Login problem

[rhodarose]

Good day!

I created a webpage and it has a login page...I want that if the user was already login and she accidentally press the back button if the login page was view again she could not login again because she was already login..

I try to use session but i think it does not work. I have no idea on what code should i need to fix my problem.

here is my code:

PHP Code:

<?php  
session_start(); 
//require_once 'conn.php';  
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Engineering') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Finishing_Goods') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='HRAD') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='MIS') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Packaging_and_Design') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Production') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Purchasing_Logistic') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='QA_and_Technical') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Supply_Chain') { 
                header('location:Company.php'); 
            } 
            else {
                header('location:index.php');
                echo"Incorrect Username or Department"; 
                
                }  
    }
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>DSPI LOGIN</title>
<script> 
        function searchKeyPress(e) 
        { 
                // look for window.event in case event isn't passed in 
                if (window.event) { e = window.event; } 
                if (e.keyCode == 13) 
                { 
                        document.getElementById('submit').focus(); 
                } 
        } 
        </script>
<style type="text/css"> 
<!--
BODY { 
background-image: url(layout_image/bgroundv09.png);
background-attachment: fixed; 
} 
#Dept_Frame {
    position:absolute;
    width:229px;
    height:49px;
    z-index:1;
    left: 441px;
    top: 262px;
}
#Department_Option {
    position:absolute;
    width:186px;
    height:32px;
    z-index:2;
    left: 453px;
    top: 275px;
}
#Submit_Frame {
    position:absolute;
    width:82px;
    height:35px;
    z-index:3;
    left: 516px;
    top: 320px;
}
#Submit_Button {
    position:absolute;
    width:60px;
    height:29px;
    z-index:4;
    left: 524px;
    top: 328px;
}
#Username_ImageText {
    position:absolute;
    width:130px;
    height:55px;
    z-index:5;
    left: 319px;
    top: 208px;
}
#User_Frame {
    position:absolute;
    width:230px;
    height:46px;
    z-index:6;
    left: 441px;
    top: 216px;
}
#Username_Textbox {
    position:absolute;
    width:182px;
    height:23px;
    z-index:7;
    left: 455px;
    top: 228px;
}
--> 
</style>  
</head>
<body>
<form id="form1" name="form1" method="post" action="">
  <div id="Department_Option">
    <select name="department" onkeypress="searchKeyPress(event);">
      <option>Choose your Department. . . . . . </option>
      <option value="Accounting" <?php if($_POST['department'] == 'Accounting') echo "selected='selected'"; ?>>Accounting</option>
      <option value="Engineering" <?php if($_POST['department'] == 'Engineering') echo "selected='selected'"; ?>>Engineering</option>
      <option value="Finishing_Goods" <?php if($_POST['department'] == 'Finishing_Goods') echo "selected='selected'"; ?>>Finishing Goods</option>
      <option value="HRAD" <?php if($_POST['department'] == 'HRAD') echo "selected='selected'"; ?>>HRAD</option>
      <option value="MIS" <?php if($_POST['department'] == 'MIS') echo "selected='selected'"; ?>>MIS</option>
      <option value="Packaging_and_Design" <?php if($_POST['department'] == 'Packaging_and_Design') echo "selected='selected'"; ?>>Packaging and Design</option>
      <option value="Production" <?php if($_POST['department'] == 'Production') echo "selected='selected'"; ?>>Production</option>
      <option value="Purchasing_Logistic" <?php if($_POST['department'] == 'Purchasing_Logistic') echo "selected='selected'"; ?>>Purchasing and Logistics</option>
      <option value="QA_and_Technical" <?php if($_POST['department'] == 'QA_and_Technical') echo "selected='selected'"; ?>>QA and Technical</option>
      <option value="Supply_Chain" <?php if($_POST['department'] == 'Supply_Chain') echo "selected='selected'"; ?>>Supply Chain</option>
    </select>
  </div>
  <div id="Submit_Button">
    <input type="Submit" name="submit" value="Submit" id="submit" onclick="doSomething();"/>
  </div>
  <div id="Dept_Frame"><img src="layout_image/subframev02.png" width="229" height="50" /></div>
  <div id="Submit_Frame"><img src="layout_image/subframev02.png" width="80" height="46" /></div>

<div id="Username_ImageText"><img src="layout_image/userv01.png" width="131" height="62" /></div>
<div id="User_Frame"><img src="layout_image/subframev02.png" width="229" height="50" /></div>
<div id="Username_Textbox">
  <input name="username" type="text" size="30" />
</div>
</form>
</body>
</html>

[traq]

$ct is equal to 1 if the login was successful, correct? Save $ct to the session:

PHP Code:

$_SESSION['ct'] = $ct; 


Then, on every login-protected page, check to make sure the user was logged in and log them in if they aren't (where "LoginPage.php" is the location of your login script):

PHP Code:

<?php
session_start();
if($_SESSION['ct'] !== 1){ header("Location: LoginPage.php"); exit(); }
// rest of page follows

[rhodarose]

$ct is equal to 1 if the login was successful, correct? Save $ct to the session:

PHP Code:

$_SESSION['ct'] = $ct; 


Then, on every login-protected page, check to make sure the user was logged in and log them in if they aren't (where "LoginPage.php" is the location of your login script):

PHP Code:

<?php
if($_SESSION['ct'] !== 1){ header("Location: LoginPage.php"); exit(); }
// rest of page follows

I put the code that you suggested on my codes
like this:

PHP Code:

<?php  
session_start(); 
//require_once 'conn.php';  
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        $_SESSION['ct'] = $ct;
session_start();
if($_SESSION['ct'] !== 1){ header("Location: index.php"); exit(); }
        
        if($ct == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Engineering') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Finishing_Goods') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='HRAD') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='MIS') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Packaging_and_Design') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Production') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Purchasing_Logistic') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='QA_and_Technical') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Supply_Chain') { 
                header('location:Company.php'); 
            } 
            else {
                header('location:index.php');
                echo"Incorrect Username or Department"; 
                
                }  
    }
?>

and i got an error cannot connet to server

[traq]

Actually, if you're getting the message "Cannot connect to server", you're probably not connecting to your database correctly. That's the only part of your code (that you've shown here) that would generate that message:

mysql_connect("localhost", "root", "") or die("Cannot connect to server");

In any case,
the code I suggested

PHP Code:

session_start();
if($_SESSION['ct'] !== 1){ header("Location: index.php"); exit(); } 


should go at the very top of every other page (not the login page itself). Some clarification:

login page:

PHP Code:

<?php  
session_start(); 

$db_name="dspi"; 
mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   

// only check the login if it has been submitted
// otherwise, you should be showing your login form
if($_POST['department']){
        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1){
        // if login is correct, set session variable
             $_SESSION['ct'] = $ct;
        }else{
        // if login is wrong, end the script
             die('Wrong username or department.');
        }
}

        // if the user just logged in, 
        // OR if the user is logged in already
        if($ct == 1 || $_SESSION['ct'] == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php');  
//  and so on

all protected pages:

PHP Code:

<?php
// check if the user is logged in
// make them log in if not
if($_SESSION['ct'] !== 1){ header("Location: LoginPage.php"); exit(); }

// page content follows

[rhodarose]

Actually, if you're getting the message "Cannot connect to server", you're probably not connecting to your database correctly. That's the only part of your code (that you've shown here) that would generate that message:

mysql_connect("localhost", "root", "") or die("Cannot connect to server");

In any case,
the code I suggested

PHP Code:

session_start();
if($_SESSION['ct'] !== 1){ header("Location: index.php"); exit(); } 


should go at the very top of every other page (not the login page itself). Some clarification:

login page:

PHP Code:

<?php  
session_start(); 

$db_name="dspi"; 
mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   

// only check the login if it has been submitted
// otherwise, you should be showing your login form
if($_POST['department']){
        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1){
        // if login is correct, set session variable
             $_SESSION['ct'] = $ct;
        }else{
        // if login is wrong, end the script
             die('Wrong username or department.');
        }
}

        // if the user just logged in, 
        // OR if the user is logged in already
        if($ct == 1 || $_SESSION['ct'] == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php');  
//  and so on

all protected pages:

PHP Code:

<?php
// check if the user is logged in
// make them log in if not
if($_SESSION['ct'] !== 1){ header("Location: LoginPage.php"); exit(); }

// page content follows

I try this code and when i try to press the back button the login page was appear again but with the error like this:

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\xampp\htdocs\DSPI Intranet\index.php on line 29

Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\DSPI Intranet\index.php:29) in D:\xampp\htdocs\DSPI Intranet\index.php on line 53
Incorrect Username or Department

and when i try to login again the output is INcorrect username and password

[fastsol1]

You get the errors for two reasons. First the you get
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\xampp\htdocs\DSPI Intranet\index.php on line 29
because you have your $sql statment inside the if statement so it is only being ran if the $_POST['department']; has been sent to the page.
Second the modify_headers is cause you have output on the page already before it gets to checking to see if the login exists already. Put this at the very top before all else

PHP Code:

ob_start(); 


This will allow a new header to be sent even if output to the page has occurred.
Here is the code I use to achieve the same thing I think you want to do.

PHP Code:

<?php
session_start();
if (isset($_SESSION['myusername']))
{
header("location: index.php"); 
}
else
{
require ('connect.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />

<meta content="en-us" http-equiv="Content-Language">
<title>Our Cousins Website</title>
<link rel="stylesheet" href="stylesheets/main.css" type="text/css">
<script type="text/javascript"> 

function stopRKey(evt) { 
  var evt = (evt) ? evt : ((event) ? event : null); 
  var node = (evt.target) ? evt.target : ((evt.srcElement) ? evt.srcElement : null); 
  if ((evt.keyCode == 13) && (node.type=="text"))  {return false;} 
} 

document.onkeypress = stopRKey; 

</script>

<style type="text/css">
.style1 {
    background-color: #FFFFFF;
}
</style>
</head>

<body>
<div id="main_wrap">
<?php
$u_name = $_GET['u_name'];
$p_word = $_GET['p_word'];
$code = $_GET['code'];

if ($u_name&&$p_word&&$code)
{
$check = mysql_query("SELECT activated FROM fam_members WHERE code='$code'");
$row = mysql_fetch_array($check);
    $activated = $row['activated'];
    if ($activated=='1')
    {
    echo "<h6 class='center'>You have already activated your account. Please login.</h6>";
    }
    else
    {
    mysql_query("UPDATE fam_members SET activated='1' WHERE username='$u_name' AND code='$code'");
    echo "<h6 class='center'>You have sucessfully activated your account.</h6>";
    }
}
?>
    <form method="post" action="checklogin.php">
    <table align="center" cellspacing="6" style="width: 238px" class="style1">
    <tr> 
     <th colspan="2">Login</th>
     </tr>
        <tr>
            <td>Username:</td>
            <td>
                <input name="myusername" type="text">
            </td>
        </tr>
        <tr>
            <td>Password:</td>
            <td>
                <input name="mypassword" type="password">
            </td>
        </tr>
        <tr>
            <td>&nbsp;</td>
            <td>
                <input name="submit" type="submit" value="submit">
            </td>
        </tr>
        <tr>
            <td class="center small-text" colspan="2"><a href="forgot.php?u=u">Forgot Username</a>&nbsp;&nbsp;
            <a href="forgot.php?p=p">Forgot Password</a></td>
        </tr>
        <tr>
            <td class="center small-text" colspan="2">If you forgot both you'll 
            need to contact JD at 612-840-1039 or
            <a href="mailto:jd@mncousins.com">jd@mncousins.com</a>&nbsp; </td>
        </tr>
    </table>
    </form>
</div>
</body>
</html>
<?
}
?>

This script checks if the user is logged in, if not it shows the login form. I you are logged in it redirects to the index page so you can't even get to the login page if you are logged in.

[rhodarose]

You get the errors for two reasons. First the you get
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\xampp\htdocs\DSPI Intranet\index.php on line 29
because you have your $sql statment inside the if statement so it is only being ran if the $_POST['department']; has been sent to the page.
Second the modify_headers is cause you have output on the page already before it gets to checking to see if the login exists already. Put this at the very top before all else

PHP Code:

ob_start(); 


This will allow a new header to be sent even if output to the page has occurred.
Here is the code I use to achieve the same thing I think you want to do.

PHP Code:

<?php
session_start();
if (isset($_SESSION['myusername']))
{
header("location: index.php"); 
}
else
{
require ('connect.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />

<meta content="en-us" http-equiv="Content-Language">
<title>Our Cousins Website</title>
<link rel="stylesheet" href="stylesheets/main.css" type="text/css">
<script type="text/javascript"> 

function stopRKey(evt) { 
  var evt = (evt) ? evt : ((event) ? event : null); 
  var node = (evt.target) ? evt.target : ((evt.srcElement) ? evt.srcElement : null); 
  if ((evt.keyCode == 13) && (node.type=="text"))  {return false;} 
} 

document.onkeypress = stopRKey; 

</script>

<style type="text/css">
.style1 {
    background-color: #FFFFFF;
}
</style>
</head>

<body>
<div id="main_wrap">
<?php
$u_name = $_GET['u_name'];
$p_word = $_GET['p_word'];
$code = $_GET['code'];

if ($u_name&&$p_word&&$code)
{
$check = mysql_query("SELECT activated FROM fam_members WHERE code='$code'");
$row = mysql_fetch_array($check);
    $activated = $row['activated'];
    if ($activated=='1')
    {
    echo "<h6 class='center'>You have already activated your account. Please login.</h6>";
    }
    else
    {
    mysql_query("UPDATE fam_members SET activated='1' WHERE username='$u_name' AND code='$code'");
    echo "<h6 class='center'>You have sucessfully activated your account.</h6>";
    }
}
?>
    <form method="post" action="checklogin.php">
    <table align="center" cellspacing="6" style="width: 238px" class="style1">
    <tr> 
     <th colspan="2">Login</th>
     </tr>
        <tr>
            <td>Username:</td>
            <td>
                <input name="myusername" type="text">
            </td>
        </tr>
        <tr>
            <td>Password:</td>
            <td>
                <input name="mypassword" type="password">
            </td>
        </tr>
        <tr>
            <td>&nbsp;</td>
            <td>
                <input name="submit" type="submit" value="submit">
            </td>
        </tr>
        <tr>
            <td class="center small-text" colspan="2"><a href="forgot.php?u=u">Forgot Username</a>&nbsp;&nbsp;
            <a href="forgot.php?p=p">Forgot Password</a></td>
        </tr>
        <tr>
            <td class="center small-text" colspan="2">If you forgot both you'll 
            need to contact JD at 612-840-1039 or
            <a href="mailto:jd@mncousins.com">jd@mncousins.com</a>&nbsp; </td>
        </tr>
    </table>
    </form>
</div>
</body>
</html>
<?
}
?>

This script checks if the user is logged in, if not it shows the login form. I you are logged in it redirects to the index page so you can't even get to the login page if you are logged in.

The login form show automatically when you run index.php then after the user successfully login she go to the company page

[fileserverdirect]

Change

PHP Code:

header("location: index.php"); 


to

PHP Code:

header("location:company.php");//or whatever your company page is.