I still have this simple loginscript that works pretty well with a single username. It also redirects to only 1 page.

For the site i'm working on right now, i need to have 2 different usernames each redirecting to another page. Is there any way to adjust the existing script?

<?php
/* secret.php
CONSTANT DECLARATIONS - DO NOT CHANGE UPPERCASE CONSTANTS.
Change lowercase values only
*/
/* Administration */
define("ADMINUSER", "admin"); /* your administration login name - modify - you make it up */
define("ADMINPASSWORD", "admin"); /* your administration password - modify - you make it up */
/* below is the webpage you will go to if your login is successful */
define("ADMINHOME", "test.php"); /* your administration page name - modify - the page you go to if the login is successful: Example: admin.php */
?>


<?php
//adminLogin.php
//
// requires for multi applications inter-operability using same admin-Login-Only module
if(file_exists("secret.php")) { // admin-Login-Only admin user and password file
require_once("secret.php");
}
// begin SECURITY - DO NOT CHANGE!
// initialize or retrieve the current values for the login variables
$loginAttempts = !isset($_POST['loginAttempts'])?1:$_POST['loginAttempts'];
$formuser = !isset($_POST['formuser'])?NULL:$_POST['formuser'];
$formpassword = !isset($_POST['formpassword'])?NULL:$_POST['formpassword'];
if(($formuser != ADMINUSER ) || ($formpassword != ADMINPASSWORD )) {
if ($loginAttempts == 0) { /* 1 strikes and they're out */
$_POST['loginAttempts'] = 1;
include("meplog.php");
exit;
}else{
if ( $loginAttempts >= 1 ) {
header("Location: http://www.meppers.nl/index.php");
exit();
}else{
header("Location: http://www.meppers.nl/index.php");
exit();
}
}
}
/* test for valid username and password
if valid then initialize the session
register the username and password variables
and include the ADMINHOME page
*/
if (($formuser == ADMINUSER ) && ($formpassword == ADMINPASSWORD )) { // test for valid username and password
session_start();
$_SESSION['adminUser'] = ADMINUSER;
$_SESSION['adminPassword'] = ADMINPASSWORD;
$SID = session_id();
$adminHome = ADMINHOME;
header("Location: http://www.meppers.nl/".$adminHome);
exit();
}
?>

<?php
//adminLogOut.php
//
/*
If you enable register_globals, session_unregister() should be used since session
variables are registered as global variables when session data is deserialized.
http://www.php.net/manual/en/ref.session.php
*/
session_start();
function session_clear() {
// if session exists, unregister all variables that exist and destroy session
$exists = "no";
$session_array = explode(";",session_encode());
for ($x = 0; $x < count($session_array); $x++) {
$name = substr($session_array[$x], 0, strpos($session_array[$x],"|"));
if (session_is_registered($name)) {
session_unregister('$name');
$exists = "yes";
}
}
if ($exists != "no") {
session_destroy();
}
}
session_clear();
?>

<?php
//adminOnly.php
//
session_start();
if( (!isset($_SESSION['adminUser'])) || (!isset($_SESSION['adminPassword'])) ) {
include_once("adminLogin.php");
exit;
}
// requires for multi applications inter-operability using same admin-Login-Only module
if(file_exists("secret.php")) { // admin-Login-Only admin user and password file
require_once("secret.php");
}
/* adminOnly.php
if the session variables are not set or are incorrect values
then present the login screen
*/
if( ($_SESSION['adminUser'] != ADMINUSER) || ($_SESSION['adminPassword'] != ADMINPASSWORD) ) {
include_once("adminLogin.php");
exit;
}else{?>
<?php }?>

and the protected pages have the following line on top

<?php require_once("adminOnly.php");?>

Try an mysql one, or a xml one:

MySQL (http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/)
XML (http://net.tutsplus.com/videos/screencasts/build-a-login-and-registration-system-with-xml/)

The xml is way to extensive (no need for registration and other features) and the mysql one.... well there is hardly any explaination on where to put the scripts, etc.
I'm not a coder, i'm just someone who can adjust a fairly simple script to his own needs.

I didn't wrote the script I put on before myself. I just know where to change it to get it to work with pages i'm using it for.
So there is no way to adjust it to multiple-user/page?

All it needs to do is redirect a user with login "a" and pw "b" to page "c"
and anotherone with login "x" and pw "y" to page "z".
no need to add more users or pages

It's for the members of our team to go to a protected team-only page and with the same form i would like to redirect coaches and people who run the club to a page where they can upload stuff, put the gameresults online, etc.

Not tested:


<?php
session_start();

$logins[0]["user"] = "a";
$logins[0]["pass"] = "b";
$logins[0]["redirect"] = "c.php";

$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";

// No need to edit below, except the errors

if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false; //this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["loggged_in"] = TRUE; //now, if they do have a correct password, set the session to true, and the variable.
header("Location: ".$login["redirect"]);
}
}
if(!$is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username:<br />
<input type="text" name="user" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Log in!" />
</form>


And then protect.php:


<?php
session_start();
if((!isset($_SESSION["logged_in"])) && !$_SESSION["logged_in"]){
header("Location: login.php");
} //check to see if logged in, otherwise go to the login
?>

Include protect.php every time theres a protected page.

if(isset($_POST['submit'])){
if(!empty($_POST['user']) || !empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
}


Don't you mean:

if (empty($_POST['user'] || empty($_POST['pass'])) ?

if !empty would mean if you fill in a value it will tell you to enter a username and password :confused:

Yes, I did fix that... Right before you posted. :D Thanks though!

Hehe, should have left a bit more time between you posting it and me replying :)

Haha... 5 minutes is enough. ;)

(commented the code)

Where do I put the protect.php? Sorry, I'm a php newbie. My form redirects to an html page.

Everywhere you have a protected page, you should put this code at the top of it(it has to be a .php):



<?php
include("../protect.php");
?>


Just put protect.php in the root directory.

Version 2.

What have I done?
Protect page now works - credits to master_script_maker for helping me fix this
Made something that makes the user aware they're logged in
Made the session hold an array, one with the page they're supposed to go to, and one saying their logged in.
Made a logout.

Login.php


<?php
session_start();

if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
echo "You're logged out, and will be redirected in about 3 seconds";
header('refresh: 3; url=login.php');
exit;
}

$login = true;
require "protect.php";

$logins[0]["user"] = "a";
$logins[0]["pass"] = "b";
$logins[0]["redirect"] = "c.php";

$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";

// No need to edit below, except the errors

if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false; //this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["logged_in"] = array($login["redirect"], true); //now, if they do have a correct password, set the session to true, and the variable.
header("Location: ".$login["redirect"]);
}
}
if(!$is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username:<br />
<input type="text" name="user" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Log in!" />
</form>


protect.php - credits to master_script_maker for helping me fix this


<?php
session_start();
if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
}
} else if (isset($login) || isset($index)){
echo "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
exit;
}
?>


index.php


<?php
$index = true;
require "protect.php";

?>

Thanks Nile!
It works great, but...
There are actually to many features. I have no need at all for a log-out button, but like with the original script, the visitors will be automatically logged out when they leave the protected area. And there is no need for the messages. When they enter the wrong password/login they will stay on the same page without any notice. The message that the user is in a protectd area isn't neccessary either 'cause the look of that area already shouts "member area".

So I was thinking about mixing the original script i have (that has the features i mentioned above) with the script you wrote.

The problem i see with that is that the variables are declared in the original script and there is no such thing in your script.

Any suggestions on how to fix that?

PS. I'm surely going to keep your script around 'cause i have a feeling i'm going to need it with some other sites

Which variables? Can you be a bit more specific please!
Please make a list of things that should go, and improve. And I'd be glad to fix them!

I'm going to start from my original script (cause I can understand that a bit since i played around a bit with it):

In the first script -secret.php- the login, pw and destination-page are declared.
I was thinking about putting the login array from your script in there.

Script 2 -AdminLogin.php- gets the includes the form (meplog.php) and tells what to do with a wrong password (in my case just sends them to index.php again)
and from what i can understand sends the users to index.php also when they try to enter a protected page without login in (by typing the full path of the protected page).
At the bottom of this script it compares the entered values to the one in secret.php

Script 3 -AdminLogOut.php- is a bit more complex to me, but i think it logs the user out as soon as they go from a protected page to a non protected one.

Script 4 -AdminOnly.php- seems to check if everything is OK before entering a page, and if not go thru the AdminLogin.php again.

The ideal script for me would be putting the array with logins, pws and destinations in the first script and from there on change script 2, 3 and 4 so it can read the array you wrote instead of declared values (like in the original script).

I hope you understand what i'm trying to explain, 'cause english isn't my first language.

If you can pull this one off, all the members of the club would be very gratefull!!!

To me, it appears AdminLogOut.php deletes the session if they're not protected (as in it doesn't record new sessions?).

I will try to do what you've requested.

But, some of the order you have things (like the pass and user are in secret.php), and you want it that way... I don't know why. The script you have looks very non-user friendly, I tried to make mine as most user friendly as possible.

Ok, I think I've finished except the unreasonable things... Protect.php will check to see if they're logged in, if not go to the login page.

Index.php:


<?php
$index = true;
require "protect.php";

?>


Login.php:


<?php
session_start();

if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
echo "You're logged out, and will be redirected in about 3 seconds";
header('refresh: 3; url=login.php');
exit;
}

$login = true;
require "protect.php";

// No need to edit below, except the errors

if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false; //this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["logged_in"] = array($login["redirect"], true); //now, if they do have a correct password, set the session to true, and the variable.
header("Location: ".$login["redirect"]);
}
}
if(!$is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username:<br />
<input type="text" name="user" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Log in!" />
</form>


Protect.php


<?php
session_start();

$logins[0]["user"] = "a";
$logins[0]["pass"] = "b";
$logins[0]["redirect"] = "c.php";

$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";

if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
}
} else if (isset($login) || isset($index)){
echo "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
exit;
}
?>

Niles,

I'm curious, is it possible to customize the login page to my liking? Such as adding other html/css with it to look not so plain?

I'm a newbie to php. Great codes btw.

Sorry for the late response. You can customize it with css. Good luck!

I keep getting this error:

Warning: Cannot modify header information - headers already sent by (output started at /home/agiphoto/www/www/protect.php:9) in /home/agiphoto/www/www/login.php on line 35

Can anyone help me figure out what I am doing wrong?

Its probably my error, lemme take a look.

What page are you viewing when you get this error, and di you change any of the code besides the user, password, and redirect?

And which version of the code are you using?

First version (http://www.dynamicdrive.com/forums/showpost.php?p=188723&postcount=4)
Second Version (http://www.dynamicdrive.com/forums/showpost.php?p=188859&postcount=10)
Or Third Version (http://www.dynamicdrive.com/forums/showpost.php?p=189313&postcount=14) (Special for Gert's needs).

Its probably my error, lemme take a look.

What page are you viewing when you get this error, and di you change any of the code besides the user, password, and redirect?

And which version of the code are you using?

First version (http://www.dynamicdrive.com/forums/showpost.php?p=188723&postcount=4)
Second Version (http://www.dynamicdrive.com/forums/showpost.php?p=188859&postcount=10)
Or Third Version (http://www.dynamicdrive.com/forums/showpost.php?p=189313&postcount=14) (Special for Gert's needs).

I am using Version 2 of your code and I only altered the username, password and redirect.

I am getting this error when trying to log in on my login.php page. I am trying to be redirected to my testlogin.php with username "x" and password "y"

Thanks for your help!

Ok, I will look at the code. Please do not use Version 1, as it is not working. Nor will it ever work.

I have a index.php, protect.php, login.php and testlogin.php (for redirect) in my root, is this correct?

This should be correct, paste the code to all the files. But before doing that, update to User Login v 1.3:

The only things changed were the top of protect.php, and login.php.

Protect.php:


<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
}
} else if (isset($login) || isset($index)){
echo "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
exit;
}
?>


Login.php:


<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
echo "You're logged out, and will be redirected in about 3 seconds";
header('refresh: 3; url=login.php');
exit;
}

$login = true;
require "protect.php";

$logins[0]["user"] = "a";
$logins[0]["pass"] = "b";
$logins[0]["redirect"] = "c.php";

$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";

// No need to edit below, except the errors

if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false; //this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["logged_in"] = array($login["redirect"], true); //now, if they do have a correct password, set the session to true, and the variable.
header("Location: ".$login["redirect"]);
}
}
if(!$is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username:<br />
<input type="text" name="user" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Log in!" />
</form>

I tried updating like you mentioned, but I still get this error:


Warning: Cannot modify header information - headers already sent by (output started at /home/agiphoto/www/www/protect.php:14) in /home/agiphoto/www/www/login.php on line 37

It seems to be this line is causing the problems, but I am too much of a noob to know why.

header("Location: ".$login["redirect"]);

paste the code to all the files

Which code are you referring to? And is the code to be pasted to all protected files, or the new PHP's I created (index.php, login.php and protect.php)?

Sorry for all the questions, but I am so close to finally completing this, I can taste it!! :rolleyes:

I don't understand. I updated the code. Your protect.php and login.php should be change to look like the code above.

Right Before:


header("Location: ".$login["redirect"]);


Add:


ob_start();

I don't understand. I updated the code. Your protect.php and login.php should be change to look like the code above.

Right Before:


header("Location: ".$login["redirect"]);


Add:


ob_start();


I did this but I still get the same error :(

Ok, well update the script ( I made another update ):
protect.php:


<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
exit;
}
} else if (isset($login) || isset($index)){
echo "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
exit;
}
?>

login.php:


<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
echo "You're logged out, and will be redirected in about 3 seconds";
header('refresh: 3; url=login.php');
exit;
}

$login = true;
require "protect.php";

$logins[0]["user"] = "a";
$logins[0]["pass"] = "b";
$logins[0]["redirect"] = "c.php";

$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";

// No need to edit below, except the errors

if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false; //this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["logged_in"] = array($login["redirect"], true); //now, if they do have a correct password, set the session to true, and the variable.
header("Location: ".$login["redirect"]);
exit;
}
}
if(!$is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username:<br />
<input type="text" name="user" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Log in!" />
</form>

There was a huge security whole.

Great script! THANK YOU! Works like a charm.

Glad to help you uppercanuck!

Hi,

Where do I put the protect.php? Sorry, I'm a php newbie. My form redirects to an html page.

The page it redirects to should also be a php page so that you can include the php code which checks if a valid session is active...



I tried updating like you mentioned, but I still get this error:


Warning: Cannot modify header information - headers already sent by (output started at /home/agiphoto/www/www/protect.php:14) in /home/agiphoto/www/www/login.php on line 37
Well, I didn't read the full code, but it looks like that the line
header("Location: ".$login["redirect"]); is executing after some html output has already happened...

The line above should be placed before any html output is there on the page...

For example, this won't work:


<?php
echo "Welcome!";
$somevariable = "some value";
header("Location: ".$login["redirect"]);
?>


But the following will work:


<?php
$somevariable = "some value";
header("Location: ".$login["redirect"]);
?>


Note that the word 'Welcome' is output to the page (in the first example)before the header information is sent to the browser.... It is too late for the browser because it has already output some text to the page.

hello nile.... im new to php... can u help me with this ? im triying to us those codes but i dont really know how do it... can u tell me step by step how can i do this? thank you so much!

Hi, i have been reading this post and trying out the script, which is what i'm looking for but for some reason i am having an issue with it.

I have copied the scripts and created the correct pages including the c.php and z.php pages where i have added the include file at the top of the page.

When i login i see the text "you are already logged in, click here to logout" but for some reason it is not redirecting me to the c.php or z.php

Here is the scripts that i am using
login.php


<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
echo "You're logged out, and will be redirected in about 3 seconds";
header('refresh: 3; url=login.php');
exit;
}

$login = true;
require "protect.php";

$logins[0]["user"] = "a";
$logins[0]["pass"] = "b";
$logins[0]["redirect"] = "c.php";

$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";

// No need to edit below, except the errors

if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false; //this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["logged_in"] = array($login["redirect"], true); //now, if they do have a correct password, set the session to true, and the variable.
header("Location: ".$login["redirect"]);
exit;
}
}
if(!$is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username:<br />
<input type="text" name="user" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Log in!" />
</form>



protect.php



<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
exit;
}
} else if (isset($login) || isset($index)){
echo "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
exit;
}
?>



here is the z.php page




<?php
$index = true;
require "protect.php";

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="en-gb" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>

<p>example page two</p>

</body>

</html>




Can anyone see why its not redirecting me to the z.php or c.php pages?

Thanks in advance

:)

Hmm - well first of all change:


if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
echo "You're logged out, and will be redirected in about 3 seconds";
header('refresh: 3; url=login.php');
exit;
}

To:


if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
header('refresh: 3; url=login.php');
echo "You're logged out, and will be redirected in about 3 seconds";
exit;
}
I know thats an error in the script. I don't know about the redirect let me test it a little - it has something to do with sessions/cookies

So I'm trying to test this multiple user login script and once I log in I don't see the contents of c.php page but this message is displayed "Your already logged in!! Click here to logout. Or, go back to your login page." Now in my browser address bar it displays c.php so I don't know what's going on here.
My live address for testing is here; http://www.dngphotography.com/test1/login.php

Here's my code;

login.php

<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
header('refresh: 3; url=login.php');
echo "You're logged out, and will be redirected in about 3 seconds";
exit;
}

$login = true;
require "protect.php";

$logins[0]["user"] = "a";
$logins[0]["pass"] = "b";
$logins[0]["redirect"] = "c.php";

$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";

// No need to edit below, except the errors

if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false; //this is part of the process to see if they have a correct password or not, set to false right here to say no right pass... (will change later)
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["logged_in"] = array($login["redirect"], true); //now, if they do have a correct password, set the session to true, and the variable.
header("Location: ".$login["redirect"]);
exit;
}
}
if(!$is_logged){ echo "Username/password did not match, try again!"; } //if none of the $logins arrays matched the input, give an error
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Username:<br />
<input type="text" name="user" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Log in!" />
</form>


protect.php

<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
exit;
}
} else if (isset($login) || isset($index)){
echo "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
exit;
}
?>


index.php


<?php
$index = true;
require "protect.php";

?>

Logged in

c.php

<?php
$index = true;
require "protect.php";

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="en-gb" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>

<p>example page two</p>

</body>

</html>

bump,,,I'm still looking for an answer. Can anyone help me please.

I have been struggling with the same problem as dng. I found that if I used the following code at the top of my protected pages I could login (this code was used earlier in this thread).

<?php
include("protect.php");
?>

So perhaps you can try using that code instead. It is not perfect because if the User knows the url for another protected page they can then access that once logged into their own page. It doesn't require the username and password for the new page. I am a newbee so I don't know any technical reasons for this. Just hope it helps and gets this thread moving again. :)

I cant seem to get this to work. I have the login.php and protect.php in my subdomain password.whatever.com so I have my clients log into that and when they type in there password I am trying to have it redirect them to there own subdomain. client1.whatever.com. it starts to work but I allways end up with a blank page after login in and it takes me to client1.whatever.com/login.php but that is under the password.whatever.com.. please help!

like I have

password.whatever.com/index.php ->
password.whatever.com/protect.php ->
password.whatever.com/login.php -> Client 1 password and user

This is where I have it pointing to:
client01.whatever.com/index.php

But I end up here:
client01.whatever.com/login.php