Hi Davidannis,
Thanks for those details, below is the code I am using for my login.php
I have just constructed this via some online demos & templates etc.
So at the top of this, I am changing it to:
<?php
session_start();
Then...
// Connects to your Database
etc, etc.
<?php
// Connects to your Database
mysql_connect("localhost", "root", "password") or die(mysql_error());
mysql_select_db("dispatch") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: functions.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: functions.php");
}
}
}
else
{
// if they are not logged in
?>
For the second part, that you mentioned,
$_SESSION['username']=$variable_you_stored_username_in ;
1) Is this going on the same page as login.php
2) Can you just explain the ['username']=$variable_you_stored_username_in ; part?
3) When you say "after the user is verified" I assume you mean put this on the page that is entering the form data?
Because once the user logs in via login.php they go to a "Menu" page which gives them the options to choose from (e.g. Dispatch, Reports etc)