Use the :: [php.net] operator.

paamayim-nekudotayim [zend.com]

Hi

Dont understand how this really works.

What i have is a class called login.php
this has looks like this:

it calls validateUser.php when the user has entered the details

<form action="validateUser.php" method="post">
Name : <input type="text" name="name" size="40" length="40"><BR>
Password : <input type="password" name="password" size="40" length="40"><BR>
<input type = submit name= submit2 value="Log In">

</form>

userValidate.php looks like this:

<?php
//connection to database
$query="select * from users where userfirstname ilike '" . $_POST['name'] . "' and Name ilike '" . $_POST['password'] . "' ";
$result = pg_exec($query);
$nrows = pg_numrows($result);

include 'admin/adminInterface.php';
?>

however if somebody knows the url of the admin interface they can type in straight into the adress bar and bypass the login.

how do i do it so if the user does attempt to type url of admin straight into the adress bar and bypass the login, it checks first to see if the userLogin submit button has been pressed

What you will need to do is run your query like you have and then have an If-Then loop to check if the user has entered the correct username and password to match what was fetched from the database.

If you are using MySQL, then you can do an mysql_fetch_array function in a while loop and throw the database query field values into an array. Then run an IF-THEN to match what was entered into the form. So, your If-Then can go something like this:

if (FormUsername==DatabaseUsername) && (FormPassword==DatabasePassword) {
echo "Welcome";
} else {
echo "Please re-enter your correct username or password";
}

This will work and if they type in a direct URL, it will only go to the else part of it. Just make sure there are no db values that are null or else they will get in for sure.

Like coopster said above, to access a method in the inherited class (class one), you will need to use the :: operator instead of the usual -> operator.

Hi

What do you mean by

"
This will work and if they type in a direct URL, it will only go to the else part of it. Just make sure there are no db values that are null or else they will get in for sure. "

Cheers

What I mean by that is in the IF-THEN loop that I have above, look at where it says "Else". It will echo an error message to any wise guy who enters the URL directly, because it will be looking for a username and password from your database and since there will initially be no password, if any wise guy types in the url, the program will go direct to where it says "Else".

Hi

to do this i am using Postgresql, so how would i achieve it using that?

Cheers

Hi

Im im sorry but what you have suggested does not seem to work and seems a little bit bogus.

When i implemented your way, user was still able to get in when typing the url of the admin interaface/

This is what i have:

$showForm=true;

if (isset($_POST['submit2']))
{
$connection = pg_connect("host=h port=2 dbname=c user=c password=t");
$query="select * from users where userfirstname ilike '" . $_POST['forename'] . "' and userLastName ilike '" . $_POST['surname'] . "' and password ilike '" . $_POST['password'] . "' ";
$result = pg_exec($query);
$nrows = pg_numrows($result);

if($nrows!= 0)
{
$showForm=false;
include 'adminInterface.php';
}
else
{
print "<p>incorrect you hacker, try again";
$showForm=true;
}
pg_close($connection);
}

Again with this method user is able to type url of the admin interface and still get in.

Anymor ideas?

You could do this several ways.
1. Include the login part in adminInterface.php
or
2. Use sessions to remember if a user is logged in, and in adminInterface.php check to see if they are logged in
or
3. put adminInterface.php in a directory that can't be accesed through www. This will work if a logged never has to access adminInterface.php directly through www - if it's always included like here.