Jump to content

Help with path in script


flashmaster
 Share

Recommended Posts

Hi, i need some help with a login script that im trying to implement under PW. When im enter the protectedpage.php it goes to login.php and then i fill in username/password and press login it just refreshes the login.php again and the input fields are empty. It should go to protectedpage.php after that but its not working. I think that there is a path och paths in the script that its wrong. All files are in the root of the template folder and i have a database table that im trying to fetch. I have also added the pages as templates in admin.

If you see anything wrong with this please help. /thanks

 

protectedpage.php

<?php
	session_start();
	require_once('config.php');
	//phpinfo();

	if(isset($_SESSION['id'])){ 
?>

<!doctype html>
<html lang="sv-se">
<head>	
	
</head>
<body>
	
	Lorem ipsum sit dolor amet.
 	
</body>
</html>

<?php 

 }
	else{ 
		header( "Location:../protectedpage");
	 }
?>

 

login.php

<?php
session_start();
require_once( 'config.php' );
if ( isset( $_SESSION[ 'id' ] ) ) {
	header( "Location:protectedpage.php" );
} else {
	?>

	<!DOCTYPE html>
	<html>

	<head>
		<title>Logga in</title>
		<link rel="stylesheet" href="<?=$config->urls->templates;?>css/login.css">
		<script type="text/javascript" src="<?=$config->urls->templates;?>js/login.js"></script>
	</head>

	<body style="background-color:#bdc3c7">
		<div id="main-wrapper">
			<center>
				<h2>Logga in</h2>
			</center>

			<form action="../login" method="post" onsubmit="return validate(this);">

				<div class="inner_container">
					<div class="formgroup"><label class="lable-side"><b>Epost</b></label> <input type="text" class="text-side" name="email" id="email" value="<?php if(isset($_POST['login'])) { echo $_POST['email']; } else{ }  ?>" autofocus>
					</div>

					<div class="formgroup"><label class="lable-side"><b>Lösenord</b></label>
						<input type="password" id="password" class="text-side" name="password">
					</div>
					<div class="btngrp"><button class="login_button" name="login" type="submit">Login</button>
						<button type="reset" class="reset_btn">Återställ</button>
					</div>
					<div class="register_div"><a href="../register" class="register_link"><span>Registrera ny användare</span></a>
					</div>
				</div>
			</form>

			<?php
			if ( isset( $_POST[ 'login' ] ) ) {
				$email = $_POST[ 'email' ];
				$password = $_POST[ 'password' ];

				$query = $con->prepare( "select * from users where email=?" );
				$query->bind_param( 's', $email );

				$query->execute();
				$result = $query->get_result();
				$row = $result->fetch_assoc();

				$hash_pwd = $row[ 'password' ];
				$hash = password_verify( $password, $hash_pwd );

				if ( $hash == 0 ) {
					echo '<script type="text/javascript">alert("Invalid Credentials")</script>';
				} else {

					$query = $con->prepare( "select * from users where email='$email' and password=? " );
					$query->bind_param( 's', $hash_pwd );
					$query->execute();
					$query_run = $query->get_result();
					//echo mysql_num_rows($query_run);
					if ( $query_run ) {
						if ( mysqli_num_rows( $query_run ) > 0 ) {
							$row = mysqli_fetch_array( $query_run, MYSQLI_ASSOC );
							$_SESSION[ 'email' ] = $row[ 'email' ];
							$_SESSION[ 'id' ] = $row[ 'id' ];



							header( "Location:../protectedpage" );
						} else {
							echo '<script type="text/javascript">alert("No such Email exists. Invalid Credentials")</script>';
						}
					} else {
						echo '<script type="text/javascript">alert("Database Error")</script>';
					}

				}

			} else {}
			?>

		</div>
	</body>

	</html>

	<?php  } ?>

 

config.php

<?php
$con = mysqli_connect( "localhost", "root", "htf43434" )or die( 'Database connect ' . mysql_error() );
mysqli_select_db( $con, 'ksf' );
?>

 

 

 

Link to comment
Share on other sites

Hello @flashmaster,

First thing that caught my eye, you should edit your post to remove the database password. 

This appears to be a stand-alone php script designed to restrict access to specific pages, and not one normally associated with ProcessWire.

ProcessWire has it's own built-in functions and supporting modules for governing access to pages or by certain roles, etc. Have a look:

https://processwire.com/talk/topic/15261-best-method-for-restricting-page-access/

Or Adrian's excellent module

https://processwire.com/talk/topic/11499-admin-restrict-branch/

The point is that you don't need to spend time converting a script to work with ProcessWire, when ProcessWire has the features either built-in or readily available. And should you have any questions the support forum is the place to be.

 

  • Like 2
Link to comment
Share on other sites

Hi and thanks for the reply. Ok just to be clear, i dont need to manage the script in the admin/backend. I just want it to connect to the database. I dont want users to be able to login to the admin area just a general password that i have set in the database. It works with the database outside the template folder just to be clear. Im a total beginner at php and this script is from github. The database file is just an example not the correct one :) Dont have the experience to build something from scratch, just want this script to work right now. 

I have tested the module "page protector" but i dont want the user to have access to the admin with its password. And also there is no "Log out" function. Also i want to style the login page.

Link to comment
Share on other sites

11 hours ago, flashmaster said:

I have tested the module "page protector" but i dont want the user to have access to the admin with its password. And also there is no "Log out" function. Also i want to style the login page.

Page Protector doesn't require access to the admin to work. It's easy to create your own logout link (https://processwire.com/talk/topic/684-client-logout-page/). Page Protector lets you style the login page however you want :)

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...