Support Forums
Don't need to login - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Coding Support Forums (https://www.supportforums.net/forumdisplay.php?fid=18)
+---- Forum: PHP The Hypertext Preprocessor (https://www.supportforums.net/forumdisplay.php?fid=21)
+---- Thread: Don't need to login (/showthread.php?tid=24739)

Don't need to login - Strafeness - 01-21-2012

Hello,

I just made a login system. But I want to give users the ability to view pages that is for admin only. I tried a cookie, but I got this error:
PHP Code:
WarningCookie names cannot contain any of the following '=,; \t\r\n\013\014' in /home/crystal/public_html/hwid/admin.php on line 17 

Does anyone has a better method ? I was thought session is a good way. Should I use $_SESSION ?

RE: Don't need to login - AceInfinity - 01-21-2012

For viewing pages that have admin functions, just make it so that it parses the Admin functions onto the page if their session matches that of the Admin credentials.

I've provided an example of a fully functional $_SESSION Admin page here: http://tech.reboot.pro/showthread.php?tid=1056&highlight=PHP+login

The MySql inserts are a bit sloppy, but that's not the part you're going to be looking at. Look at where I use the $_SESSION variable to define admin pages.

RE: Don't need to login - Strafeness - 01-21-2012

Hello,

I wrote this, can you please tell me what I did wrong ?

PHP Code:
if ($admin == '1'){
session_start();
session_regenerate_id (true); //Voorkomt session fixed attacks. 
$_SESSION['username'] = $username
}

if (isset($_SESSION['username'])){ ?>
<div class="menu_resize_bg">
}

<?php
if (!isset($_SESSION['username'])){ ?>
  echo 'Doens't exist';

Thanks in advance!

RE: Don't need to login - AceInfinity - 01-21-2012

Right here:
PHP Code:
$_SESSION['username'] = $username

Then you go and use the Session variable itself without username for some reason, but you don't check it's input directly.
PHP Code:
if (isset($_SESSION['username'])) 

Not good...

RE: Don't need to login - Strafeness - 01-21-2012

(01-21-2012, 08:06 AM)AceInfinity Wrote: Right here:
PHP Code:
$_SESSION['username'] = $username

Then you go and use the Session variable itself without username for some reason, but you don't check it's input directly.
PHP Code:
if (isset($_SESSION['username'])) 

Not good...
My bad, I forgot to copy the $username

PHP Code:
$username htmlspecialchars($_POST['username'], ENT_QUOTES); 

Of course I also made a textbox with the name 'username'
Never mind, fixed it with this: if (isset($_SESSION['username']) == $username)

RE: Don't need to login - AceInfinity - 01-21-2012

That's still not very good to do. Review my expample one more time, you'll see Smile

Gaijin i'm sure would tell you what's wrong as well.