justsomeguy Posted July 3, 2007 Share Posted July 3, 2007 You've got the idea. But instead of this: if ((isset($_SESSION['user'])) && ($access == 0 || $access == 1)) {//shows the page that is only for members and admins} Use this: if (!($access == 0 || $access == 1)){ header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));} You don't want the code to check and not do anything if they are allowed, you want the code to check and redirect if they are not allowed. On the login.php page you can check if $_GET['error'] is set and if it is show it on the page. Also, you don't need to check if the session is set because you already did.For more then one access level, you can either create different files or just put it all in a function. So the secret.php could look like this: <?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){ if(!isset($_SESSION['user'])){ // the session is not set header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page } if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"')) { if ($row = @mysql_fetch_assoc($result)) { for ($i = 0; $i < func_num_args(); $i++) // for each access level { if ($row['access'] != func_get_arg($i)) // they don't have that access header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } } else // there was an error with mysql_fetch_assoc header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } else // there was an error with mysql_query header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?> The code in the comments shows examples of calling the function. If you include that file on every page you can call the check_access function and check whatever you want for the page.I also didn't notice that you were using mysql_query incorrectly. When you do this:$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');$access is NOT the access field from the database. mysql_query does not return a database field, it returns a result resource. You need to use mysql_fetch_assoc or one of the other functions to get the values.Also, you need a space between these:require_once'secret.php'; Link to comment Share on other sites More sharing options...
shujjah Posted July 3, 2007 Author Share Posted July 3, 2007 oh my god how can i thank u thank u sooooooo much!!!!also on every page i want to restrict i will just put this code? session_start(); check_access();echo "the content of the page"; or some other check_access(1); or something?again thnkx a lot Link to comment Share on other sites More sharing options...
justsomeguy Posted July 3, 2007 Share Posted July 3, 2007 Make sure to include the file with the function definition. Link to comment Share on other sites More sharing options...
shujjah Posted July 4, 2007 Author Share Posted July 4, 2007 so it will look something like this <?phpsession_start();include('secret.php');check_access();?><html><head></head><body>content</body></html> ? Link to comment Share on other sites More sharing options...
shujjah Posted July 5, 2007 Author Share Posted July 5, 2007 when i open 1.php which contains this code without loging in <?phpsession_start();include('secret.php');check_access();?><html><head></head><body>content</body></html> i get this error Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:36) in D:\xampp\htdocs\access.php on line 9Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:36) in D:\xampp\htdocs\access.php on line 23content of the page and what it is still showing content of the page without me even logged in??!!!! Link to comment Share on other sites More sharing options...
justsomeguy Posted July 5, 2007 Share Posted July 5, 2007 It's trying to redirect to the login page but is not able to because output was already sent. Headers cannot be sent once output starts. This line is sending output:output started at D:\xampp\htdocs\access.php:36 Link to comment Share on other sites More sharing options...
shujjah Posted July 5, 2007 Author Share Posted July 5, 2007 how to solve this and also even if i am not logged in it is showing the content of the page???this is access.php <?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){ if(!isset($_SESSION['user'])){ // the session is not set header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page } if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"')) { if ($row = @mysql_fetch_assoc($result)) { for ($i = 0; $i < func_num_args(); $i++) // for each access level { if ($row['access'] != func_get_arg($i)) // they don't have that access header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } } else // there was an error with mysql_fetch_assoc header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } else // there was an error with mysql_query header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?> plz can u tell me how can i solce this? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 5, 2007 Share Posted July 5, 2007 Remove any whitespace at the end of the file. Output is being sent to the browser in that file. If you find it and remove it, it will work. It is on line 36. You posted 34 lines of code. If there is whitespace at the end of the file, it will cause a problem. Link to comment Share on other sites More sharing options...
shujjah Posted July 5, 2007 Author Share Posted July 5, 2007 this is the code <?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){ if(!isset($_SESSION['user'])){ // the session is not set header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page } if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"')) { if ($row = @mysql_fetch_assoc($result)) { for ($i = 0; $i < func_num_args(); $i++) // for each access level { if ($row['access'] != func_get_arg($i)) // they don't have that access header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } } else // there was an error with mysql_fetch_assoc header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } else // there was an error with mysql_query header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?> i dont think there are any white empty lines left?but it still gives me Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 8Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 21content of the pageand shows the content of the page Link to comment Share on other sites More sharing options...
justsomeguy Posted July 5, 2007 Share Posted July 5, 2007 First, replace this line: if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))with this:elseif ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))Second, look at the error message:Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 8There is output on line 33. Link to comment Share on other sites More sharing options...
shujjah Posted July 5, 2007 Author Share Posted July 5, 2007 ah sorry as u know this is my first script and i am not familiar with these error can u tell me waht shud i do to make it right?it is giving me nowWarning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:29) in D:\xampp\htdocs\access.php on line 8content of the page Link to comment Share on other sites More sharing options...
justsomeguy Posted July 5, 2007 Share Posted July 5, 2007 Find the line in the error message and remove the output on it. Whitespace or blank lines count as output. Link to comment Share on other sites More sharing options...
shujjah Posted July 5, 2007 Author Share Posted July 5, 2007 now the code looks like this <?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){ if(!isset($_SESSION['user'])){ // the session is not setheader("Location:login.php?error=".rawurlencode("You are not logged in")); // take him/her to the login page } elseif ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"')) { if ($row = @mysql_fetch_assoc($result)) { for ($i = 0; $i < func_num_args(); $i++) // for each access level { if ($row['access'] != func_get_arg($i)) // they don't have that access header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } } else // there was an error with mysql_fetch_assoc header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } else // there was an error with mysql_queryheader("Location:login.php?error=".rawurlencode("You don't have access for that page."));}?> i dont think that there are any extra white spaces on line 8?nerthier line 29. Link to comment Share on other sites More sharing options...
justsomeguy Posted July 5, 2007 Share Posted July 5, 2007 This is not difficult. There IS SOME output on whatever line is indicated in the error message, it doesn't matter whether you think there is or not. There is. Remove it. Link to comment Share on other sites More sharing options...
shujjah Posted July 5, 2007 Author Share Posted July 5, 2007 oh i just had to remove this line else // there was an error with mysql_queryheader("Location:login.php?error=".rawurlencode("You don't have access for that page."));} ah but now i get thisParse error: syntax error, unexpected $end in D:\xampp\htdocs\access.php on line 26 Link to comment Share on other sites More sharing options...
justsomeguy Posted July 5, 2007 Share Posted July 5, 2007 You don't want to remove any code, all the code needs to be there. The problem is whitespace after the code, not the code itself. That else statement should remain in the function. Link to comment Share on other sites More sharing options...
shujjah Posted July 6, 2007 Author Share Posted July 6, 2007 ah got it got it thnkx a lot justsomeguy :)now its up to building the revews and news scripts ah .........but i just checked there is a prob when i login and the code in 1.php is check_access(); then it works fine and it opens 1.php and shows the content of the page without any error.but when i change the code in 1.php to this check_access(1); and i login with a user that has acess 0 in the databsethen firstofall it takes a lot of time to load and then shows thiserrorWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\mysql.php on line 2Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in D:\xampp\htdocs\mysql.php on line 3Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\mysql.php:2) in D:\xampp\htdocs\access.php on line 24content of the page ????now whats wrong? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 6, 2007 Share Posted July 6, 2007 For some reason it can't find the MySQL server, it can't connect to the database. Use mysql_error inside mysql.php to tell you why it can't connect. Link to comment Share on other sites More sharing options...
shujjah Posted July 6, 2007 Author Share Posted July 6, 2007 strange anyways now i am using this db_connect.php instead of mysql.phpdb_connect.php <?php$con = mysql_connect("localhost","root","");if (!$con) { die('Could not connect: ' . mysql_error()); }$dbselect=mysql_select_db("rnu", $con);if (!$con) { die('Could not connect: ' . mysql_error()); }?> and now i am getting this error Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in D:\xampp\htdocs\checkpass.php on line 9Could not connect: for both the users = username with access 1 and 0heres my checkpass.php <?php session_start(); include "db_connect.php"; $_POST['username'] = addslashes($_POST['username']); // protects against SQL injection $_POST['password'] = addslashes($_POST['password']); // same ^^ $password = md5($_POST['password']); // encrypt the password $userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$mysql);if (!$userrow) { die('Could not connect: ' . mysql_error()); } if(mysql_num_rows($userrow) != "1"){ // no rows found, wrong password or username echo "<font color='red'><b>Wrong username or password!</b></font>"; include "login.php"; } else { // 1 row found exactly, we have the user! $_SESSION['user'] = $_POST['username']; header("Location: 1.php"); }?> what the ###### is wrong all of a sudden all things are screwing up??? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 6, 2007 Share Posted July 6, 2007 $userrow = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $_POST['username'] . "' AND `password` = '" . $password . "';", $mysql);You are trying to use a MySQL link called $mysql that does not exist. Link to comment Share on other sites More sharing options...
shujjah Posted July 7, 2007 Author Share Posted July 7, 2007 again the same error i change $mysql to $con ( since i used this to connect ) and now i am getting the same error againWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)????????????????????????????????????????????????????????and now here is some better news now none of my scripts are openening it gives me The page cannot be displayed error and althought my Xamp is still running and MySql is also running it is giving me this error man i am so damn freaked out right out?? isthere something wrong with my Xamp now????????? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 7, 2007 Share Posted July 7, 2007 You need to verify that everything is running. To verify that the web server is still running, go to Start -> Run and type "cmd" in the box to open a DOS command window. Type "telnet localhost 80" to connect to port 80 on your computer. If you press enter a few times you should see an HTTP 400 Bad Request message from the server if it is running. MySQL listens on port 3306, so to connect to it type "telnet localhost 3306", and if the MySQL server is running you should see at least the version number. For either of those if you see a message saying you can't connect, then the server is not running. Link to comment Share on other sites More sharing options...
shujjah Posted July 8, 2007 Author Share Posted July 8, 2007 well when i open telnet localhost80 and press enter a few times nothing comes only tiny kinda lines on each line . and when i enter telnet localhost 3306 i get the version and then automatically after some seconds this comes connection to host lost.? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 8, 2007 Share Posted July 8, 2007 That's fine, if you're not getting a cannot connect message then you can connect, Apache just behaves differently then IIS does.It doesn't make sense for this to be working and then just stop working, something else changed to make this stop working. If you've installed a firewall or something like that (possible a Windows update), it might affect this. If the web server is running, and if the MySQL server is running (and it sounds like they are), and if PHP is set up (which it was), the only thing that needs to be set is the mysql settings in php.ini. If all of this was previously working, something must have gotten changed to make it no longer work, it wouldn't just stop working for no reason. Check php.ini to make sure the MySQL port is correct, but other then that just try rebooting, if that doesn't work and you can't figure out what else changed then you may have to uninstall and reinstall. Link to comment Share on other sites More sharing options...
shujjah Posted July 9, 2007 Author Share Posted July 9, 2007 what now its working and i opened 1.php and it takes a lot of time to load whereas all other scripts load in less than 1 sec!!!!!!!!anyways i tried logging in with user access 0 and in 1.php its user check_access(1); and it gave me this errorWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)what the ###### is wrong if i login with the user who has access 1. the page opens and shows the content of the page. Which means that it can connect to the database????????????????????heres db_connect.php <?php$con = mysql_connect("localhost","root","");if (!$con) { die('Could not connect: ' . mysql_error()); }$dbselect=mysql_select_db("rnu", $con);if (!$con) { die('Could not connect: ' . mysql_error()); }?> checkpass.php <?php session_start(); include "db_connect.php"; $_POST['username'] = addslashes($_POST['username']); // protects against SQL injection $_POST['password'] = addslashes($_POST['password']); // same ^^ $password = md5($_POST['password']); // encrypt the password $userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$con);if (!$userrow) { die('Could not connect: ' . mysql_error()); } if(mysql_num_rows($userrow) != "1"){ // no rows found, wrong password or username echo "<font color='red'><b>Wrong username or password!</b></font>"; include "login.php"; } else { // 1 row found exactly, we have the user! $_SESSION['user'] = $_POST['username']; header("Location: 1.php"); }?> access.php <?phpsession_start(); // start the sessioninclude_once 'db_connect.php';function check_access(){ if(!isset($_SESSION['user'])){ // the session is not set header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page } if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"')) { if ($row = @mysql_fetch_assoc($result)) { for ($i = 0; $i < func_num_args(); $i++) // for each access level { if ($row['access'] != func_get_arg($i)) // they don't have that access header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } } else // there was an error with mysql_fetch_assoc header("Location: login.php?error=" . rawurlencode("You don't have access for that page.")); } else // there was an error with mysql_query header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?> 1.php <?phpsession_start();include('access.php');check_access(1);?><html><head></head><body>content of the page</body></html> now i guess there is something wrong with the check_access() function? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.