I forgot about the mail thing...
Begin forwarded message:
From: Philip Thompson <philthathril@xxxxxxxxx>
Date: June 17, 2008 6:52:15 PM CDT
To: PHP-General List <php-general@xxxxxxxxxxxxx>
Subject: Re: Password Protecting a page and email notification
On Jun 17, 2008, at 5:33 PM, R.C. wrote:
I'm going to ask you PHP gurus if someone can give me a hand in
trying to
get this resolved. I'm fairly new to PHP and learning as I go.
I've got two page "login.php" and video.php. Video.php is supposed
to be
protected i.e. if someone clicks on the direct link or brings up
the page in
a browser, it comes back with an error message and a request to
link to
"login.php"... they type in their username/pasword and it opens up
the
video.php so they can download videos.
I actually managed to accomplish that with the following code which
sits at
the top of video.php. I also created a form on "login.php" for
user input.
So far so good. However, we also need an email to be sent to the
site owner
when someone logs in plus their name. For the hell of me, I can't
figure
out how to combine the two elements. I tried a lot of things
sofar, but
nothing works. It's either the page gets protected OR the email
gets sent,
depending on what I leave in the script. I tried using part of
Jenny's
script which is great for email forms but I can't combine this
whole thing.
Heeeelp!!
/*this is the code that sits at the top of the protected page*
which works
actually fine for the protection*/
<?php
session_start();
$_SESSION ['username'] = $_POST ['user'];
$_SESSION ['userpass'] = $_POST ['pass'];
$_Session ['authuser'] = 0;
if (($_SESSION['username'] == 'logon') and
($_SESSION['userpass'] == 'password')) {
$_SESSION['authuser'] = 1;
} else {
echo "I'm sorry, access is denied <br />";
echo "Please log in at <a href='login.php'> HERE</a> to enter your
Username and Password";
exit();
}
Can this be done on one form i.e. login.php? I have 4 textfields
set up:
username, password, email, name (for the person sending the
email...)..
some if clause somewhere?
Best
R.C.
I think you're heading the right direction. I'd do something like
this...
<?php
// login.php
session_start();
if (isset ($_POST['confirm'])) {
if ($_POST['user'] != 'logon' || $_POST['pass'] != 'password') {
header ("location: login.php?code=i");
exit;
}
$_SESSION['username'] = $_POST['user'];
$_SESSION['userpass'] = $_POST['pass'];
$_SESSION['authuser'] = true;
$to = $_POST['user'] . " <".$_POST['email'].">";
$subject = $_POST['user'] . " logged in";
$message = "Whatever you want in here...";
$headers = "From: MyCoolSite <mycoolsite@xxxxxxxxx>\r\n";
$headers .= "Cc: Bob the Boss <bobtheboss@xxxxxxxxx>\r\n";
mail ($to, $subject, $message, $headers);
header ("location: video.php");
exit;
} else {
unset ($_SESSION['authuser']);
}
?>
<html>
<?php if ($_GET['code'] == 'i') { ?>
<p>Invalid login. Please try again.</p>
<?php } ?>
<form action="login.php" method="post">
<!-- Other fields here -->
<input type="hidden" name="confirm" value="1" />
</form>
</html>
That's how you can start it. At the top of the login.php page, check
to see if the form has been submitted/post'ed. If it has, check for
the correct username and password. If fail, send back to the login
page with an error code - don't make the user click to go back to
the login. If success, THEN assign the session variables and
redirect to the video page.
Just a side note. Maybe this is just an example that you sent us,
but I would strongly recommend NOT using 'password' as the password.
=D If each user is going to have his/her own username/password, then
I'd use a database to store that info - that can be another thread
or a search of the archives. ;)
Hope that helps.
~Philip
"Personally, most of my web applications do not have to factor 13.7
billion years of space drift in to the calculations, so PHP's rand
function has been great for me..." ~S. Johnson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
