tanbou1
04-12-2004, 08:56 PM
I am completely new to PHP. I am trying to create a project for myself in which to learn. I have modified a free authentication script to create a small site where my old high school classmates can get contact information and current events. I have everything working but cannot figure out how and where to place the PHP to make session handling work. I want it so that people aren't having to log over and over during the same visit. i've tried every concievable means i can think of to get this to work and it's not happening. any assistance would be much appreciated.
The way my scripts work are this:
User logs in here in this html page:
<HTML>
<HEAD>
<TITLE>UNTITLED</TITLE>
</HEAD>
<LINK href="authorize.css" type=text/css rel=stylesheet>
<script src=scripts.js></script>
<BODY>
<br><br><br>
Entrance for registered users, they will be refered to page haha.htm<br>
<form action=login.php method=post>
<input type=hidden name=entrance>
Login<input type=text name=username>
Password<input type=password name=password>
<input type=submit value=Enter class=button1>
</form>
<tr>
<td>
</BODY>
</HTML>
The user is then sent to this php login page. This page handles many functions of the site updating user data, adding users ect...this particular function being signed into is to display all entries in the database:
<LINK href="authorize.css" type=text/css rel=stylesheet>
<script src=scripts.js></script>
<?
require("setup.php");
$link=mysql_connect("", "$dblog", "$dbpass");
if (!$link) die ("Couldn't connect to MySQL");
mysql_select_db("$admin_db",$link) or die (mysql_error(). " : ".mysql_errno());
$referer=getenv("HTTP_REFERER");
if (!ereg("^$admin_url_tmp",$referer))
{
echo "<br><br><br><blockquote><p>Please, enter from <a href=$admin_url>$admin_url</a></p></blockquote>";
exit;
}
mt_srand(time()); //obiazatel'no, inache ne rabotaet r****mally
$result = mt_rand(1, 10000)/7; // disable cache
// to update user data
if (isset($enter))
{
include ('header.inc');
include("enter.php");
}
//to enter to display database page
if (isset($entrance))
{
include("entrance.php");
}
//to add user
if (isset($adduser))
{
include ('header.inc');
include ("adduser.php");
}
if (isset($show)) //show or remove users
{
if (($admin_login !=$admin_login_compare) || ($admin_password !=$admin_password_compare))
{ print "<br><br><br><blockquote><p>You are not authorized for this action. You must first make a username and password.</p></blockquote>" ; exit; }
else
include("showusers.php");
}
if (isset($forgotlogin))
{
include ('header.inc');
include ("forgotlogin.php");
}
?>
They are in turn sent to this script:
<?
$sql = "SELECT *FROM users WHERE login='$username' and password='$password'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_numrows($result);
if ($num == 1) {
$day1=date(d);
$month1=date(m);
$year1=date(Y);
$last_date1=$year1."-".$month1."-".$day1;
$lstdate = "update users set last_date='$last_date1' where login='$username'";
$tmp = mysql_query($lstdate) or die("Couldn't execute query");
echo "Hello, $username<br>";
include ("$admin_page");
}
else if ($num == 0) {
echo "You are not authorized!"; // if user not exist
}
// exit;
?>
The way my scripts work are this:
User logs in here in this html page:
<HTML>
<HEAD>
<TITLE>UNTITLED</TITLE>
</HEAD>
<LINK href="authorize.css" type=text/css rel=stylesheet>
<script src=scripts.js></script>
<BODY>
<br><br><br>
Entrance for registered users, they will be refered to page haha.htm<br>
<form action=login.php method=post>
<input type=hidden name=entrance>
Login<input type=text name=username>
Password<input type=password name=password>
<input type=submit value=Enter class=button1>
</form>
<tr>
<td>
</BODY>
</HTML>
The user is then sent to this php login page. This page handles many functions of the site updating user data, adding users ect...this particular function being signed into is to display all entries in the database:
<LINK href="authorize.css" type=text/css rel=stylesheet>
<script src=scripts.js></script>
<?
require("setup.php");
$link=mysql_connect("", "$dblog", "$dbpass");
if (!$link) die ("Couldn't connect to MySQL");
mysql_select_db("$admin_db",$link) or die (mysql_error(). " : ".mysql_errno());
$referer=getenv("HTTP_REFERER");
if (!ereg("^$admin_url_tmp",$referer))
{
echo "<br><br><br><blockquote><p>Please, enter from <a href=$admin_url>$admin_url</a></p></blockquote>";
exit;
}
mt_srand(time()); //obiazatel'no, inache ne rabotaet r****mally
$result = mt_rand(1, 10000)/7; // disable cache
// to update user data
if (isset($enter))
{
include ('header.inc');
include("enter.php");
}
//to enter to display database page
if (isset($entrance))
{
include("entrance.php");
}
//to add user
if (isset($adduser))
{
include ('header.inc');
include ("adduser.php");
}
if (isset($show)) //show or remove users
{
if (($admin_login !=$admin_login_compare) || ($admin_password !=$admin_password_compare))
{ print "<br><br><br><blockquote><p>You are not authorized for this action. You must first make a username and password.</p></blockquote>" ; exit; }
else
include("showusers.php");
}
if (isset($forgotlogin))
{
include ('header.inc');
include ("forgotlogin.php");
}
?>
They are in turn sent to this script:
<?
$sql = "SELECT *FROM users WHERE login='$username' and password='$password'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_numrows($result);
if ($num == 1) {
$day1=date(d);
$month1=date(m);
$year1=date(Y);
$last_date1=$year1."-".$month1."-".$day1;
$lstdate = "update users set last_date='$last_date1' where login='$username'";
$tmp = mysql_query($lstdate) or die("Couldn't execute query");
echo "Hello, $username<br>";
include ("$admin_page");
}
else if ($num == 0) {
echo "You are not authorized!"; // if user not exist
}
// exit;
?>