| check user log and redirect [message #174485] |
Tue, 14 June 2011 19:51  |
Co
Messages: 75
Registered: May 2011
Karma:
|
Member |
|
|
Hi All,
I know Jerry will have comments again but I will post my question
anyway.
I have this code that checks if the user is logged in and if not it
should direct him to the login page.
However when I am not logged in I can still go to pages which I am not
supposed to go.
I tried to understand what the code is doing but I don't follow.
Can someone have a look at my code and tell me why I can still go to
restricted pages?
<?php
session_start(); // Start Session First Thing
// Force script errors and warnings to show on page in case php.ini
file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//------------------------------------------------------------------------- ----------------------------------------------------------
include_once "connect_to_mysql.php"; // Connect to the database
$dyn_www = $_SERVER['HTTP_HOST']; // Dynamic www.domainName available
now to you in all of your scripts that include this file
//------ CHECK IF THE USER IS LOGGED IN OR NOT AND GIVE APPROPRIATE
OUTPUT -------
$logOptions = ''; // Initialize the logOptions variable that gets
printed to the page
// If the session variable and cookie variable are not set this code
runs
if (!isset($_SESSION['idx'])) {
if (!isset($_COOKIE['idCookie'])) {
$logOptions = '<a href="http://' . $dyn_www . '/Web_Intersect/
register.php">Register Account</a>
|
<a href="http://' . $dyn_www . '/Web_Intersect/login.php">Log In</
a>';
}
}
// If session ID is set for logged in user without cookies remember me
feature set
if (isset($_SESSION['idx'])) {
$decryptedID = base64_decode($_SESSION['idx']);
$id_array = explode("p3h9xfn8sq03hs2234", $decryptedID);
$logOptions_id = $id_array[1];
$logOptions_username = $_SESSION['username'];
$logOptions_username = substr('' . $logOptions_username . '', 0,
15); // cut user name down in length if too long
// Check if this user has any new PMs and construct which envelope to
show
$sql_pm_check = mysql_query("SELECT id FROM private_messages WHERE
to_id='$logOptions_id' AND opened='0' LIMIT 1");
$num_new_pm = mysql_num_rows($sql_pm_check);
if ($num_new_pm > 0) {
$PM_envelope = '<a href="/Web_Intersect/pm_inbox.php"><img src="/
Web_Intersect/images/pm2.gif" width="18" height="11" alt="PM"
border="0"/></a>';
} else {
$PM_envelope = '<a href="/Web_Intersect/pm_inbox.php"><img src="/
Web_Intersect/images/pm1.gif" width="18" height="11" alt="PM"
border="0"/></a>';
}
// Ready the output for this logged in user
$logOptions = $PM_envelope . ' |
<a href="http://' . $dyn_www . '/Web_Intersect/">Home</a>
|
<a href="http://' . $dyn_www . '/Web_Intersect/profile.php?id=' .
$logOptions_id . '">Profile</a>
|
<div class="dc"><a href="#" onclick="return false"><img src="/
Web_Intersect/images/darr.gif" width="10" height="5" alt="Account
Options" border="0"/></a>
<ul>
<li><a href="http://' . $dyn_www . '/Web_Intersect/
edit_profile.php">Account Options</a></li>
<li><a href="http://' . $dyn_www . '/Web_Intersect/pm_inbox.php">Inbox
Messages</a></li>
<li><a href="http://' . $dyn_www . '/Web_Intersect/
pm_sentbox.php">Sent Messages</a></li>
<li><a href="http://' . $dyn_www . '/Web_Intersect/logout.php">Log
Out</a></li>
</ul>
</div>
';
} else if (isset($_COOKIE['idCookie'])) {// If id cookie is set, but
no session ID is set yet, we set it below and update stuff
$decryptedID = base64_decode($_COOKIE['idCookie']);
$id_array = explode("nm2c0c4y3dn3727553", $decryptedID);
$userID = $id_array[1];
$userPass = $_COOKIE['passCookie'];
// Get their user first name to set into session var
$sql_uname = mysql_query("SELECT username, email FROM myMembers
WHERE id='$userID' AND password='$userPass' LIMIT 1");
$numRows = mysql_num_rows($sql_uname);
if ($numRows == 0) {
// Kill their cookies and send them back to homepage if they have
cookie set but are not a member any longer
setcookie("idCookie", '', time()-42000, '/');
setcookie("passCookie", '', time()-42000, '/');
header("location: index.php"); // << makes the script send them to
any page we set
exit();
}
while($row = mysql_fetch_array($sql_uname)){
$username = $row["username"];
$useremail = $row["email"];
}
$_SESSION['id'] = $userID; // now add the value we need to the
session variable
$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$userID");
$_SESSION['username'] = $username;
$_SESSION['useremail'] = $useremail;
$_SESSION['userpass'] = $userPass;
$logOptions_id = $userID;
$logOptions_uname = $username;
$logOptions_uname = substr('' . $logOptions_uname . '', 0, 15);
/////////// Update Last Login Date
Field /////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////
mysql_query("UPDATE myMembers SET last_log_date=now(), logged='1'
WHERE id='$logOptions_id'");
// Ready the output for this logged in user
// Check if this user has any new PMs and construct which envelope
to show
$sql_pm_check = mysql_query("SELECT id FROM private_messages WHERE
to_id='$logOptions_id' AND opened='0' LIMIT 1");
$num_new_pm = mysql_num_rows($sql_pm_check);
if ($num_new_pm > 0) {
$PM_envelope = '<a href="pm_inbox.php"><img src="images/pm2.gif"
width="18" height="11" alt="PM" border="0"/></a>';
} else {
$PM_envelope = '<a href="pm_inbox.php"><img src="images/pm1.gif"
width="18" height="11" alt="PM" border="0"/></a>';
}
// Ready the output for this logged in user
$logOptions = $PM_envelope . '
<!--<a href="http://' . $dyn_www . '/Web_Intersect">Home</a>
| -->
<a href="http://' . $dyn_www . '/Web_Intersect/profile.php?id=' .
$logOptions_id . '">Profile</a>
|
<div class="dc">
<a href="#" onclick="return false">Account <img src="' .
$dyn_www . '/Web_Intersect/images/darr.gif" width="10" height="5"
alt="Account Options" border="0"/></a>
<ul>
<li><a href="http://' . $dyn_www . '/Web_Intersect/
edit_profile.php">Account Options</a></li>
<li><a href="http://' . $dyn_www . '/Web_Intersect/pm_inbox.php">Inbox
Messages</a></li>
<li><a href="http://' . $dyn_www . '/Web_Intersect/
pm_sentbox.php">Sent Messages</a></li>
<li><a href="http://' . $dyn_www . '/Web_Intersect/logout.php">Log
Out</a></li>
</ul>
</div>';
}
?>
Regards
Marco
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]