#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Posts
    4
    Rep Power
    0

    Unhappy PHP user authentication and javascript


    Hi,
    I'm using PHP/MySQL user authenication to go to a secure page. The problem is that the secure page the user is taken to, is to pop up in a new window. Can i use javascript to create this new window? What i tried so far, the new window with the secure page in it, just opens, no matter if the user authentication succeeds or fails. I want it to open only if the authentication succeeds.
    This is the code leading to the secure mail.php page:
    $FF_redirectLoginSuccess="email.php";

    I tried to replace "mail.php" with the javascript "GP_AdvOpenWindow('email.php','remotemail','fullscreen=no,toolbar=no,location=no,status=no,menubar=n o,scrollbars=no,resizable=no,channelmode=no,directories=no',610,508,'center','ignoreLink','alwaysOnT op',0,'',0,1,5,'');return document.MM_returnValue", but this fails because the PHP is not in the body.

    How can i solve this?
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Windsor ON, Canada
    Posts
    462
    Rep Power
    14
    can you post the entire script or at least the main bits of it?
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Posts
    4
    Rep Power
    0

    Smile Code as requested...


    I had to omit the javascript to match the maximum message lenght, but you'll get the idea:
    <?php require_once('../../Connections/login.php'); ?>
    <?php
    // *** Start the session
    session_start();
    // *** Validate request to log in to this site.
    $FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
    if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
    if (isset($HTTP_POST_VARS['naam'])) {
    $FF_valUsername=$HTTP_POST_VARS['naam'];
    $FF_valPassword=$HTTP_POST_VARS['login'];
    $FF_fldUserAuthorization="";
    $FF_redirectLoginSuccess="email.php";
    $FF_redirectLoginFailed="inlogfout.php";
    $FF_rsUser_Source="SELECT login, password ";
    if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
    $FF_rsUser_Source .= " FROM login WHERE login='" . $FF_valUsername . "' AND password='" . $FF_valPassword . "'";
    mysql_select_db($database_login, $login);
    $FF_rsUser=mysql_query($FF_rsUser_Source, $login) or die(mysql_error());
    $row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
    if(mysql_num_rows($FF_rsUser) > 0) {
    // username and password match - this is a valid user
    $MM_Username=$FF_valUsername;
    session_register("MM_Username");
    if ($FF_fldUserAuthorization != "") {
    $MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
    } else {
    $MM_UserAuthorization="";
    }
    session_register("MM_UserAuthorization");
    if (isset($accessdenied) && false) {
    $FF_redirectLoginSuccess = $accessdenied;
    }
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
    $FF_login_failed = false;
    header ("Location: $FF_redirectLoginSuccess");
    exit;
    }
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
    $FF_login_failed = true;
    header ("Location: $FF_redirectLoginFailed");
    exit;
    }
    ?>

    And the form from which the new window is to emerge:

    <form action="<?php echo $FF_LoginAction?>" method="POST" name="form1" onSubmit="GP_AdvOpenWindow('email.php','remotemail','fullscreen=no,toolbar=no,location=no,status=no, menubar=no,scrollbars=no,resizable=no,channelmode=no,directories=no',610,508,'center','ignoreLink',' alwaysOnTop',0,'',0,1,5,'');return document.MM_returnValue">
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Windsor ON, Canada
    Posts
    462
    Rep Power
    14
    what about having the secure page pop up after the user is authenticated. you have it that it submits to itself and then validates the user. what if you alter so that if a valid user is entered you do not generate the form and instead put the javascript to open the window. if an invaild user is entered then write the form and skip the javascript (remove the onSubmit event).

IMN logo majestic logo threadwatch logo seochat tools logo