allow one time access with user/pass

Hello, I am happy I found this forum as I need a little help.

I am trying to create a page on my server that needs authentication (user/pass) to access but I want it so that a person can only access the page one time with a user/pass combo. I already set up the database with a test username and password but can not seem to get a snippet of code I found to work properly. I am not fluent in php but know a little bit, hopefully enough to complete this.

I think my two options are to delete the username and password from the database once it is used successfully or add a true/false field that changes to false once they access the page and if they ever need access again I can just change the user/pass back to true.

Here is my code so far, I am basically able to enter the username and password and when I submit it is just taking me back to the username and password screen again and not to the page that has the link to download.

[php]<?php require_once('rsLogin.php');?>

<?php // *** Validate request to login to this site. session_start(); $loginFormAction = $_SERVER['PHP_SELF']; if (isset($accesscheck)) { $GLOBALS['PrevUrl'] = $accesscheck; session_register('PrevUrl'); } if (isset($_POST['submit'])) { $loginUsername=$_POST['username']; $password=$_POST['password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "salesgame/test.html"; $MM_redirectLoginFailed = ""; $MM_redirecttoReferrer = false; mysql_select_db($database_rsLogin.php, $rsLogin.php); $LoginRS__query=sprintf("SELECT username, password FROM login WHERE username='%s' AND password='%s'", get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $rsLogin.php) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; $RemoveRS__query=sprintf("DELETE FROM login WHERE username='%s' AND password='%s' LIMIT 1", get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password)); mysql_query($RemoveRS__query, $rsLogin.php) or die(mysql_error()); //declare two session variables and assign them $GLOBALS['MM_Username'] = $loginUsername; $GLOBALS['MM_UserGroup'] = $loginStrGroup; //register the session variables session_register("MM_Username"); session_register("MM_UserGroup"); if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> [/php]


Download Sales Game for Parisi Speed School






mysql_connect("$host", “$username”, “$password”)or die(“cannot connect to server”);
mysql_select_db("$db_name")or die(“cannot select db”);


Where is this code from? I’ve been seeing a lot of this code around here lately, just curious.

As far as your problem goes, I can’t see anything in the code that would redirect you back to the login page. There only appear to be two possible redirects:

“salesgame/test.html” OR “

Thanks for the answer.

I actually found this code here:

is the code fishy looking or something?

Do you know any other ways to accomplish this? It is something I have my sights set on as I am releasing an enterprise iPad app with a friend and we are concerned with unauthorized people getting to the download file.

Given how overly complicated it is and by the variable names, i’d say its an auto-generated script from dreamweaver. I’ve never seen dw generate php scripts, but maybe cs4 or 5 does it. I’ve only ever used cs2 and 3.

As for the issue, how its done depends on if you want the person to retain their user information afterwards. If you do, then i wouldn’t delete it, i’d just do a 1 or 0 in an access column. When they login, check for the 1, if its there, send them on their way, if not, give an error message or redirect them back to some other page

Sponsor our Newsletter | Privacy Policy | Terms of Service