direct to main page using header(session)
anyone know how can i work on this when user login in url http://mysite.com/login.php?u=whitewingz&p=password it will direct quickly in main page or index.php?do=main the login page will not appear just the index.php?do=main only.. or can anyone convert this for help?
mine...
and convert into this
thanks for help..
mine...
PHP Code:
<?php
session_name("PHPSESSID");
session_start();
include("iconfiger.php");
include("icorer.php");
header("Content-type: text/html; charset=ISO-8859-1");
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
echo "<html>";
echo "<head>";
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />
<meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>
<meta name=\"description\" content=\"mobile interactive community that can be access wherever you are in the world. It is made to connect people and to establish unity with tones of new exciting features like Scrembox, Forums, Articles, Chatrooms, Downloads, Clubs, Photo Gallery, Blogs, Polls, Chappel, Rpg Game, Lucky9, Jack En Poy, Spin The Wheel, Virtual Pets, Wap Jueteng And More Options That Entertain You And Makes You Busy\"/>
<meta name=\"keywords\" content=\"ptrix, pinoytrix, whitewingz, free, community, forums, chat, wap, communicate, free sms, mp3, scandals, videos, games, downloads, scripts, ringtones, porn, xxx, hot, new, latest\"/>
<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
echo "</head>";
echo "<body>";
connectdb();
$bcon = connectdb();
if (!$bcon)
{
echo "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>";
echo "Cant connect to database<br/>";
echo "This error happens usually when backing up the database, please be patient, The site will be up any minute<br/>";
echo "Thank You Very Much<br/><a href=\"index.php\">Home</a><br/><div class=\"foot\">$mysite</div></div>";
echo "<br/>Page Took ";
$load = microtime();
print (number_format($load,2));
echo " Seconds";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
$nick = safe(cleanInput($_GET["u"]));
$pwd = safe(cleanInput($_GET["p"]));
$myid = getuid_name($nick);
$style = mysql_fetch_array(mysql_query("SELECT mystyle FROM ibwf_xx_users WHERE id='".$myid."'"));
$user = mysql_fetch_array(mysql_query("SELECT name FROM ibwf_xx_users WHERE id='".$myid."'"));
$ubrowser = safe($_SERVER['HTTP_USER_AGENT']);
$uipadd = getip();
$tolog = false;
echo "<title>$user[0]-$toptitle*</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$style[0]\"/>";
echo "</head>";
echo "<div align=\"center\">";
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_xx_users WHERE lgname='".$nick."'"));
if($uinf[0]==0)
{
$brws = explode(" ",$HTTP_USER_AGENT);
$ubr = $brws[0];
$ip = $_SERVER['REMOTE_ADDR'];
//Check for user ID
echo "<div class=\"notice\"><div class=\"mid\"><b>PinoyTrix</b></div><div class=\"error\">Error.!!<br/>User Does Not Exist Or Not Yet Registered<br/><a href=\"reister.php\">Register It Now</a><br/></div>";
}else{
//check for pwd
$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_xx_users WHERE lgname='".$nick."' AND passwod='".$epwd."'"));
if($uinf[0]==0)
{
echo "<div class=\"notice\"><div class=\"mid\"><b>PinoyTrix</b></div><div class=\"error\">Error.!!<br/>Are You Trying To Guess Your Password Or What?<br/>If you forgot your own password<br/>just retrieve it <a href=\"forgotpw.php\">HERE</a><br/></div>";
}else{
$logedin = mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_xx_ses WHERE uid='".$myid."'"));
//i altered the if statement here to //accomodate more login attempt and //by that you can access it always. //.Remod by escape_string
if($logedin[0]=='100')
{
mysql_query("DELETE FROM ibwf_xx_ses WHERE uid='".$iduser."'");
}else{
$tm = (time() - $timeadjust) ;
$xtm = $tm + (getsxtm()*60);
$did = $uid.$tm;
$res = mysql_query("INSERT INTO ibwf_xx_ses SET id='".md5($did)."', uid='".$myid."', expiretm='".$xtm."'");
if($res)
{
$tolog=true;
echo "<div class=\"all\"><div class=\"logo\"><div align=\"left\"><img src=\"style/pitrix.gif\" alt=\"ptrix\" /></div></div><div class=\"right\"><b>Welcome to PinoyTrix!</b></div>";
$_SESSION['sid'] = md5($did);
echo "You are now Login $user[0]!<br/>";
echo "[<a href=\"index.asp\">";
echo " Enter PinoyTrix</a>]";
echo "<br/>Your refferal link:<br/><font color=\"tomato\">pinoytrix.com/refer=$userid[0]<br/></font>";
$lact = mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_xx_users WHERE id='".$userid."'"));
$lst = $lact[0];
mysql_query("UPDATE ibwf_xx_users SET lastvst='".$lst."', lastact='".time()."', browserm='".$ubrowser."', ipadd='".$uipadd."' WHERE id='".$myid."'");
}
}
}
}
if($tolog)
{
echo "<br/>";
echo "Book Mark This Page To Avoid Typing<br/>your Username and Password Again.<br/>Dont Forget to Tell your Friends About This Great Site! :)";
$sid = safe(cleanInput(base64_encode($did)));
echo "$udata[1]<br/>";
echo "<div class=\"foot\"><b>$mysite</b></div>";
echo "<div class=\"footop\"><center>Reloaded ";
$load = microtime();
print (number_format($load,5));
echo "s";
echo "</div>";
}else{
echo "<br/>";
echo "<div class=\"foot\"><b>$mysite</b></div>";
echo "<div class=\"footop\"><center>Reloaded ";
$load = microtime();
print (number_format($load,5));
echo "s";
echo "</div>";
echo "</body>";
}
exit();
?>
</html>
PHP Code:
<?php
// start session
session_start();
if (array_key_exists('username', $_SESSION)) {
// user already authenticated
header('location: index.php');
}
if ($_POST) {
if (array_key_exists('username', $_POST)) {
require_once('codes/dal.php');
$dal = new DataAccessLayer();
$user = trim($_POST['username']);
$pass = trim($_POST['password']);
$pass = bin2hex(md5($pass, TRUE ));
// join the 'users' and 'roles' tables
$sql = 'select '
. 'u.id '
. ',u.username '
. ',u.password '
. ',u.role_id '
. ',r.name '
. ',u.full_name '
. ',u.email '
. ',u.description '
. 'from users as u '
. 'join roles as r on u.role_id = r.id '
. 'where u.username = \'' . $user . '\'';
$result = $dal->query($sql);
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
if ($pass == $row['password']) {
// create session variables
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['full_name'] = $row['full_name'];
$_SESSION['role_id'] = $row['role_id'];
$_SESSION['role_name'] = $row['name'];
$_SESSION['email'] = $row['email'];
$_SESSION['password'] = $row['password'];
// check if password is default
if($pass == bin2hex(md5('pass', TRUE ))) {
$_SESSION['default'] = true;
// login successful - but password needs to be changed
header('location: users/change_password.php');
} else {
// login successful - redirect to home page
header('location: index.php');
}
} else {
$err = '<tr><td colspan="2">'
. '<div class="error-message">The username and/or password you entered is invalid.</div>'
. '</td></tr>';
}
} else {
$err = '<tr><td colspan="2">'
. '<div class="error-message">The username and/or password you entered is invalid.</div>'
. '</td></tr>';
}
}
}
?>
thanks for help..
Comment