Skip navigation
Currently Being Moderated

user login directing to restrictGoTo = "../denied.php WHAT AM I DOING WRONG?

Apr 13, 2012 4:52 AM

i have followed the same process i also do, user signs up then should go to there landing page. but it is sending them to the failed page

 

 

the input page code is here

<?php require_once('../Connections/hostprop.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

 

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

 

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

foreach($_FILES as $files => $_file){

$_POST[$files]="";

if($_file['name']!=""){

$pathinfo=pathinfo($_file['name']);

$file_name_array = explode(".", basename($_file['name']));

$filename = $file_name_array[count($file_name_array)-2];

$_POST[$files]=$file_prefix.$filename.$file_suffix.$date_stamp.".".$pa thinfo['extension'];

}

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form4"))

{

          if($_POST['password'] == $_POST['password2'] && $_POST['email'] == $_POST['email2'])

 

  $insertSQL = sprintf("INSERT INTO think_signup (FirstName, Surname, userid, password, email, ContactMethod, TeleNumber, SalaryReq, PositionReq, skills_offered, cv, needCV, otherComments, location) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",

                       GetSQLValueString($_POST['FirstName'], "text"),

                       GetSQLValueString($_POST['Surname'], "text"),

                                                     GetSQLValueString($_POST['userid'], "text"),

                       GetSQLValueString($_POST['password'], "text"),

                       GetSQLValueString($_POST['email'], "text"),

                       GetSQLValueString($_POST['ContactMethod'], "text"),

                       GetSQLValueString($_POST['TeleNumber'], "text"),

                       GetSQLValueString($_POST['SalaryReq'], "text"),

                       GetSQLValueString($_POST['PositionReq'], "text"),

                       GetSQLValueString($_POST['skills_offered'], "text"),

                       GetSQLValueString($_POST['cv'], "text"),

                                                     GetSQLValueString(isset($_POST['needCV']) ? "true" : "", "defined","'Y'","'N'"),

                                                     GetSQLValueString($_POST['otherComments'], "text"),

                       GetSQLValueString($_POST['location'], "text"));

 

 

  mysql_select_db($database_hostprop, $hostprop);

  $Result1 = mysql_query($insertSQL, $hostprop) or die(mysql_error());

 

 

  $insertGoTo = "php.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

 

 

$colname_rsReg = "-1";

if (isset($_SESSION['MM_Username'])) {

  $colname_rsReg = $_SESSION['MM_Username'];

}

mysql_select_db($database_hostprop, $hostprop);

$query_rsReg = sprintf("SELECT * FROM think_signup WHERE userid = %s", GetSQLValueString($colname_rsReg, "text"));

$rsReg = mysql_query($query_rsReg, $hostprop) or die(mysql_error());

$row_rsReg = mysql_fetch_assoc($rsReg);

$totalRows_rsReg = mysql_num_rows($rsReg);mysql_select_db($database_hostprop, $hostprop);

$query_rsReg = "SELECT * FROM think_signup";

$rsReg = mysql_query($query_rsReg, $hostprop) or die(mysql_error());

$row_rsReg = mysql_fetch_assoc($rsReg);

$totalRows_rsReg = mysql_num_rows($rsReg);

?>

 

form attributes

<form action="<?php echo $editFormAction; ?>" method="post" name="form4" enctype="multipart/form-data">

<input type="text" name="FirstName" value="" size="30" />

<input type="text" name="Surname" value="" size="30" />

<input name="userid" type="text" size="30"/>

<input name="password" type="text" id="password" value="" size="30" />

<input type="text" name="password2" value="" size="30" />

 

          <input type="hidden" name="MM_insert" value="form4" />

        </form>

 

 

and the landing page is here

 

<?php require_once('../Connections/hostprop.php'); ?>

<?php

//initialize the session

if (!isset($_SESSION)) {

  session_start();

}

 

 

// ** Logout the current user. **

$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";

if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){

  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);

}

 

 

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){

  //to fully log out a visitor we need to clear the session varialbles

  $_SESSION['MM_Username'] = NULL;

  $_SESSION['MM_UserGroup'] = NULL;

  $_SESSION['PrevUrl'] = NULL;

  unset($_SESSION['MM_Username']);

  unset($_SESSION['MM_UserGroup']);

  unset($_SESSION['PrevUrl']);

 

  $logoutGoTo = "../index.php";

  if ($logoutGoTo) {

    header("Location: $logoutGoTo");

    exit;

  }

}

?>

<?php

if (!isset($_SESSION)) {

  session_start();

}

$MM_authorizedUsers = "";

$MM_donotCheckaccess = "true";

 

 

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

  // For security, start by assuming the visitor is NOT authorized.

  $isValid = False;

 

 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

  // Therefore, we know that a user is NOT logged in if that Session variable is blank.

  if (!empty($UserName)) {

    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

    // Parse the strings into arrays.

    $arrUsers = Explode(",", $strUsers);

    $arrGroups = Explode(",", $strGroups);

    if (in_array($UserName, $arrUsers)) {

      $isValid = true;

    }

    // Or, you may restrict access to only certain users based on their username.

    if (in_array($UserGroup, $arrGroups)) {

      $isValid = true;

    }

    if (($strUsers == "") && true) {

      $isValid = true;

    }

  }

  return $isValid;

}

 

 

$MM_restrictGoTo = "../denied.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  

  $MM_qsChar = "?";

  $MM_referrer = $_SERVER['PHP_SELF'];

  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)

  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];

  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

  header("Location: ". $MM_restrictGoTo);

  exit;

}

?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

 

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

 

$colname_Recordset1 = "-1";

if (isset($_SESSION['MM_Username'])) {

  $colname_Recordset1 = $_SESSION['MM_Username'];

}

mysql_select_db($database_hostprop, $hostprop);

$query_Recordset1 = sprintf("SELECT * FROM think_signup WHERE email = %s", GetSQLValueString($colname_Recordset1, "text"));

$Recordset1 = mysql_query($query_Recordset1, $hostprop) or die(mysql_error());

$row_Recordset1 = mysql_fetch_assoc($Recordset1);

$totalRows_Recordset1 = mysql_num_rows($Recordset1);

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

 

 

<body>

<p><a href="<?php echo $logoutAction ?>">Log out</a>

</p>

<p><?php echo $row_Recordset1['userid']; ?></p>

<p><?php echo $row_Recordset1['FirstName']; ?></p>

<p><?php echo $row_Recordset1['Surname']; ?></p>

<p> </p>

</body>

</html>

<?php

mysql_free_result($Recordset1);

?>

 
Replies
  • Currently Being Moderated
    Apr 13, 2012 10:03 AM   in reply to Jonathan Fortis

    You are checking if the email fields match - but I don't see them in the form.

    Is the data actually getting inserted into the DB? I would think not

    Why are you using multipart/form-data when there is no file field in the form?

    If the email and password fields don't match, you end up executing most of the code anyway. Why?

     

    Lots of other errors too.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points