p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: access_logger.php problem


Message #1 by "Anton Vorster" <avorster@k...> on Sun, 22 Sep 2002 12:34:13
I have added some code near the beginning of access_logger.php (Chapter 
13) to get around the register_globals=off issue. The script works fine 
for multiple accesses to the same page, but when I want to access a 
different page after logging in, I am again presented wiith the login 
screen. Everything works fine with register_globals=on.

Please Nik, or anybody else ... I'm a newbie and desperate to get this to 
work.

Thanks in advance,
Anton


<?php
//access_logger.php
include "./common_db.inc";
$exclude_dirs = array('/', '/info', '/contact');
$exclude_files = array('index.html', 'info.html', 'index.php');
$user_tablename = 'user';
$access_log_tablename = 'access_log';

if (!empty($_GET)) {
extract($_GET);
}

if (!empty($_POST)) {
extract($_POST);
}

$PHP_SELF = $_SERVER['PHP_SELF'];

function login_form() {
   global $PHP_SELF;

html_header();

?>

<BODY>
<FORM METHOD="POST" ACTION="<? echo $_SERVER['PHP_SELF'] ?>">
   <DIV ALIGN="CENTER"><CENTER>
      <H3 class="heading">Please log in</H3>   <TABLE WIDTH="240" 
BORDER="0" CELLPADDING="2" bgcolor="#bbbbee">
        <TR>
          <TH class="default" WIDTH="18%" ALIGN="RIGHT" NOWRAP>ID:</TH>
         <TD WIDTH="82%" NOWRAP>
            <INPUT TYPE="TEXT" NAME="userid" SIZE="14">
         </TD>
      </TR>
      <TR>
          <TH class="default" WIDTH="18%" ALIGN="RIGHT" 
NOWRAP>Password:</TH>
         <TD WIDTH="82%" NOWRAP>
            <INPUT TYPE="PASSWORD" NAME="userpassword" SIZE="14">
         </TD>
      </TR>
      <TR>
         <TD WIDTH="100%" COLSPAN="2" ALIGN="CENTER" NOWRAP>
            <INPUT TYPE="SUBMIT" VALUE="LOGIN" NAME="Submit">
         </TD>
      </TR>
   </TABLE>
   </CENTER></DIV>
</FORM>

<div align="center" class="default">
Not yet registered? Register <a href="register.php">here</a></div>
</BODY>
</HTML>
<?
}

function do_authentication() {
   global $PHP_AUTH_USER, $PHP_AUTH_PW, $PHP_SELF;
   global $userid, $userpassword, $register_script;
   global $default_dbname, $user_tablename, $access_log_tablename;
   global $MYSQL_ERROR, $MYSQL_ERRNO;
   
   if(!isset($userid)) {
      login_form();
      exit;
   }
 //  else session_register("userid", "userpassword");
 else  $_SESSION[userid];
 		$_SESSION["userpassword"];
  
   $link_id = db_connect($default_dbname);
   $query = "SELECT userfirstname FROM $user_tablename 
             WHERE userid = '$userid' 
             AND userpassword = password('$userpassword')";
   $result = mysql_query($query);

   if(!mysql_num_rows($result)) {
      session_unregister("userid");
      session_unregister("userpassword");
      echo "Authorization failed. " .
         "You must enter a valid userid and password combo. " .
         "Click on the following link to try again.<BR>\n";
      echo "<A HREF=\"$PHP_SELF\">Login</A><BR>";    
      echo "If you're not a member yet, click on the " .
           "following link to register.<BR>\n";
      echo "<A HREF=\"$register_script\">Membership</A>";    
      exit;
   }
   else {
      $query = "UPDATE $user_tablename SET lastaccesstime = NULL
                WHERE userid = '$userid'";
      $result = mysql_query($query);

      $num_rows = mysql_affected_rows($link_id);
      if($num_rows != 1) die(sql_error());

      $query = "SELECT userid FROM $access_log_tablename
                            WHERE page = '$_SERVER[PHP_SELF]' AND userid 
= '$userid'"; 
      $result = mysql_query($query);
    
      if(!mysql_num_rows($result)) 
         $query = "INSERT INTO $access_log_tablename 
                         VALUES ('$_SERVER
[PHP_SELF]', '$exercise', '$userid', 1, 0, NULL)";

      else $query = "UPDATE $access_log_tablename 
                     SET visitcount = visitcount + 1, accessdate = NULL 
                     WHERE page = '$_SERVER[PHP_SELF]' AND userid 
= '$userid'";

      mysql_query($query);

      $num_rows = mysql_affected_rows($link_id);
      if($num_rows != 1) die(sql_error());
   }
}

$filepath = dirname($_SERVER['PHP_SELF']);
$filename = basename($_SERVER['PHP_SELF']);

if($filepath == '') $filepath = '/';

$auth_done = 0;

for($j=0; $j < count($exclude_dirs); $j++) {
   if($exclude_dirs[$j] == $filepath) break;
   else {
      for($i=0; $i< count($exclude_files); $i++) {
         if($exclude_files[$i] == $filename) break;
         else {
            session_start();
            do_authentication();
            $auth_done = 1;
            break;
         }
      }
   }
   if($auth_done) break;
}
?>

  Return to Index