Support Forums Categories Coding Support Forums PHP The Hypertext Preprocessor
Don't need to login

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Don't need to login
Strafeness Offline
Learner
*
Posts: 43
Threads: 4
Joined: Jun 2011
Reputation: 0
#1
01-21-2012, 06:26 AM
Hello,

I just made a login system. But I want to give users the ability to view pages that is for admin only. I tried a cookie, but I got this error:
PHP Code:
WarningCookie names cannot contain any of the following '=,; \t\r\n\013\014' in /home/crystal/public_html/hwid/admin.php on line 17 

Does anyone has a better method ? I was thought session is a good way. Should I use $_SESSION ?
Find
Reply
AceInfinity Offline
struct by_lightning;
*****
Posts: 5,793
Threads: 268
Joined: Sep 2010
Reputation: 85
#2
01-21-2012, 06:59 AM
For viewing pages that have admin functions, just make it so that it parses the Admin functions onto the page if their session matches that of the Admin credentials.

I've provided an example of a fully functional $_SESSION Admin page here: http://tech.reboot.pro/showthread.php?ti...=PHP+login

The MySql inserts are a bit sloppy, but that's not the part you're going to be looking at. Look at where I use the $_SESSION variable to define admin pages.
Website Find
Reply
Strafeness Offline
Learner
*
Posts: 43
Threads: 4
Joined: Jun 2011
Reputation: 0
#3
01-21-2012, 08:03 AM
Hello,

I wrote this, can you please tell me what I did wrong ?

PHP Code:
if ($admin == '1'){
session_start();
session_regenerate_id (true); //Voorkomt session fixed attacks. 
$_SESSION['username'] = $username
}

if (isset($_SESSION['username'])){ ?>
<div class="menu_resize_bg">
}

<?php
if (!isset($_SESSION['username'])){ ?>
  echo 'Doens't exist';

Thanks in advance!
Find
Reply
AceInfinity Offline
struct by_lightning;
*****
Posts: 5,793
Threads: 268
Joined: Sep 2010
Reputation: 85
#4
01-21-2012, 08:06 AM
Right here:
PHP Code:
$_SESSION['username'] = $username

Then you go and use the Session variable itself without username for some reason, but you don't check it's input directly.
PHP Code:
if (isset($_SESSION['username'])) 

Not good...
Website Find
Reply
Strafeness Offline
Learner
*
Posts: 43
Threads: 4
Joined: Jun 2011
Reputation: 0
#5
01-21-2012, 08:07 AM (This post was last modified: 01-21-2012, 08:12 AM by Strafeness.)
(01-21-2012, 08:06 AM)AceInfinity Wrote: Right here:
PHP Code:
$_SESSION['username'] = $username

Then you go and use the Session variable itself without username for some reason, but you don't check it's input directly.
PHP Code:
if (isset($_SESSION['username'])) 

Not good...
My bad, I forgot to copy the $username

PHP Code:
$username htmlspecialchars($_POST['username'], ENT_QUOTES); 

Of course I also made a textbox with the name 'username'
Never mind, fixed it with this: if (isset($_SESSION['username']) == $username)
Find
Reply
AceInfinity Offline
struct by_lightning;
*****
Posts: 5,793
Threads: 268
Joined: Sep 2010
Reputation: 85
#6
01-21-2012, 08:28 AM (This post was last modified: 01-21-2012, 08:29 AM by AceInfinity.)
That's still not very good to do. Review my expample one more time, you'll see Smile

Gaijin i'm sure would tell you what's wrong as well.
Website Find
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [help] Improve login script Montana" 1 1,533 03-18-2013, 12:59 PM
Last Post: Haxalot
  Simple Login and Search nevets04 1 659 12-24-2009, 03:37 PM
Last Post: Gaijin

Forum Jump:


Users browsing this thread: 1 Guest(s)