OK I am trying to figure out what to put on every page that I want to be protected from just anyone viewing....... If the some how get to one of these pages I want them redirected to the login page.... Here is the user auth functions I have.......
<!-- Xplode Functions -->
<?php
require_once'conn_func.php';
?>
<?php
$supersecret_hash_padding = 'A string that is used to pad out short strings for md5 encryption.';
$LOGGED_IN = false;
unset($LOGGED_IN);
function user_isloggedin() {
global $supersecret_hash_padding, $LOGGED_IN;
if (isset($LOGGED_IN) and !empty($LOGGED_IN)) {
return $LOGGED_IN;
}
if ($_COOKIE['user_name'] && $_COOKIE['id_hash']) {
$hash = md5($_COOKIE['user_name'].$supersecret_hash_padding);
if ($hash == $_COOKIE['id_hash']) {
return true;
} else {
return false;
}
} else {
return false;
}
}
function user_login() {
$conn = db_connect();
if (!$_POST['user_name'] || !$_POST['pass']){
$feedback = 'ERROR--Missing username or password';
return $feedback;
} else {
$user_name = strtolower($_POST['user_name']);
$pass = md5($_POST['pass']);
$query = "SELECT *
FROM db_users
WHERE user_name = '$user_name'
AND pass='$pass'";
$result = mysql_query($query) or die("query failed!!".mysql_error());
if (!$result || mysql_num_rows($result) < 1) {
$feedback = 'ERROR--User not found or password incorrect.';
return $feedback;
} else {
user_set_tokens($user_name);
return true;
}
}
}
function user_logout() {
setcookie('user_name', '', time() + (60 * 60 * 24), '/', '', 0);
setcookie('id_hash', '', time() + (60 * 60 * 24), '/', '', 0);
}
function user_set_tokens($user_name_in) {
global $supersecret_hash_padding;
if (!$user_name_in) {
$feedback = 'ERROR--No username';
return false;
}
$user_name = strtolower($user_name_in);
$id_hash = md5($user_name.$supersecret_hash_padding);
setcookie('user_name', $user_name, time() + (60 * 60 * 24), '/', '', 0);
setcookie('id_hash', $id_hash, time() + (60 * 60 * 24), '/', '', 0);
}
?>You could use this, I use this on my site...
include("login_page.php");
exit();OK so when I do that all I get is the log in screen even when I type in the right information.... so what do I need to add to the code in order for it to let me see the real page......All I have is a little check with an if function...
if($username == $username1 AND $password == $password1)
{
$flag = true;
echo "Your in...";
} else {
echo "Login Failes<br /><br />";
include("login.php");
exit();
}
<!-- Xplode Functions -->
<?php
require_once'conn_func.php';
?>
<?php
$supersecret_hash_padding = 'A string that is used to pad out short strings for md5 encryption.';
$LOGGED_IN = false;
unset($LOGGED_IN);
function user_isloggedin() {
global $supersecret_hash_padding, $LOGGED_IN;
if (isset($LOGGED_IN) and !empty($LOGGED_IN)) {
return $LOGGED_IN;
}
if ($_COOKIE['user_name'] && $_COOKIE['id_hash']) {
$hash = md5($_COOKIE['user_name'].$supersecret_hash_padding);
if ($hash == $_COOKIE['id_hash']) {
return true;
} else {
return false;
}
} else {
return false;
}
}
function user_login() {
$conn = db_connect();
if (!$_POST['user_name'] || !$_POST['pass']){
$feedback = 'ERROR--Missing username or password';
return $feedback;
} else {
$user_name = strtolower($_POST['user_name']);
$pass = md5($_POST['pass']);
$query = "SELECT *
FROM db_users
WHERE user_name = '$user_name'
AND pass='$pass'";
$result = mysql_query($query) or die("query failed!!".mysql_error());
if (!$result || mysql_num_rows($result) < 1) {
$feedback = 'ERROR--User not found or password incorrect.';
return $feedback;
} else {
user_set_tokens($user_name);
return true;
}
}
}
function user_logout() {
setcookie('user_name', '', time() + (60 * 60 * 24), '/', '', 0);
setcookie('id_hash', '', time() + (60 * 60 * 24), '/', '', 0);
}
function user_set_tokens($user_name_in) {
global $supersecret_hash_padding;
if (!$user_name_in) {
$feedback = 'ERROR--No username';
return false;
}
$user_name = strtolower($user_name_in);
$id_hash = md5($user_name.$supersecret_hash_padding);
setcookie('user_name', $user_name, time() + (60 * 60 * 24), '/', '', 0);
setcookie('id_hash', $id_hash, time() + (60 * 60 * 24), '/', '', 0);
}
?>You could use this, I use this on my site...
include("login_page.php");
exit();OK so when I do that all I get is the log in screen even when I type in the right information.... so what do I need to add to the code in order for it to let me see the real page......All I have is a little check with an if function...
if($username == $username1 AND $password == $password1)
{
$flag = true;
echo "Your in...";
} else {
echo "Login Failes<br /><br />";
include("login.php");
exit();
}