I have this login page using sessions but when I provide the correct username and password, am just re-directed to the same login page but if the credentials are wrong, am issued with a warning.
When i check the logged data in the database on provision of correct username and password, a blank username is logged as logged in at that time. I need your help.
here is my code.
//
login.php
<?php
session_start();
include("config.php");
$error = "";
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from form
$myusername=addslashes($_POST['username']);
$mypassword=addslashes($_POST['password']);
$error="<h3><strong>Your Login Name or Password is invalid</h3></strong>";
$sql="SELECT uid FROM users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row['active'];
//if( isset($_SESSION[$myusername]) )
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
if( isset($_SESSION[$myusername]) )
//session_register("myusername");
//$_SESSION['login_user']=$myusername;
$_SESSION['login_user']= $_POST['username'];
header("location: welcome.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
<style type="text/css">
@import url("../../../Users/devtech/Documents/Unnamed Site 1/CSS/colors5.css");
body
{
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
background-image: url();
background-color: #FFFFFF;
background-repeat: repeat-x;
}
label
{
font-weight:bold;
width:100px;
font-size:14px;
font-family: "Times New Roman", Times, serif;
text-decoration: none;
}
.box
{
border:#666666 solid 1px;
}
body,td,th {
color: #0000FF;
font-weight: bold;
background-color: #FFFFCC;
line-height: normal;
text-transform: capitalize;
font-family: "Times New Roman", Times, serif;
background-attachment: scroll;
background-position: left bottom;
text-decoration: overline;
}
</style>
</head>
<p align="center"> </p>
<body>
<img src="images/COMVOO Logo.jpg" width="194" height="156"/>
<div align="center">
<div align="left" style="width:300px; border: solid 1px #333333; ">
<div style="background-color:#333333; color:#FFFFFF; padding:3px;"><em><strong>COMVOO LOGIN</strong></em></div>
<div style="margin:30px">
<form action="" method="post">
<label>UserName :</label>
<input type="text" name="username" class="box"/>
<br />
<br />
<label>Password :</label>
<input type="password" name="password" class="box" />
<br/>
<br />
<input type="submit" value=" Submit "/>
<br />
</form>
<div style="font-size:11px; color:#cc0000; margin-top:30px"><?php echo $error; ?></div>
</div>
</div>
</div>
</div>
</body>
</html>
////
lock.php
<?php
session_start();
include('config.php');
//
$inactive = 299; // set timeout period in seconds
//
$user_check=$_SESSION['login_user'];
$ses_sql=mysql_query("select username from users where username='$user_check' ");
$row=mysql_fetch_array($ses_sql);
$login_session=$row['username'];
if(!isset($login_session))
{
header("Location:login.php");
}
///////////////////////////////////
else
if (isset($_SESSION['timeout'])) {
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $inactive) {
session_destroy();
header("Location: logout.php");
//header("Location: login.php");
}
}
$_SESSION['timeout'] = time();
///////////////////////////////////
?>
///////////
welcome.php
<?php
//include('lock.php');
//include("config.php");
require_once("config.php");
require_once("lock.php");
?>
<?php
$login="INSERT INTO logaudit (eventid, username, event, eventdate)
VALUES ('', '$login_session', 'logged in', NOW())";
$sql2=mysql_query($login);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Welcome </title>
<style type="text/css">
<!--
body {
background-color: #FFFFCC;
background-image: url();
background-repeat: no-repeat;
}
-->
</style></head>
<?php
$url=$_SERVER['REQUEST_URI'];
header("Refresh: 300; URL=$url");
?>
lock.php