permission denied when u are not login.
when i'm not login, i was not allowed to post new thread...how to code this??
i have a script that i want to add it in the website, users that are not login are not allowed to use the script. how am i suppose to do that??
Mark Hensler posted this at 05:20 — 11th December 2001.
He has: 4,048 posts
Joined: Aug 2000
You should get a good book on handling sessions. (I'm afraid I don't know of any
)
Basically, you monitor those users who are logged in. Then before you grant access to an area, you check their session. If there is no session or the user has insufficient rights, you throw them out the door.
Mark Hensler
If there is no answer on Google, then there is no question.
joyce posted this at 05:59 — 11th December 2001.
They have: 164 posts
Joined: Nov 2001
i have a page where users are not allowed to view that page if they are not login. the login page(a.php) will prompt out asking users to login or register.
my problem is, after the users key in login name and password and click 'login'...it will go to page not found. and not go back to the page b4 the a.php was prompt.
this is my code:
<?phpif (isset($first_ques))
{
continue_quiz();
}
else if (isset($language[take_quiz]))
{
$permissions=getpermissions();
if (!$permissions[canview] or !$permissions[canpostnew]) {
show_nopermission();
}
else
start_quiz();
}
?>
this is a.php:
<?php
if ($action==\"login\") {
include(\"./global.php\");
if (isset($username)) {
// get userid for given username
if ($user=$DB_site->query_first(\"SELECT userid,username,password,cookieuser FROM user WHERE username='\".addslashes(htmlspecialchars($username)).\"'\")) {
if ($user['password']!=md5($password)) { // check password
eval(\"standarderror(\\"\".gettemplate(\"error_wrongpassword\").\"\\");\");
exit;
}
$userid=$user[userid];
} else { // invalid username entered
eval(\"standarderror(\\"\".gettemplate(\"error_wrongusername\").\"\\");\");
exit;
}
if ($user['cookieuser']==1) {
vbsetcookie(\"bbuserid\",$user['userid']);
vbsetcookie(\"bbpassword\",$user['password']);
}
$DB_site->query(\"DELETE FROM session WHERE sessionhash='\".addslashes($session[dbsessionhash]).\"'\");
$session['sessionhash']=md5(uniqid(microtime()));
$session['dbsessionhash']=$session['sessionhash'];
$DB_site->query(\"INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('\".addslashes($session['sessionhash']).\"','\".intval($userid).\"','\".addslashes($session['host']).\"','\".addslashes($session['useragent']).\"','\".time().\"','$session[styleid]')\");
vbsetcookie(\"sessionhash\",$session['sessionhash'],0);
$username = $user['username'];
}
$url=ereg_replace(\"sessionhash=[a-z0-9]{32}&\",\"\",$url);
$url=ereg_replace(\"\\?sessionhash=[a-z0-9]{32}\",\"\",$url);
$url=ereg_replace(\"s=[a-z0-9]{32}&\",\"\",$url);
$url=ereg_replace(\"\\?s=[a-z0-9]{32}\",\"\",$url);
if ($url!=\"\" and $url!=\"index.php\" and $url!=$HTTP_REFERER) {
if (strpos($url,\"?\")>0) {
$url.=\"&s=$session[dbsessionhash]\";
} else {
$url.=\"?s=$session[dbsessionhash]\";
}
$url = str_replace(\"\\"\", \"\", $url);
eval(\"standardredirect(\\"\".gettemplate(\"redirect_login\").\"\\",\\"$url\\");\");
} else {
$bbuserinfo=getuserinfo($userid);
eval(\"standardredirect(\\"\".gettemplate(\"redirect_login\").\"\\",\\"$HTTP_REFERER\\");\");
}
}
?>
this is the function getpermissions:
[Admin Edit: Removed at the request of vBulletin. Please be carefull what code you post. ;)]
and this is the function show_nopermissions:
<?php
function show_nopermission() {
global $bbtitle,$logincode,$url,$scriptpath,$bbuserinfo,$session;
// generate 'logged in as:' box or username and pwd box
if (!$logincode) {
$logincode=makelogincode();
}
if ($bbuserinfo[userid]==0) {
eval(\"standarderror(\\"\".gettemplate(\"error_nopermission_loggedout\").\"\\");\");
} else {
eval(\"standarderror(\\"\".gettemplate(\"error_nopermission_loggedin\").\"\\");\");
}
exit;
}
?>
pls help...really confuse here..
Mark Hensler posted this at 06:58 — 11th December 2001.
He has: 4,048 posts
Joined: Aug 2000
I'm not familiar with vB code, sorry.
Try doing some basic debug stuff...
throw echo() everyewhere:
<?phpif (isset($first_ques)) {
echo \"I am continuing the quiz<BR>\n\";
continue_quiz();
}
else if (isset($language[take_quiz])) {
echo \"I am checking permissions<BR>\n\";
$permissions=getpermissions();
if (!$permissions[canview] or !$permissionscanpostnew]) {
echo \"No permissions |$permissions[canview]|$permissionscanpostnew|<BR>\n\";
show_nopermission();
}
else {
echo \"Starting quiz<BR>\n\";
start_quiz();
}
}
?>
Mark Hensler
If there is no answer on Google, then there is no question.
joyce posted this at 09:27 — 11th December 2001.
They have: 164 posts
Joined: Nov 2001
i got this two lines when i click the submit button:
I am checking permissionsNo permissions |1||
i tried to login....and i got this error:
Fatal error: Call to a member function on a non-object in /usr/local/plesk/apache/vhosts/certifyexpress.com/httpdocs/exam/bea/member.php on line 47line 47 of member.php:
<?phpif ($user=$DB_site->query_first(\"SELECT userid,username,password,cookieuser FROM user WHERE username='\".addslashes(htmlspecialchars($username)).\"'\")) {
?>
Mark Hensler posted this at 16:27 — 11th December 2001.
He has: 4,048 posts
Joined: Aug 2000
This is your problem. I think that your IF statement should be an AND, not an OR.
I don't know what is causing the error on line 47.
Mark Hensler
If there is no answer on Google, then there is no question.
joyce posted this at 04:20 — 12th December 2001.
They have: 164 posts
Joined: Nov 2001
hmm..still cannot solved the problem...
johnpitter posted this at 10:12 — 11th March 2011.
They have: 7 posts
Joined: Mar 2011
I think your database connection is not don't proper.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.