|
Answer» Hay, first off al, I want to say that i'm back I haven't POSTED a big time because a was on a half-world JOURNEY So, here i'm back .
Now second, I have a problem with this script I programmed in PHP (i've translated it from dutch to english) but it gives an ERROR and I don't know what is my fault, i've searched a long time, but I really can't see what i'm doing wrong. this is the errror:
Warning: main(p?=welkom): failed to open stream: No such file or directory in /home/httpd/vhosts/*my host folders*/aanmelden.php on line 56
Warning: main(): Failed opening 'p?=welkom' for inclusion (include_path='.:/usr/share/pear') in /home/httpd/vhosts/*my host folders*/aanmelden.php on line 56
line 56 is:
include($_GET['p'].'p?=welkom');
welkom is my file name (in dutch) SO can anybody helps me please! :exclamation I start to be a bit desperated [smiley=shocked.gif]
here is my script (it should be used to create a login with COOKIES, that checks if you are loged in if you visit the link)
ob_start();
session_start();
$username = array();
$username[] = "username1";
$username[] = "username2";
$password = array();
$password[] = "password1";
$password[] = "password2";
if( !isset($_GET["action"])) {
$_GET["action"] = "";
}
if( !isset($_SESSION["Admin"])) {
$_SESSION["Admin"] = "";
}
function inArrayPlusKey($value,$array){
if(in_array($value,$array)){
for($i=0; $i if($array[$i] == $value){
return $i;
}
}
}
else{
return false;
}
}
function check_online() {
if($_SESSION["Admin"] != "") {
return 1;
}
else {
return 0;
}
}
if(isset($_POST["login"])){
if($_POST["password"] == $password[inArrayPlusKey($_POST["username"],$username)]){
$_SESSION["Admin"] = $_POST["username"];
echo 'continu[/url]';
}
else{
echo 'error, no entry';
}
}
else{
if(check_online() == 1) {
include($_GET['p'].'p?=welkom');
if($_GET["action"] == "log out") {
session_destroy();
echo '
you have been logged out, click here to go back[/url]
';
}
}
else {
include('index.php');
}
}
?>At a guess, you've got your question mark in the wrong place, i.e. include($_GET['p'].'p?=welkom'); should be include($_GET['p'].'?p=welkom');
But this is not a great way of programming a safe script. In what way are you checking that the GET variable 'p' is clean? Also bear in mind that SESSION variables can be faked or stolen. A much safer way of authenticating without resorting to SSL is described >here<. I recommend reading and re-reading that article until you understand it.
A little tip for POST/GET variables, which aids readability (I always use this):
// Prefix all form variables with p_
import_request_variables('p', 'p_');
import_request_variables('g', 'p_');
After that, $_POST["username"] or $_GET["username"] can simply be called $p_username. Much easier when you're working with a lot of form data.Dude...... you're really great! Thank you so much for you good HELP, I used the excellent link from you, and now -I've translated it to dutch- I have my own -working!- login script. Thank you so much for helping My pleasure; although I can't exactly take the credit.
Just another thought to add into the mix: I'm currently working on what will become a reasonably significant international database- & authentication-driven website. I am avoiding the use of the javascript md5 library described in that article. Instead, I'm using several different levels of logon. Basic logon provides limited access to database features, and exposes no private information. Administrative logon provides access to higher-level features and private resources, and each admin session is locked to an IP address, username, password, and shared key which is randomly generated at the start of the admin session. (i.e. virtually impossible to hijack) Finally there will be superuser level access which as well as having the above protection will also be IP locked at the IIS level to a few limited static IP addresses.
All of that is driven by php/MySQL without the use of javascript and therefore will achieve the desired effect on ALL browsers (provide they support session cookies).
|
