweb.com/pageone.php

Then in the login code (one you posted above) add the already mentioned:

header("Location:$_GET['url']");


Which retrieves the url variable from the page URL and redirects the user there.
<? 
 
// Set full URL of login page
 
$loginurl = www.yoururl.com;
 
// Get origin URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
// Build link
 
$url = $loginurl . "?url=" . curPageURL();
 
echo $url;
 
?>
 
<a href="<? echo $url; ?>">login</a>

Open in new window

0
 
striker46Commented:
(remove line 25 from the code above)
0
 
striker46Commented:
I dump the code below, fixing a couple of missing " 

Notice that the code is to be put in two files: the first part to every page with a link to login, the second part is the header function you need to put in the code for processing the login

Let's see if it works

// PAGEONE.PHP
// This code builds login link for each page
// Simply modify accordingly the loginurl variable to point 
// to your login page.
 
 
<? 
 
// Set full URL of login page
 
$loginurl = "www.yoururl.com";
 
// Get origin URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
// Build link
 
$url = $loginurl . "?url=" . curPageURL();
 
echo $url;
 
?>
 
<a href="<? echo $url; ?>">login</a>
 
 
// LOGIN PHP
// This is the redirect, fetches the variable from the URL to
// know where the user came from
 
header("Location:$_GET['url']");

Open in new window

0
 
MrFahadAuthor Commented:
I'm getting this error:


Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/checkhis/public_html/realestate/login.php on line 43
0
 
striker46Commented:
Also the code below works to me. It creates a link like I told you.

Can you post the code of the login.php you just tested or it is the same line 43 in the code you posted in the question?
<? 
 
// Set full URL of login page
 
$loginurl = "http://www.yoururl.com";
 
// Get origin URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
// Build link
 
$url = $loginurl . "?url=" . curPageURL();
 
 
?>
 
<a href="<? echo $url; ?>">login</a>

Open in new window

0
 
MrFahadAuthor Commented:
I will post source code for 2 pages  1st one require log in and 2nd one is the log in page, can you please modify the code to make the script for the $loginurl you can use "login.php"


Here is the source code of 2 pages:
1) a page that requires log in
2) the log in page

Thank you very much for the help
1)<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php"); ?>
 
 
==========================================================================
 
2)<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
		redirect_to("staff.php");
	}
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
striker46Commented:
Could I also see the code of the confirm_logged_in() function?
0
 
albrieuCommented:
try someting like this

and add the function curPageURL()  to your punctions.php
1)
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php $_SESSION['cur_page']=curPageURL();?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 ?>
 
 
==========================================================================
 
2)<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
		if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
		{
			//if defined and not is blank
			header('Location: '.$_SESSION['cur_page'].'');
		}else{
			//redirect to the index page
			header('Location: index.php');
		}
	}
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
MrFahadAuthor Commented:
I'm getting an error:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 8

here is how i wrote the function in functions.php:
function curPageURL() {
		
		header("Location:$_GET['url']");
	
	}

Open in new window

0
 
MrFahadAuthor Commented:
i have added { } around $_GET['url']

and now it telling me this:

Fatal error: Cannot redeclare curpageurl() (previously declared in /Applications/MAMP/htdocs/realestate/asfasfasf.php:31) in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 10
function curPageURL() {
		
		header("Location: {$_GET['url']}");
	
	}

Open in new window

0
 
MrFahadAuthor Commented:
this is my confir_logged_in() function:
	function confirm_logged_in() {
		if (!logged_in()) {
			redirect_to("login.php");
		}
	}

Open in new window

0
 
albrieuCommented:
try this with:

in the login.php:

      if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 

 	function confirm_logged_in() {
               $_SESSION['cur_page']=curPageURL();
		if (!logged_in()) {
			redirect_to("login.php");
		}
	}

Open in new window

0
 
MrFahadAuthor Commented:
This error come in the page that require log in

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/asfasfasf.php on line 32

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/asfasfasf.php on line 32

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/asfasfasf.php:32) in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 25
0
 
MrFahadAuthor Commented:
I will post the code to all the pages, please check what I'm doing wrong
i get this error:


Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 5


Thank you
                       asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
 ?>
 
=========================================================================
 
                               SESSION.PHP
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
============================================================================
 
                                functions.php
 
<?php
 
	function curPageURL() {
		
		header("Location:$_GET['url']");
	
	}
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
MrFahadAuthor Commented:
i have added { } around $_GET['url']

and now it telling me this:

Fatal error: Cannot redeclare curpageurl() (previously declared in /Applications/MAMP/htdocs/realestate/asfasfasf.php:30) in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 7
function curPageURL() {
		
		header("Location: {$_GET['url']}");
	
	}

Open in new window

0
 
striker46Commented:
Because you're redeclaring an already declared function (namely in the first and second files you posted, the function curPageURL()); remember that you're including the second file to the first already.

Give a try to the code below, slightly modified from that albrieu posted.

**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php include("includes/header.php"); ?>
 
<?
 
// Check if user is logged in, if not, redirect
 
confirm_logged_in();
 
?>
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
 
$url = curPageURL();
 
 ?>
 
=========================================================================
 
                               SESSION.PHP
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
============================================================================
 
                                functions.php
 
<?php 
 
function confirm_logged_in() {
		if (!logged_in()) {
			redirect_to("login.php" . "?url=" . $url);
		}
	}
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
striker46Commented:
Wrong order, the code again:
**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
<?
$url = curPageURL();
 
// Check if user is logged in, if not, redirect
 
confirm_logged_in();
?>
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
=========================================================================
 
                               SESSION.PHP
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
 
============================================================================
 
                                functions.php
 
<?php 
 
function confirm_logged_in() {
		if (!logged_in()) {
			redirect_to("login.php" . "?url=" . $url);
		}
	}
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if (logged_in()) {
            if(isset($_SESSION['cur_page']) and $_SESSION['cur_page']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_SESSION['cur_page'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				header("Location:$_GET['url']");
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
MrFahadAuthor Commented:
the page (asfasfasf.php) logs but show's this:

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 5

Fatal error: Call to undefined function logged_in() in /Applications/MAMP/htdocs/realestate/includes/functions.php on line 4
0
 
striker46Commented:
Let's see if now...


**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
=========================================================================
 
                               SESSION.PHP
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
session_start();
 
if ($_SESSION['login'] != "1" ) {
 
$goto = login.php" . "?url=" . $url);
 
header("Location: {$goto}");
 
exit();
 
}
 
 
 
 ?>
 
============================================================================
 
                                functions.php
 
<?php 
 
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	if ($_SESSION['login'] == "1" ) {
            if(isset($_GET['url']) and $_GET['url']!='')
            {
                  //if defined and not is blank
                  header('Location: '.$_GET['url'].'');
            }else{
                  //redirect to the index page
                  header('Location: index.php');
            }
      }
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
				
				$_SESSION['login'] = "1" 
				header("Location: $_GET['url']");
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
MrFahadAuthor Commented:
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /Applications/MAMP/htdocs/realestate/includes/session.php on line 26
0
 
MrFahadAuthor Commented:
i found missing (" in like 26 and after adding the (" now it tells me:

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 7

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Notice: Undefined index: login in /Applications/MAMP/htdocs/realestate/includes/session.php on line 24

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 28


<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
session_start();
 
if ($_SESSION['login'] != "1" ) {
 
$goto = login.php" . "?url=" . $url);
 
header("Location: {$goto}");
 
exit();
 
}
 
 
 
 ?>

Open in new window

0
 
striker46Commented:
There's no ( missing, it's the ) which shouldnt be there. Line should look like this:

$goto = login.php" . "?url=" . $url;


I don't think this is the problem but its also an issue
0
 
striker46Commented:
$goto = "login.php" . "?url=" . $url;
0
 
MrFahadAuthor Commented:
nothing changed :(
0
 
MrFahadAuthor Commented:
do you know how they do it in vBulletin forum software
0
 
MrFahadAuthor Commented:
Help guys? please
0
 
striker46Commented:
I fear there will be errors here too, but give it a try

(it is difficult to code when I cannot try it locally)

So tell us what errors pop out

 
**************************************************************
 
        asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
=========================================================================
 
                               SESSION.PHP
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
 
//check to make sure the session variable is registered
if($_SESSION['username'] != ""){
 
} else {
 
//the session variable isn't registered, send them back to the login page
 
$goto = 'login.php?url=' . $url;
 
header( "Location: $goto");
} 
 
 
 
 ?>
 
============================================================================
 
                                functions.php
 
<?php 
 
 
 
	function redirect_to( $location = NULL ) {
		if ($location != NULL) {
			header("Location: {$location}");
			exit;
		}
	}
 
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	
	
?>
 
============================================================================
 
                             login.php
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
 
	include_once("includes/form_functions.php");
	
	// START FORM PROCESSING
	if (isset($_POST['submit'])) { // Form has been submitted.
		$errors = array();
 
		// perform validations on the form data
		$required_fields = array('username', 'password');
		$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
 
		$fields_with_lengths = array('username' => 30, 'password' => 30);
		$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
 
		$username = trim(mysql_prep($_POST['username']));
		$password = trim(mysql_prep($_POST['password']));
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
			
 				 //we will redirect the user to another page where we will make sure they're logged in
  				header( "Location: $_GET['url']" ); 
  				
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			</table>
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>

Open in new window

0
 
MrFahadAuthor Commented:
do you want me to send you the database and other things so you can test it locally or if you want i can upload it to my site
0
 
striker46Commented:
If you send me the table structure of the table where the login info is stored into I can give it a try.
0
 
MrFahadAuthor Commented:
here are screen shots of my DB structure:
sss.jpg
0
 
striker46Commented:
OK I will tell you when I've tried it
0
 
MrFahadAuthor Commented:
the page is showing up but this errors are there:

Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 7

Notice: Undefined variable: _SESSION in /Applications/MAMP/htdocs/realestate/includes/session.php on line 24

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 32

Note: it is not detecting if I'm logged in or not

thank you
lokol.jpg
0
 
striker46Commented:
I need the code of includes/form_functions.php, please
0
 
MrFahadAuthor Commented:
<?php
function check_required_fields($required_array) {
      $field_errors = array();
      foreach($required_array as $fieldname) {
            if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0)) {
                  $field_errors[] = $fieldname;
            }
      }
      return $field_errors;
}

function check_max_field_lengths($field_length_array) {
      $field_errors = array();
      foreach($field_length_array as $fieldname => $maxlength ) {
            if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $field_errors[] = $fieldname; }
      }
      return $field_errors;
}

function display_errors($error_array) {
      echo "<p class=\"errors\">";
      echo "Please review the following fields:<br />";
      foreach($error_array as $error) {
            echo " - " . $error . "<br />";
      }
      echo "</p>";
}

?>
0
 
MrFahadAuthor Commented:
here it is i'm not sure we need it
<?php
function check_required_fields($required_array) {
	$field_errors = array();
	foreach($required_array as $fieldname) {
		if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] != 0)) { 
			$field_errors[] = $fieldname; 
		}
	}
	return $field_errors;
}
 
function check_max_field_lengths($field_length_array) {
	$field_errors = array();
	foreach($field_length_array as $fieldname => $maxlength ) {
		if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $field_errors[] = $fieldname; }
	}
	return $field_errors;
}
 
function display_errors($error_array) {
	echo "<p class=\"errors\">";
	echo "Please review the following fields:<br />";
	foreach($error_array as $error) {
		echo " - " . $error . "<br />";
	}
	echo "</p>";
}
 
?>

Open in new window

0
 
MrFahadAuthor Commented:
Note I'm not using this script anymore (using javascirpt now) and i was too lazy to delete it could it be the problem?
0
 
striker46Commented:
No, it was not the problem. I deleted it too. Now i have the login working well but fixing this of returning to previous page...
0
 
MrFahadAuthor Commented:
ok thanks a lot pal you don't know how much this mean to me :D, i don't know how to thank you for all your afford to help me.
0
 
MrFahadAuthor Commented:
ok please wait I'm checking it now
0
 
MrFahadAuthor Commented:
Notice: Undefined index: HTTPS in /Applications/MAMP/htdocs/realestate/includes/session.php on line 7

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 22

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/session.php:7) in /Applications/MAMP/htdocs/realestate/includes/session.php on line 33

:(

here is my code just to check if i copied everything correct, I'm also double checking now :
asfasfasf.php
 
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php include("includes/header.php"); ?>
 
 
 
 
 
		<td id="page">
			<h2>Amend Property</h2>
            <form method="POST" action="includes/update_property.php">
<table>
<col span="1" align="right">
<tr>
<td>Property ID to Update:</td>
<td><input type="text" name="Propertyid" size=10></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
 
			
		</td>
	</tr>
</table>
<?php require("includes/footer.php");
?>
 
--------------------------------------------------------------------------
session.php:
 
<?
 
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
 
$url = curPageURL();
 
 
// Check if user is logged in, if not, redirect
 
 session_start();
 
//check to make sure the session variable is registered
if(isset($_SESSION['username'])){
 
} else {
 
  //the session variable isn't registered, send them back to the login page
 
$goto = 'login.php?url=' . urlencode($url);
 
header( "Location: $goto");
 
} 
 
 
 
 ?>
=--------------------------------------------------------------------------=
login.php:
 
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
 
	
 
	
	
	// START FORM PROCESSING
 
	
	if (isset($_POST['submit'])) { // Form has been submitted.
 
		$username = trim($_POST['username']);
		$password = trim($_POST['password']);
		$hashed_password = sha1($password);
		
		if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			
			
			$query = "SELECT id, username ";
			$query .= "FROM users ";
			$query .= "WHERE username = '{$username}' ";
			$query .= "AND hashed_password = '{$hashed_password}' ";
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				$found_user = mysql_fetch_array($result_set);
				
				session_start();
				
				$_SESSION['user_id'] = $found_user['id'];
				$_SESSION['username'] = $found_user['username'];
				
							
 				 //we will redirect the user to another page where we will make sure they're logged in
  				
 				$goto = urldecode($_POST['originurl']);
  				 header("Location: $goto");
  			   
  				
  			
  				
			
			} else {
				// username/password combo was not found in the database
				$message = "Username/password combination incorrect.<br />
					Please make sure your caps lock key is off and try again.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}
		
	} else { // Form has not been submitted.
		if (isset($_GET['logout']) && $_GET['logout'] == 1) {
			$message = "You are now logged out.";
		} 
		$username = "";
		$password = "";
	}
?>
<?php include("includes/header.php"); ?>
 
		<td id="page">
			<h2>Staff Login</h2>
			<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
			<?php if (!empty($errors)) { display_errors($errors); } ?>
			<form action="login.php" method="post">
			<table>
				<tr>
					<td>Username:</td>
					<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
				</tr>
			
			</table>
			<input type="hidden" name="originurl" value="<? echo $_GET['url']; ?>" />
			</form>
		</td>
	</tr>
</table>
<?php include("includes/footer.php"); ?>
 

Open in new window

0
 
striker46Commented:
Do you use HTTPS at all or not? if not i will  remove part of code
0
 
MrFahadAuthor Commented:
lol i wanted to say that too, ok so i removed it. now it the redirection to login.php works but after logging in it keep me in login.php and show this error:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/realestate/includes/functions.php:2) in /Applications/MAMP/htdocs/realestate/login.php on line 34

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/realestate/includes/functions.php:2) in /Applications/MAMP/htdocs/realestate/login.php on line 43

but note: it set the session
0
 
striker46Commented:
Open session.php and replace:

// Get current page URL
 
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}

With the code I post below
// Get current page URL
 
function curPageURL() {
 $pageURL = 'http://';
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 
 return $pageURL;
}

Open in new window

0
 
striker46Commented:
I didn't use the function causing the error in functions.php, so I think it's safe you remove it
Remove:

      function redirect_to( $location = NULL ) {
            if ($location != NULL) {
                  header("Location: {$location}");
                  exit;
            }
      }
0
 
MrFahadAuthor Commented:
wooooohoooo  after 2 days of hard work striker did it thanks pal
0
 
striker46Commented:
Glad to know it finally works, buddy

Now I take a well deserved rest! ;)
0
 
MrFahadAuthor Commented:
but don't let it be too long i still have other stuff to do :p but i will go to sleep now as it's mid-night here

take care
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.