2 Replies Latest reply: Apr 13, 2012 12:55 PM by Jonathan Fortis RSS

    user login directing to restrictGoTo = "../denied.php WHAT AM I DOING WRONG?

    Jonathan Fortis Community Member

      i have followed the same process i also do, user signs up then should go to there landing page. but it is sending them to the failed page

       

       

      the input page code is here

      <?php require_once('../Connections/hostprop.php'); ?>

      <?php

      if (!function_exists("GetSQLValueString")) {

      function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

      {

        if (PHP_VERSION < 6) {

          $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

        }

       

       

        $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

       

       

        switch ($theType) {

          case "text":

            $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

            break;   

          case "long":

          case "int":

            $theValue = ($theValue != "") ? intval($theValue) : "NULL";

            break;

          case "double":

            $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

            break;

          case "date":

            $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

            break;

          case "defined":

            $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

            break;

        }

        return $theValue;

      }

      }

       

       

      $editFormAction = $_SERVER['PHP_SELF'];

      if (isset($_SERVER['QUERY_STRING'])) {

        $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

      }

      foreach($_FILES as $files => $_file){

      $_POST[$files]="";

      if($_file['name']!=""){

      $pathinfo=pathinfo($_file['name']);

      $file_name_array = explode(".", basename($_file['name']));

      $filename = $file_name_array[count($file_name_array)-2];

      $_POST[$files]=$file_prefix.$filename.$file_suffix.$date_stamp.".".$pathinfo['extension'];

      }

      }

      if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form4"))

      {

                if($_POST['password'] == $_POST['password2'] && $_POST['email'] == $_POST['email2'])

       

        $insertSQL = sprintf("INSERT INTO think_signup (FirstName, Surname, userid, password, email, ContactMethod, TeleNumber, SalaryReq, PositionReq, skills_offered, cv, needCV, otherComments, location) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",

                             GetSQLValueString($_POST['FirstName'], "text"),

                             GetSQLValueString($_POST['Surname'], "text"),

                                                           GetSQLValueString($_POST['userid'], "text"),

                             GetSQLValueString($_POST['password'], "text"),

                             GetSQLValueString($_POST['email'], "text"),

                             GetSQLValueString($_POST['ContactMethod'], "text"),

                             GetSQLValueString($_POST['TeleNumber'], "text"),

                             GetSQLValueString($_POST['SalaryReq'], "text"),

                             GetSQLValueString($_POST['PositionReq'], "text"),

                             GetSQLValueString($_POST['skills_offered'], "text"),

                             GetSQLValueString($_POST['cv'], "text"),

                                                           GetSQLValueString(isset($_POST['needCV']) ? "true" : "", "defined","'Y'","'N'"),

                                                           GetSQLValueString($_POST['otherComments'], "text"),

                             GetSQLValueString($_POST['location'], "text"));

       

       

        mysql_select_db($database_hostprop, $hostprop);

        $Result1 = mysql_query($insertSQL, $hostprop) or die(mysql_error());

       

       

        $insertGoTo = "php.php";

        if (isset($_SERVER['QUERY_STRING'])) {

          $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

          $insertGoTo .= $_SERVER['QUERY_STRING'];

        }

        header(sprintf("Location: %s", $insertGoTo));

      }

       

       

      $colname_rsReg = "-1";

      if (isset($_SESSION['MM_Username'])) {

        $colname_rsReg = $_SESSION['MM_Username'];

      }

      mysql_select_db($database_hostprop, $hostprop);

      $query_rsReg = sprintf("SELECT * FROM think_signup WHERE userid = %s", GetSQLValueString($colname_rsReg, "text"));

      $rsReg = mysql_query($query_rsReg, $hostprop) or die(mysql_error());

      $row_rsReg = mysql_fetch_assoc($rsReg);

      $totalRows_rsReg = mysql_num_rows($rsReg);mysql_select_db($database_hostprop, $hostprop);

      $query_rsReg = "SELECT * FROM think_signup";

      $rsReg = mysql_query($query_rsReg, $hostprop) or die(mysql_error());

      $row_rsReg = mysql_fetch_assoc($rsReg);

      $totalRows_rsReg = mysql_num_rows($rsReg);

      ?>

       

      form attributes

      <form action="<?php echo $editFormAction; ?>" method="post" name="form4" enctype="multipart/form-data">

      <input type="text" name="FirstName" value="" size="30" />

      <input type="text" name="Surname" value="" size="30" />

      <input name="userid" type="text" size="30"/>

      <input name="password" type="text" id="password" value="" size="30" />

      <input type="text" name="password2" value="" size="30" />

       

                <input type="hidden" name="MM_insert" value="form4" />

              </form>

       

       

      and the landing page is here

       

      <?php require_once('../Connections/hostprop.php'); ?>

      <?php

      //initialize the session

      if (!isset($_SESSION)) {

        session_start();

      }

       

       

      // ** Logout the current user. **

      $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";

      if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){

        $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);

      }

       

       

      if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){

        //to fully log out a visitor we need to clear the session varialbles

        $_SESSION['MM_Username'] = NULL;

        $_SESSION['MM_UserGroup'] = NULL;

        $_SESSION['PrevUrl'] = NULL;

        unset($_SESSION['MM_Username']);

        unset($_SESSION['MM_UserGroup']);

        unset($_SESSION['PrevUrl']);

       

        $logoutGoTo = "../index.php";

        if ($logoutGoTo) {

          header("Location: $logoutGoTo");

          exit;

        }

      }

      ?>

      <?php

      if (!isset($_SESSION)) {

        session_start();

      }

      $MM_authorizedUsers = "";

      $MM_donotCheckaccess = "true";

       

       

      // *** Restrict Access To Page: Grant or deny access to this page

      function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

        // For security, start by assuming the visitor is NOT authorized.

        $isValid = False;

       

       

        // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

        // Therefore, we know that a user is NOT logged in if that Session variable is blank.

        if (!empty($UserName)) {

          // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

          // Parse the strings into arrays.

          $arrUsers = Explode(",", $strUsers);

          $arrGroups = Explode(",", $strGroups);

          if (in_array($UserName, $arrUsers)) {

            $isValid = true;

          }

          // Or, you may restrict access to only certain users based on their username.

          if (in_array($UserGroup, $arrGroups)) {

            $isValid = true;

          }

          if (($strUsers == "") && true) {

            $isValid = true;

          }

        }

        return $isValid;

      }

       

       

      $MM_restrictGoTo = "../denied.php";

      if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  

        $MM_qsChar = "?";

        $MM_referrer = $_SERVER['PHP_SELF'];

        if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

        if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)

        $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];

        $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

        header("Location: ". $MM_restrictGoTo);

        exit;

      }

      ?>

      <?php

      if (!function_exists("GetSQLValueString")) {

      function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

      {

        if (PHP_VERSION < 6) {

          $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

        }

       

       

        $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

       

       

        switch ($theType) {

          case "text":

            $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

            break;   

          case "long":

          case "int":

            $theValue = ($theValue != "") ? intval($theValue) : "NULL";

            break;

          case "double":

            $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

            break;

          case "date":

            $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

            break;

          case "defined":

            $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

            break;

        }

        return $theValue;

      }

      }

       

       

      $colname_Recordset1 = "-1";

      if (isset($_SESSION['MM_Username'])) {

        $colname_Recordset1 = $_SESSION['MM_Username'];

      }

      mysql_select_db($database_hostprop, $hostprop);

      $query_Recordset1 = sprintf("SELECT * FROM think_signup WHERE email = %s", GetSQLValueString($colname_Recordset1, "text"));

      $Recordset1 = mysql_query($query_Recordset1, $hostprop) or die(mysql_error());

      $row_Recordset1 = mysql_fetch_assoc($Recordset1);

      $totalRows_Recordset1 = mysql_num_rows($Recordset1);

      ?>

      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

      <html xmlns="http://www.w3.org/1999/xhtml">

      <head>

      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

      <title>Untitled Document</title>

      </head>

       

       

      <body>

      <p><a href="<?php echo $logoutAction ?>">Log out</a>

      </p>

      <p><?php echo $row_Recordset1['userid']; ?></p>

      <p><?php echo $row_Recordset1['FirstName']; ?></p>

      <p><?php echo $row_Recordset1['Surname']; ?></p>

      <p> </p>

      </body>

      </html>

      <?php

      mysql_free_result($Recordset1);

      ?>