[PHP] user auth.. with mysql and cookies.. help
sorry, bother all of you with my same question
i was learn to make user auth with mysql and using cookies, i have trouble
with this error message;
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../functions.inc on line 49
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../functions.inc on line 50
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../functions.inc on line 51
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../login.php on line 12
in this case i use 4 file ..
1)index.html -- sending data (methode post to login.php);
2)login.php
3)function.inc -- all the function i use
4)common.inc -- global variable;
2...login.php.
?php
require 'functions.inc';
deleteCookies();
if (authenticateUser($form_username, $form_password))
{
setcookie(cookie_passwd, $form_password);
setcookie(cookie_user, $form_username);
header(Location:http://$http_host/$docroot/report.php;);
exit();
}
else{
header(Location:http://$http_host/$docroot/error1.htm;);
exit();
}
3.function.inc
?
require 'common.inc';
function DisplayErrMsg($message)
{
printf (blockquoteblockquoteblockquoteh3fontcolor=\#cc\
%s/font/h3/blockquote/blockquote/blockqoute\n,$message);
}
function authenticateUser($user, $password)
{
global $host, $httphost, $user_db, $password_db, $db, $docroot;
if (! ($link = mysql_pconnect($host, $user_db, $password_db)))
{
DisplayErrMsg(sprintf(internal Error %d: %s \n,
mysql_errno(), mysql_error() ));
DisplayErrMsg(sprintf(internal Error %s %s %s %d: %s \n,
$host, $user, $password, mysql_errno(), mysql_error() ));
return 0;
}
if (! ($result = mysql_db_query($db,select * from user_login where
userid = '$user')))
{
DisplayErrMsg(sprintf(internal Error %d: %s \n,
mysql_errno(), mysql_error() ));
return 0 ;
}
if (($row = mysql_fetch_array($result))
($password==$row[password] $password != ))
return 1;
else
return 0;
}
function deleteCookies()
{
for ($i=0; $i$total_items; $i++)
{
setcookie(items_tray[$i],);
setcookie(quantity[$i],);
}
setcookie(items_tray,);
setcookie(total_items,);
setcookie(quantity,);
}
?
and 4. common.inc
?
$host = localhost;
$user_db = root;
$password_db = ;
$db = master_report;
$http_host = reymond.unri.ac.id/;
$docroot = security;
?
~
could you tell me what and where is the mistake ...
thank for all of you all kindness
regards
anton
--Linux is Power---
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] user auth.. with mysql and cookies.. help
It's basically saying that you are outputing stuff to the browser before you
are setting the cookies which is a no go. All header requests (header()
setcookie()) must be run before any text is outputted.
Thus, the most common error is that after or before your php tags ? ? is
empty space, which to PHP is considered outputted text and you wont be able
to set any headers.
Other than that you might be setting cookies after you have echo'd templates
or some such.
- James
--
W: www.londontown.com
@: [EMAIL PROTECTED]
--
-Original Message-
From: Anton Heryanto [mailto:[EMAIL PROTECTED]]
Sent: 30 May 2002 11:44
To: [EMAIL PROTECTED]
Subject: [PHP] user auth.. with mysql and cookies.. help
sorry, bother all of you with my same question
i was learn to make user auth with mysql and using cookies, i have trouble
with this error message;
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../functions.inc on line 49
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../functions.inc on line 50
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../functions.inc on line 51
Warning: Cannot add header information - headers already sent by (output
started at ../functions.inc:54) in ../login.php on line 12
in this case i use 4 file ..
1)index.html -- sending data (methode post to login.php);
2)login.php
3)function.inc -- all the function i use
4)common.inc -- global variable;
2...login.php.
?php
require 'functions.inc';
deleteCookies();
if (authenticateUser($form_username, $form_password))
{
setcookie(cookie_passwd, $form_password);
setcookie(cookie_user, $form_username);
header(Location:http://$http_host/$docroot/report.php;);
exit();
}
else{
header(Location:http://$http_host/$docroot/error1.htm;);
exit();
}
3.function.inc
?
require 'common.inc';
function DisplayErrMsg($message)
{
printf (blockquoteblockquoteblockquoteh3fontcolor=\#cc\
%s/font/h3/blockquote/blockquote/blockqoute\n,$message);
}
function authenticateUser($user, $password)
{
global $host, $httphost, $user_db, $password_db, $db, $docroot;
if (! ($link = mysql_pconnect($host, $user_db, $password_db)))
{
DisplayErrMsg(sprintf(internal Error %d: %s \n,
mysql_errno(), mysql_error() ));
DisplayErrMsg(sprintf(internal Error %s %s %s %d: %s \n,
$host, $user, $password, mysql_errno(), mysql_error() ));
return 0;
}
if (! ($result = mysql_db_query($db,select * from user_login where
userid = '$user')))
{
DisplayErrMsg(sprintf(internal Error %d: %s \n,
mysql_errno(), mysql_error() ));
return 0 ;
}
if (($row = mysql_fetch_array($result))
($password==$row[password] $password != ))
return 1;
else
return 0;
}
function deleteCookies()
{
for ($i=0; $i$total_items; $i++)
{
setcookie(items_tray[$i],);
setcookie(quantity[$i],);
}
setcookie(items_tray,);
setcookie(total_items,);
setcookie(quantity,);
}
?
and 4. common.inc
?
$host = localhost;
$user_db = root;
$password_db = ;
$db = master_report;
$http_host = reymond.unri.ac.id/;
$docroot = security;
?
~
could you tell me what and where is the mistake ...
thank for all of you all kindness
regards
anton
--Linux is Power---
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] user auth
I will soon be developing a user authentication system with different access levels. I
will need to check the users against a mysql database. How secure is checking for a
session var, and then redirecting with header('Location:...') ? Is there a way to get
around this method of protection?
--
Justin Blake
http://blaix.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] user auth
On Thu, May 30, 2002 at 11:46:29PM -0400, Justin Blake wrote:
I will soon be developing a user authentication system with different
access levels. I will need to check the users against a mysql
database. How secure is checking for a session var, and then
redirecting with header('Location:...') ? Is there a way to get around
this method of protection?
I'm no expert on this but I don't think session in PHP them selves have
any security embedded in it by them selves, you could just try to do a
bruteforce attack on sessionIDs (good luck :).
But what you yourself could do is keep track of eg. the IP adress of the
user and check if it doesn't change... if it does then maybe someone is
trying something fishy.
--
Daniel Tryba
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] user auth
On Thu, 30 May 2002, Justin Blake wrote:
I will soon be developing a user authentication system with different
access levels. I will need to check the users against a mysql database.
How secure is checking for a session var, and then redirecting with
header('Location:...') ? Is there a way to get around this method of
protection?
That's the worst security scheme I've ever heard of.
Anyone can just look at where the redirect points to and go there.
You should keep the session active throughout your secured area and check
against a session variable at the top of each page.
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] user auth script update.
Found 1 schoold box error AGAIN I ended line 4 with : not ;
I am now getting the parse error on line 64
Can anyone review this script and tell me where I am going wrong.
Thanks,
Matt.
SCRIPT
START--
?php
include(../dbconnect.php);
include(../functions/common_functions.php);
session_start();
if (!isset($login_username)) {
?
HTML
HEAD
META NAME=GENERATOR Content=vi
META NAME=Author Content=Matthew Darcy
TITLEBathJobs.com User Login/TITLE
/HEAD
BODY BGCOLOR=#ff LINK=#00 ALINK=#00 VLINK=#00
FONT FACE=Arial Size=4 Color=black
P
FORM METHOD=post ACTION=?=$PHP_SELF?
BRCENTER
BathJobs.com Login BRBR
TABLE BGCOLOR=#ff BORDER=0
TR BGCOLOR=#191970
TD BGCOLOR=#191970 width=30 height=30 BFONT
color=#ff9900UserName/FONT /B /TD
TD BGCOLOR=#191970 width=30 height=30 INPUT NAME=login_username SIZE=8
/TD
/TR
TR
TD BGCOLOR=#191970 width=30 height=30 BFONT color=#ff9900Password
/FONT /B /TD
TD BGCOLOR=#191970 width=30 height=30 INPUT NAME=login_password SIZE=8
/TD
/TR
/TABLE
BR
INPUT TYPE=hidden NAME=user_login_submit_button VALUE=submit_login
INPUT TYPE=submit NAME=submit_login_details VALUE=Login
BR
/FORM
Pnbsp;/P/CENTER/FORM/FONT
/BODY
/HTML
?php
exit;
}
session_register(login_username);
session_register(login_password);
$sql_authorisation = SELECT * FROM account_details WHERE
account_name='$login_username' AND
account_password=PASSWORD('$login_password');
$sql_authorisation_result = mysql_query($sql_authorisation);
if (!$sql_authorisation_result) {
error(A Database Error Occurred while trying to authorise login details
\\nIf this problem persists, please contact [EMAIL PROTECTED]);
}
if (mysql_num_rows($sql_authorisation_result) == 0) {
session_unregister(login_username);
session_unregister(login_password);
?
HTML
HEAD
TITLE Access Denied /TITLE
/HEAD
BODY BGCOLOR=white
H1 Access Denied /H1
P Your user ID and Password could not be verified. This could be an
incorrect username or password, or you are not a registered user on this
site. Try logging in again checking your details, or enter the signup
process to join bathjobs.com/P
/BODY
/HTML
?php
exit;
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] user auth script update.
I am now getting the parse error on line 64
$sql_authorisation = SELECT * FROM account_details WHERE
account_name='$login_username' AND
account_password=PASSWORD('$login_password');
You're missing the closing on the last line above.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] user auth script update.
never mind Matt,
I noticed the missin ); on line 65
Thanks for your help.
Matt.
-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]]
Sent: 16 February 2002 12:05
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP] user auth script update.
I am now getting the parse error on line 64
$sql_authorisation = SELECT * FROM account_details WHERE
account_name='$login_username' AND
account_password=PASSWORD('$login_password');
You're missing the closing on the last line above.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] user auth
Hello all! I a relatively newbie in PHP, so my question may appear silly: Please tell me if anyone has knowledge of authenticating a user based on his username and password from Linux system (shadow or anything). I want to make a php WebMail. Also, i want to make a ssh virtual web client for the registered user. Any help would be appreciated. Thanks, -- - Alexandru SOFRONIE [EMAIL PROTECTED] - IT Software Dept. Omega-Tehnoton GROUP +40-93-670773 - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] user auth
On Friday 14 September 2001 17:01, you wrote: if you want to work with the passwords that originally are in the shadow-file your webserver needs to have read-permissions for the shadow-file, which is no good idea. you could parse out the passwords from the shadow-file and write them into an extra password-file only readable for the webserver, which is no good idea neither. Or you could use a patched pam-modul which checks the passwords for you, which is the best solution i can think of. But if you want to do a webmail, you actually don't need to check the password. Your imap/pop-server will do that for you. BTW: There already are lots of webmails in php, just check nocc.sourceforge.net for example and there are many others. Hello all! I a relatively newbie in PHP, so my question may appear silly: Please tell me if anyone has knowledge of authenticating a user based on his username and password from Linux system (shadow or anything). I want to make a php WebMail. Also, i want to make a ssh virtual web client for the registered user. Any help would be appreciated. Thanks, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
