Menu
i am new to php and i am trying to use a login redirect php scrip. i download and install it but when i try to use it on the page i want to protect i get the following erroer:
[QUOTE]
Call to undefined function: allow_access() in /homepages/40/d267348730/htdocs/iveytrust/index12.php on line 19
can anyone help me debug the allow_access function is there?
[code=php]<?php
//function to get the date
function last_login()
{
$date = gmdate("Y-m-d");
return $date;
}
//function that sets the session variable
function sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $user, $pass)
{
//make connection to dbase
$connection = @mysql_connect($server, $dbusername, $dbpassword)
or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)
or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE username = '$user' and password = password('$pass')";
$result = @mysql_query($sql, $connection) or die(mysql_error());
//get the number of rows in the result set
$num = mysql_num_rows($result);
//set session variables if there is a match
if ($num != 0)
{
while ($sql = mysql_fetch_object($result))
{
$_SESSION[first_name] = $sql -> firstname;
$_SESSION[last_name] = $sql -> lastname;
$_SESSION[user_name] = $sql -> username;
$_SESSION[password] = $sql -> password;
$_SESSION[group1] = $sql -> group1;
$_SESSION[group2] = $sql -> group2;
$_SESSION[group3] = $sql -> group3;
$_SESSION[pchange] = $sql -> pchange;
$_SESSION[email] = $sql -> email;
$_SESSION[redirect] = $sql -> redirect;
$_SESSION[verified] = $sql -> verified;
$_SESSION[last_login] = $sql -> last_login;
}
}else{
$_SESSION[redirect] = "$base_dir/errorlogin.html";
}
}
//functions that will determine if access is allowed
function allow_access($group)
{
if ($_SESSION[group1] == "$group" || $_SESSION[group2] == "$group" || $_SESSION[group3] == "$group" ||
$_SESSION[group1] == "Administrators" || $_SESSION[group2] == "Administrators" || $_SESSION[group3] == "Administrators" ||
$_SESSION[user_name] == "$group")
{
$allowed = "yes";
}else{
$allowed = "no";
}
return $allowed;
}
//function to check the length of the requested password
function password_check($min_pass, $max_pass, $pass)
{
$valid = "yes";
if ($min_pass > strlen($pass) || $max_pass < strlen($pass))
{
$valid = "no";
}
return $valid;
}
?>[/code]
[code=php] <?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
//this should the the absolute path to the config.php file
//(ie /home/website/yourdomain/login/config.php or
//the location in relationship to the page being protected - ie ../login/config.php )
require('http://www.iveytrustfund.com/admin/config.php');
//this should the the absolute path to the functions.php file - see the instrcutions for config.php above
require('http://www.iveytrustfund.com/admin/functions.php');
//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != "yes")
{
//this should the the absolute path to the no_access.html file - see above
include ('no_access.html');
exit;
}
?>[/code]
[code=php]
if (allow_access("Administrators") != "yes")
[/code]
[code=php]if (allow_access("Administrators") != "yes")
[/code]
with the same result[code=php] <?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('admin/config.php');
require('admin/functions.php');
if (allow_access(Administrators) != "yes")
{
include ('admin/no_access.html');
exit;
}
?>
[/code]
[code=php]
//base_dir is the location of the files, ie http://www.yourdomain/login
$base_dir = "domain/admin";
//default redirect, this is the URL that all self-registered users will be redirected to
$default_url = "domain/index12.php";
[/code]
[code=html]<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<H1><font face="Verdana" size="4" color="#2852A8">Login to Secure Area</font></H1>
<FORM METHOD="POST" ACTION="redirect.php">
<P><font face="Verdana" size="2" color="#2852A8"><STRONG>Username:</STRONG><BR>
</font><font color="#2852A8" face="Verdana">
<INPUT TYPE="text" NAME="username" SIZE=25 MAXLENGTH=25></font></p>
<P><font face="Verdana" size="2" color="#2852A8"><STRONG>Password:</STRONG><BR>
</font><font color="#2852A8" face="Verdana">
<INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></font></p>
<P><font face="Verdana"><font color="#2852A8">
<input type="checkbox" name="remember" value="Yes"></font><font size="2" color="#2852A8">Remember
me from this computer</font></font></p>
<P><font color="#2852A8">
<INPUT TYPE="submit" NAME="submit" VALUE="Login" style="font-family: Verdana"></font></P>
</FORM>
<p><font color="#2852A8" face="Verdana" size="2"><a href="emailpass.html">
<font color="#2852A8">Click here if would like your username and password to be
e-mailed to the address we have on file.</font></a></font></p>
</BODY>
</HTML>[/code]
[code=php]session_start();
//clear session variables
session_unset();
//require the functions file
require ("config.php");
require ("functions.php");
//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password))
{
header("Location:$base_dir/errorlogin.html");
exit;
}
//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == "Yes")
{
setcookie("lr_user", $username, $duration, "/", $domain);
setcookie("lr_pass", $password, $duration, "/", $domain);
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the user has activated the account
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
header("Location:$_SESSION[redirect]");
?>
[/code]
[code=php]<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('secure/config.php');
require('secure/functions.php');
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Users)!= "yes")
{
include ('secure/no_access.html');
exit;
}
?>
[/code]
[code=php]<?
//set up the names of the database and table
$db_name ="db_name";
$table_name ="authorize";
//connect to the server and select the database
$server = "localhost";
$dbusername = "username";
$dbpassword = "password";
//domain information
$domain = ".somedomain.com";
//Change to "0" to turn off the login log
$log_login = "0";
//base_dir is the location of the files, ie [yourdomain...]
$base_dir = "http://www.somedomain.com/secure";
//length of time the cookie is good for - 7 is the days and 24 is the hours
//if you would like the time to be short, say 1 hour, change to 60*60*1
$duration = time()+(60*60*24*30);
//the site administrator's email address
$adminemail = "[email protected]";
//sets the time to EST
$zone=3600*+2;
//do you want the verify the new user through email if the user registers themselves?
//yes = "0" : no = "1"
$verify = "0";
//default redirect, this is the URL that all self-registered users will be redirected to
$default_url = "http://www.somedomain.com/secure/loggedin.html";
//minimum and maximum password lengths
$min_pass = 6;
$max_pass = 15;
$num_groups = 0+2;
$group_array = array("Users","Administrators");
?>
[/code]
[code=php]<?php
//Assign User-Agent value into $user_agent variable. I added this one.
$user_agent = $_SERVER["HTTP_USER_AGENT"];
//function to get the date
function last_login()
{
$date = gmdate("Y-m-d");
return $date;
}
//function that sets the session variable
function sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $user, $pass)
{
//make connection to dbase
$connection = @mysql_connect($server, $dbusername, $dbpassword)
or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)
or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE username = '$user' and password = password('$pass')";
$result = @mysql_query($sql, $connection) or die(mysql_error());
//get the number of rows in the result set
$num = mysql_num_rows($result);
//set session variables if there is a match
if ($num!= 0)
{
while ($sql = mysql_fetch_object($result))
{
$_SESSION[first_name] = $sql -> firstname;
$_SESSION[last_name] = $sql -> lastname;
$_SESSION[user_name] = $sql -> username;
$_SESSION[password] = $sql -> password;
$_SESSION[group1] = $sql -> group1;
$_SESSION[group2] = $sql -> group2;
$_SESSION[group3] = $sql -> group3;
$_SESSION[pchange]= $sql -> pchange;
$_SESSION[email] = $sql -> email;
$_SESSION[redirect]= $sql -> redirect;
$_SESSION[verified]= $sql -> verified;
$_SESSION[last_login]= $sql -> last_login;
}
}else{
$_SESSION[redirect] = "$base_dir/errorlogin.html";
}
}
//functions that will determine if access is allowed
function allow_access($group)
{
if ($_SESSION[group1] == "$group" ¦¦ $_SESSION[group2] == "$group" ¦¦ $_SESSION[group3] == "$group" ¦¦
$_SESSION[group1] == "Administrators" ¦¦ $_SESSION[group2] == "Administrators" ¦¦ $_SESSION[group3] == "Administrators" ¦¦
$_SESSION[user_name] == "$group" ¦¦ strstr($user_agent,'Googlebot'))
{
$allowed = "yes";
}else{
$allowed = "no";
}
return $allowed;
}
//function to check the length of the requested password
function password_check($min_pass, $max_pass, $pass)
{
$valid = "yes";
if ($min_pass > strlen($pass) ¦¦ $max_pass < strlen($pass))
{
$valid = "no";
}
return $valid;
}
?>
[/code]
[code=php]<?
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
//clear session variables
session_unset();
//require the functions file
require ("config.php");
require ("functions.php");
//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password))
{
header("Location:$base_dir/errorlogin.html");
exit;
}
//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == "Yes")
{
setcookie("lr_user", $username, $duration, "/", $domain);
setcookie("lr_pass", $password, $duration, "/", $domain);
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the user has activated the account
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
header("Location:$_SESSION[redirect]");
?>
<head><title>Redirect</title></head>[/code]
[code=php]<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('secure/config.php');
require('secure/functions.php');
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Users)!= "yes")
{
include ('secure/no_access.html');
exit;
}
?>
[/code]:confused:
0.1.9 — BETA 5.19