Tom8001

Thanks, just another question to assign a value to a session would it be $_SESSION['user_level'] = 1; or $_SESSION['user_level'] == 1; Thanks

I tried highlighting what i changed but it didn't work.

It still says on my index page i am not logged in and i still get this on my index page Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17 You must be logged in to view this page! Here's what i have changed in my login source code: (i will highlight what i have changed). if($result->num_rows > 0) { //Set default user $_SESSION['loggedIn']; $_SESSION['user_level']; $_SESSION['username'] == trim($_POST['username']); header("Location: index.php"); exit(); } else if($row['user_level'] == 1) { $_SESSION['user_level'] == 1; //Location admin header("Location: admin.php"); exit(); } else if($row['user_level'] == -1) { $_SESSION['user_level'] == -1; $_SESSION['username'] == trim($_POST['username']); //Location banned header("Location: banned.php"); exit(); } else if($_SESSION['loggedIn']) { //Location default user home page header("index.php"); } else if(!$_SESSION['loggedIn']) { //Do Nothing } else { echo "Invalid Username/Password"; } and here's what i have changed in my index source code: if($_SESSION['loggedIn']) { //Do Nothing exit(); } else if(!$_SESSION['loggedIn']) { echo "You must be logged in to view this page!"; exit(); } Although this has not changed anything, i have probably not done it correctly as i am unsure.

not sure if this is any use but have you tried making a function? Example: <button onClick="HistoryBack()"> Label </button> function HistoryBack() { window.history.back(); } is that any use?

I have created a test account in my database with a user level of -1 and i think my code might be wrong but i am hoping someone can spot where i have gone wrong as i cannot, also a similar problem with another session variable loggedIn this is what i get when i login this is on the index page. Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17 You must be logged in to view this page! Index page source code: <?php session_start(); error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); require 'connect.php'; if($_SESSION['loggedIn'] == 1) { //Do Nothing exit(); } else if($_SESSION['loggedIn'] != 1) { echo "You must be logged in to view this page!"; exit(); } if($_SESSION['user_level'] == -1) { header("Location: banned.php"); } if(isset($_SESSION['username'])) { echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> "; } ?> Also if you need my login source code: <?php error_reporting(E_ALL | E_NOTICE); require 'connect.php'; session_start(); if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); if (empty($username)) { echo "You did not enter a username, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } if (empty($password)) { echo "You did not enter a password, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } //Prevent hackers from using SQL Injection to hack into Database $username = mysqli_real_escape_string($con, $_POST['username']); $password = mysqli_real_escape_string($con, $_POST['password']); $result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); $row = $result->fetch_array(); $user_level = $row['user_level']; // check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed if($result->num_rows > 0) { //Set default user $_SESSION['loggedIn'] == 1; $_SESSION['user_level'] == 1; $_SESSION['username'] == trim($_POST['username']); header("Location: index.php"); exit(); } else if($row['user_level'] == 1) { $_SESSION['user_level'] == 1; //Location admin header("Location: admin.php"); exit(); } else if($row['user_level'] == -1) { $_SESSION['user_level'] == -1; $_SESSION['username'] == trim($_POST['username']); //Location banned header("Location: banned.php"); exit(); } else if($_SESSION['loggedIn'] == true) { //Location default user home page header("index.php"); } else { echo "Invalid Username/Password"; } //Kill unwanted session } if(isset($_POST['killsession'])) { session_destroy(); echo "<br> <br> The Session Destroyed. (Basically means you have been logged out)"; exit(); } ?> I appreciate all help

// execute query $count= $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); // check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed if(!$count) { trigger_error('Query error: ', $con->error); } else { // get result from query $row = $count->fetch_array(); // output contents of $row printf('<pre>%s</pre>', print_r($row, 1)); $_SESSION['loggedIn'] == true; header("index.php"); } //Admin user level if($row['user_level'] == 1) { $_SESSION['user_level'] == 1; //Location admin header("Location: admin.php"); exit(); } else if($row['user_level'] == -1) { $_SESSION['user_level'] == -1; $_SESSION['username'] == trim($_POST['username']); //Location banned header("Location: banned.php"); exit(); } if($_SESSION['loggedIn'] == true) { //Location default user home page header("index.php"); } //Set default user $_SESSION['loggedIn'] == true; $_SESSION['user_level'] == 1; $_SESSION['username'] == trim($_POST['username']); header("Location: index.php"); exit(); //Kill unwanted session } if(isset($_POST['killsession'])) { session_start(); session_destroy(); echo "Session Destroyed."; exit(); } ?>

I put this in index.php & it does not say that they are not logged in, they can access the page when not logged in it just displays an error on the page that says the user level is undefined. if(isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] != true) { echo "You are not logged in."; exit(); } else if(isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) { header("index.php"); }

it now logs in but i still have the exact same problem it lets you enter anything in the username and password field and it will log you in.

which variable is undefined?

The login still has a problem, you can type in any username / password and it will redirect to index.php & when i get the the index.php page i get Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 You are not currently logged in and to view this page you must be logged in to have access. You can login here This is my index.php if you need it i can't seem to find out why it's doing this, this has been the main problem. <?php session_start(); error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); require 'connect.php'; if($_SESSION['loggedIn'] != true) { echo "<br> <br> You are not currently logged in and to view this page you must be logged in to have access. <a href='login.php'> You can login here </a>"; echo '<style>a {color: #ff0000; TEXT-DECORATION: none;} a:visited {color: #ff0000;}</style>'; die(); } else if($_SESSION['loggedIn'] == true) { //Do Nothing } if($_SESSION['user_level'] == -1) { header("Location: banned.php"); } if(isset($_SESSION['username'])) { echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> "; } ?>

The topic is merged The stuff at the top of this thread is nothing to do with the errors i have now i don't even know why it got merged.

Now it's telling me i'm not logged in & Notice: Undefined index: username in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: user_level in C:\xampp\htdocs\Login\index.php on line 13 My Login <?php error_reporting(E_ALL | E_NOTICE); require 'connect.php'; session_start(); if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); if (empty($username)) { echo "You did not enter a username, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } if (empty($password)) { echo "You did not enter a password, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } //Prevent hackers from using SQL Injection to hack into Database $username = mysqli_real_escape_string($con, $_POST['username']); $md5_password = md5($password); $password = mysqli_real_escape_string($con, $_POST['password']); // execute query $result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); // check to make sure query did execute. if($result) { // query did return result if($result->num_rows > 0 ) { // get result from query $row = $result->fetch_array(); // output contents of $row printf('<pre>%s</pre>', print_r($row, 1)); } // query did not return result else { echo 'Invalid Username/Password'; } } // problem with query trigger an error else { trigger_error('Login Query failed: ' . $con->error); }if($row['user_level'] == 1) { $_SESSION['user_level'] == 1; header("Location: admin.php"); exit(); } else if($row['user_level'] == -1) { $_SESSION['user_level'] == -1; $_SESSION['username'] == trim($_POST['username']); header("Location: banned.php"); exit(); } if($_SESSION['loggedIn'] == true) { header("index.php"); } if($_SESSION['loggedIn'] == 1 && $_SESSION['user_level'] == -1) { $_SESSION['user_level'] == -1; $_SESSION['username'] == trim($_POST['username']); header("Location: banned.php"); } $_SESSION['loggedIn'] == 1; $_SESSION['user_level'] == 1; $_SESSION['username'] == trim($_POST['username']); header("Location: index.php"); exit(); } ?> My Index Page <?php session_start(); error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); require 'connect.php'; $_SESSION['username']; $user_level = $_SESSION['user_level']; if(!isset($_SESSION['loggedIn'])) { echo "<br> <br> You are not currently logged in and to view this page you must be logged in to have access. <a href='login.php'> You can login here </a>"; echo '<style>a {color: #ff0000; TEXT-DECORATION: none;} a:visited {color: #ff0000;}</style>'; die(); } if($_SESSION['user_level'] == -1) { header("Location: banned.php"); } if(isset($_SESSION['username'])) { echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> "; } ?>

And printf('<pre>%s</pre>', print_r($row, 1)); does not output anything.

Read what we have said before your post

Still does not work here is my whole login script apart from the html which i know works: <?php error_reporting(E_ALL | E_NOTICE); require 'connect.php'; session_start(); if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); if (empty($username)) { echo "You did not enter a username, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } if (empty($password)) { echo "You did not enter a password, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } //Prevent hackers from using SQL Injection to hack into Database $username = mysqli_real_escape_string($con, $_POST['username']); $md5_password = md5($password); $password = mysqli_real_escape_string($con, $_POST['password']); // execute query $result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); // check to make sure query did execute. if($result) { // query did return result if($result->num_rows > 0 ) { // get result from query $row = $result->fetch_array(); // output contents of $row printf('<pre>%s</pre>', print_r($row, 1)); } // query did not return result else { echo 'Invalid Username/Password'; } } // problem with query trigger an error else { trigger_error('Login Query failed: ' . $con->error); } if($row['user_level'] == 1) { $_SESSION['user_level'] = 1; header("Location: admin.php"); exit(); } else if($row['user_level'] == -1) { $_SESSION['user_level'] = -1; $_SESSION['username'] = $_POST['username']; header("Location: banned.php"); exit(); } if($_SESSION['loggedIn'] = true) { header("index.php"); } if($_SESSION['loggedIn'] == 1 && $_SESSION['user_level'] == -1) { $_SESSION['user_level'] = -1; $_SESSION['username'] = $_POST['username']; header("Location: banned.php"); } $_SESSION['loggedIn'] = 1; $_SESSION['user_level'] = 1; header("Location: index.php"); exit(); } ?>

now i have a problem where you can enter any username and password that doesn't exist and it logs in anyway

i have require 'connect.php'; At the top of all the pages & this is my connection script. <?php error_reporting(E_ALL | E_NOTICE); include 'header.php'; include 'footer.php'; $server = "localhost"; $username = "root"; $password = ""; $db_name = "phplogin"; $tbl_name = "x_users"; $con = new mysqli("$server", "$username", "$password", "$db_name"); if($con->connect_error) { echo 'There was an error while connecting to the server or database, please check your configuration.'; } ?>

In case i missed anything $username = mysqli_real_escape_string($con, $_POST['username']); $md5_password = md5($password); $password = mysqli_real_escape_string($con, $_POST['password']); $count = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); $row = $tbl_name->fetch_array($count); $user_level = $row['user_level']; if($count = $tbl_name->mysql_num_rows > 0) { $_SESSION['loggedIn'] = true; $_SESSION['username'] = $_POST['username']; } else { print("<br> <br>Username / Password is Incorrect!\ntest"); exit(); }

Sure sorry, $tbl_name = "x_users"; $count= $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); $con = new mysqli("$server", "$username", "$password", "$db_name"); if($con->connect_error) { echo 'There was an error while connecting to the server or database, please check your configuration.'; }

I Started using MySQLi and i have the following errors here is my code $row = $tbl_name->fetch_array($count); And here are my errors Fatal error: Call to a member function fetch_array() on a non-object in C:\xampp\htdocs\Login\login.php on line 40 Please can someone help me?

ok i'll make sure i do that next time

it says its expecting 2 parameters, when i only want to put in one and before mysqli when it was just mysql it didn't start asking you to add things you don't want to add.

where am i going wrong

I have just started using MySQLi and am clueless it is giving me the follow errors in which i do not understand Warning: mysqli_select_db() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\Login\connect.php on line 23 Notice: Trying to get property of non-object in C:\xampp\htdocs\Login\connect.php on line 25 Notice: Use of undefined constant mysqli - assumed 'mysqli' in C:\xampp\htdocs\Login\connect.php on line 32 Warning: mysqli_query() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\Login\connect.php on line 32 Warning: mysql_fetch_assoc() expects parameter 1 to be resource, null given in C:\xampp\htdocs\Login\connect.php on line 33 can someone please explain to me why i am getting these? and my code is $mysqli_db = mysqli_select_db("$db_name"); if($mysqli_db->connect_errno) { printf("Database not found: %s\n", $mysql->connect_error); exit(); } $sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"; $result = mysqli_query($sql); $row = mysqli_fetch_assoc($result); I just got rid off most the errors the only ones left are Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\Login\connect.php on line 32 Fatal error: Call to undefined function mysqli_result() in C:\xampp\htdocs\Login\connect.php on line 33 Code Updated: $mysqli_db = mysqli_select_db($mysqli_connect, $db_name); if(!$mysqli_db) { printf("Database not found: %s\n", $mysqli->connect_error); exit(); } $sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"; $query = mysqli_query($sql); $result = mysqli_result($query); $row = mysqli_fetch_assoc($result);

I tried echoing the $sql variable but it wont work i have tried echo '$sql'; echo "$sql"; echo ". $sql ."; and echo '. $sql .'; and it just completely ignores it.