Menu
Community /Pin to ProfileBookmark
Dave
I was thinking the spelling was the problem so i copy and paste and got the same result
Maybe that will fix it?
Dave
@NogDogAug 18.2011 — #The only way you should be getting that particular error message is if the function is not defined (duh!). The only way I can see that happening is if neither of the files you require() in that script contains the function definition. (I'm assuming you expect it to be in the functions.php file?). All I can suggest is to double check that each file you are testing is the correct version and contains the code you posted here. @NogDogAug 21.2011 — #D'oh!
I just realized you are require()-ing those files via URL. Don't do that. Use a local file system path to the file. If you include via URL, the file gets parsed by the web server and only send the [i]output[/i] to the calling script.
If for some reason you [i]have[/i] to call them via URL (which is a very questionable design decision, to say the least), then give them a file name suffix which the web server will not treat as PHP (e.g. .txt).
but now the rdirect is not working
when users try to access the index12.php page thry are asked to enter password and user name, i am not sure should i include the login page
the redirect page
or the index12.php page
Here's the code that's on everypage that needs to be protected:
Here's the code of the config.php file:
And here's the content of the functions.php :
and th redirect code
when i put the code at the top of the page and to access the page it just go right to the page without redirecting to login
problem with functions
i am new to php and i am trying to use a login redirect php scrip. i download and install it but when i try to use it on the page i want to protect i get the following erroer:
[QUOTE]
Call to undefined function: allow_access() in /homepages/40/d267348730/htdocs/iveytrust/index12.php on line 19
can anyone help me debug the allow_access function is there?
Sign in
to post a comment12 Comments(s) ↴
0
@tracknutAug 18.2011 — #You're going to have to show the code... PHP says it's not there, you say it is there... my guess is it's not really there ? Maybe the name is spelled wrong?Dave
reply?
0
@civeyauthorAug 18.2011 — #here is the function code [code=php]<?php
//function to get the date
function last_login()
{
$date = gmdate("Y-m-d");
return $date;
}
//function that sets the session variable
function sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $user, $pass)
{
//make connection to dbase
$connection = @mysql_connect($server, $dbusername, $dbpassword)
or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)
or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE username = '$user' and password = password('$pass')";
$result = @mysql_query($sql, $connection) or die(mysql_error());
//get the number of rows in the result set
$num = mysql_num_rows($result);
//set session variables if there is a match
if ($num != 0)
{
while ($sql = mysql_fetch_object($result))
{
$_SESSION[first_name] = $sql -> firstname;
$_SESSION[last_name] = $sql -> lastname;
$_SESSION[user_name] = $sql -> username;
$_SESSION[password] = $sql -> password;
$_SESSION[group1] = $sql -> group1;
$_SESSION[group2] = $sql -> group2;
$_SESSION[group3] = $sql -> group3;
$_SESSION[pchange] = $sql -> pchange;
$_SESSION[email] = $sql -> email;
$_SESSION[redirect] = $sql -> redirect;
$_SESSION[verified] = $sql -> verified;
$_SESSION[last_login] = $sql -> last_login;
}
}else{
$_SESSION[redirect] = "$base_dir/errorlogin.html";
}
}
//functions that will determine if access is allowed
function allow_access($group)
{
if ($_SESSION[group1] == "$group" || $_SESSION[group2] == "$group" || $_SESSION[group3] == "$group" ||
$_SESSION[group1] == "Administrators" || $_SESSION[group2] == "Administrators" || $_SESSION[group3] == "Administrators" ||
$_SESSION[user_name] == "$group")
{
$allowed = "yes";
}else{
$allowed = "no";
}
return $allowed;
}
//function to check the length of the requested password
function password_check($min_pass, $max_pass, $pass)
{
$valid = "yes";
if ($min_pass > strlen($pass) || $max_pass < strlen($pass))
{
$valid = "no";
}
return $valid;
}
?>[/code][code=php] <?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
//this should the the absolute path to the config.php file
//(ie /home/website/yourdomain/login/config.php or
//the location in relationship to the page being protected - ie ../login/config.php )
require('http://www.iveytrustfund.com/admin/config.php');
//this should the the absolute path to the functions.php file - see the instrcutions for config.php above
require('http://www.iveytrustfund.com/admin/functions.php');
//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != "yes")
{
//this should the the absolute path to the no_access.html file - see above
include ('no_access.html');
exit;
}
?>[/code]I was thinking the spelling was the problem so i copy and paste and got the same result
reply?
0
@tracknutAug 18.2011 — #Looks like your groups are strings, so at a minimum you should be calling it as:[code=php]
if (allow_access("Administrators") != "yes")
[/code]Maybe that will fix it?
Dave
reply?
0
@NogDogAug 18.2011 — #reply?
0
@civeyauthorAug 18.2011 — #I copy and paste the code that i am testing. I tried this [code=php]if (allow_access("Administrators") != "yes")
[/code] with the same resultreply?
0
@NogDogAug 21.2011 — #D'oh!I just realized you are require()-ing those files via URL. Don't do that. Use a local file system path to the file. If you include via URL, the file gets parsed by the web server and only send the [i]output[/i] to the calling script.
If for some reason you [i]have[/i] to call them via URL (which is a very questionable design decision, to say the least), then give them a file name suffix which the web server will not treat as PHP (e.g. .txt).
reply?
0
@civeyauthorAug 21.2011 — #I made the following changes and get pass the error[code=php] <?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('admin/config.php');
require('admin/functions.php');
if (allow_access(Administrators) != "yes")
{
include ('admin/no_access.html');
exit;
}
?>
[/code]but now the rdirect is not working
reply?
0
@civeyauthorAug 21.2011 — #I am trying to use the login redirect so i include the [code=php]
//base_dir is the location of the files, ie http://www.yourdomain/login
$base_dir = "domain/admin";
//default redirect, this is the URL that all self-registered users will be redirected to
$default_url = "domain/index12.php";
[/code]when users try to access the index12.php page thry are asked to enter password and user name, i am not sure should i include the login page
[code=html]<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<H1><font face="Verdana" size="4" color="#2852A8">Login to Secure Area</font></H1>
<FORM METHOD="POST" ACTION="redirect.php">
<P><font face="Verdana" size="2" color="#2852A8"><STRONG>Username:</STRONG><BR>
</font><font color="#2852A8" face="Verdana">
<INPUT TYPE="text" NAME="username" SIZE=25 MAXLENGTH=25></font></p>
<P><font face="Verdana" size="2" color="#2852A8"><STRONG>Password:</STRONG><BR>
</font><font color="#2852A8" face="Verdana">
<INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></font></p>
<P><font face="Verdana"><font color="#2852A8">
<input type="checkbox" name="remember" value="Yes"></font><font size="2" color="#2852A8">Remember
me from this computer</font></font></p>
<P><font color="#2852A8">
<INPUT TYPE="submit" NAME="submit" VALUE="Login" style="font-family: Verdana"></font></P>
</FORM>
<p><font color="#2852A8" face="Verdana" size="2"><a href="emailpass.html">
<font color="#2852A8">Click here if would like your username and password to be
e-mailed to the address we have on file.</font></a></font></p>
</BODY>
</HTML>[/code]the redirect page
[code=php]session_start();
//clear session variables
session_unset();
//require the functions file
require ("config.php");
require ("functions.php");
//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password))
{
header("Location:$base_dir/errorlogin.html");
exit;
}
//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == "Yes")
{
setcookie("lr_user", $username, $duration, "/", $domain);
setcookie("lr_pass", $password, $duration, "/", $domain);
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the user has activated the account
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
header("Location:$_SESSION[redirect]");
?>
[/code]or the index12.php page
reply?
0
@civeyauthorAug 22.2011 — #I am trying to use the free Login - Redirect v1.31 PHP script available from mpdolan.com to restrict access to some areas of the siteHere's the code that's on everypage that needs to be protected:
[code=php]<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('secure/config.php');
require('secure/functions.php');
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Users)!= "yes")
{
include ('secure/no_access.html');
exit;
}
?>
[/code]Here's the code of the config.php file:
[code=php]<?
//set up the names of the database and table
$db_name ="db_name";
$table_name ="authorize";
//connect to the server and select the database
$server = "localhost";
$dbusername = "username";
$dbpassword = "password";
//domain information
$domain = ".somedomain.com";
//Change to "0" to turn off the login log
$log_login = "0";
//base_dir is the location of the files, ie [yourdomain...]
$base_dir = "http://www.somedomain.com/secure";
//length of time the cookie is good for - 7 is the days and 24 is the hours
//if you would like the time to be short, say 1 hour, change to 60*60*1
$duration = time()+(60*60*24*30);
//the site administrator's email address
$adminemail = "[email protected]";
//sets the time to EST
$zone=3600*+2;
//do you want the verify the new user through email if the user registers themselves?
//yes = "0" : no = "1"
$verify = "0";
//default redirect, this is the URL that all self-registered users will be redirected to
$default_url = "http://www.somedomain.com/secure/loggedin.html";
//minimum and maximum password lengths
$min_pass = 6;
$max_pass = 15;
$num_groups = 0+2;
$group_array = array("Users","Administrators");
?>
[/code]And here's the content of the functions.php :
[code=php]<?php
//Assign User-Agent value into $user_agent variable. I added this one.
$user_agent = $_SERVER["HTTP_USER_AGENT"];
//function to get the date
function last_login()
{
$date = gmdate("Y-m-d");
return $date;
}
//function that sets the session variable
function sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $user, $pass)
{
//make connection to dbase
$connection = @mysql_connect($server, $dbusername, $dbpassword)
or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)
or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE username = '$user' and password = password('$pass')";
$result = @mysql_query($sql, $connection) or die(mysql_error());
//get the number of rows in the result set
$num = mysql_num_rows($result);
//set session variables if there is a match
if ($num!= 0)
{
while ($sql = mysql_fetch_object($result))
{
$_SESSION[first_name] = $sql -> firstname;
$_SESSION[last_name] = $sql -> lastname;
$_SESSION[user_name] = $sql -> username;
$_SESSION[password] = $sql -> password;
$_SESSION[group1] = $sql -> group1;
$_SESSION[group2] = $sql -> group2;
$_SESSION[group3] = $sql -> group3;
$_SESSION[pchange]= $sql -> pchange;
$_SESSION[email] = $sql -> email;
$_SESSION[redirect]= $sql -> redirect;
$_SESSION[verified]= $sql -> verified;
$_SESSION[last_login]= $sql -> last_login;
}
}else{
$_SESSION[redirect] = "$base_dir/errorlogin.html";
}
}
//functions that will determine if access is allowed
function allow_access($group)
{
if ($_SESSION[group1] == "$group" ¦¦ $_SESSION[group2] == "$group" ¦¦ $_SESSION[group3] == "$group" ¦¦
$_SESSION[group1] == "Administrators" ¦¦ $_SESSION[group2] == "Administrators" ¦¦ $_SESSION[group3] == "Administrators" ¦¦
$_SESSION[user_name] == "$group" ¦¦ strstr($user_agent,'Googlebot'))
{
$allowed = "yes";
}else{
$allowed = "no";
}
return $allowed;
}
//function to check the length of the requested password
function password_check($min_pass, $max_pass, $pass)
{
$valid = "yes";
if ($min_pass > strlen($pass) ¦¦ $max_pass < strlen($pass))
{
$valid = "no";
}
return $valid;
}
?>
[/code]and th redirect code
[code=php]<?
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
//clear session variables
session_unset();
//require the functions file
require ("config.php");
require ("functions.php");
//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password))
{
header("Location:$base_dir/errorlogin.html");
exit;
}
//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == "Yes")
{
setcookie("lr_user", $username, $duration, "/", $domain);
setcookie("lr_pass", $password, $duration, "/", $domain);
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the user has activated the account
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
header("Location:$_SESSION[redirect]");
?>
<head><title>Redirect</title></head>[/code]when i put the code at the top of the page and to access the page it just go right to the page without redirecting to login
reply?
0
@civeyauthorAug 24.2011 — #when using redirect do the file containing the following code need to be in the same folder as the redirect file?[code=php]<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('secure/config.php');
require('secure/functions.php');
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Users)!= "yes")
{
include ('secure/no_access.html');
exit;
}
?>
[/code]:confused:reply?