TheStalker Posted July 8, 2008 Share Posted July 8, 2008 hi ive been following a guide on how to make a session varible Login in php i just cant get it to work. IT would be ideal for what i am doing if i could just get it to work. It must be some thing small, i would be really greatful if someone would look at it or try it for me. All that seems to happen it when i goto login it looks like it goes to the login.php page then come right back to the login.htm right away. the database im using is called randv and i have a table called users here is the code: database table users: Login.htm <html> <head> <title>Login</title> </head> <body> <form method="POST" action="login.php"> Username: <input type="text" name="username" size="20"> Password: <input type="password" name="password" size="20"> <input type="submit" value="Submit" name="login"> </form> </body> </html> Login.php <?PHP //check that the user is calling the page from the login form and not accessing it directly //and redirect back to the login form if necessary if (!isset($username) || !isset($password)) { header( "Location: http://localhost/test2/login.htm" ); } //check that the form fields are not empty, and redirect back to the login page if they are elseif (empty($username) || empty($password)) { header( "Location: http://localhost/test2/login.htm" ); } else{ //convert the field values to simple variables //add slashes to the username and md5() the password $user = addslashes($_POST['username']); $pass = md5($_POST['password']); //set the database connection variables $dbHost = "localhost"; $dbUser = "root"; $dbPass = ""; $dbDatabase = "randv"; //connet to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); $result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); //check that at least one row was returned $rowCheck = mysql_num_rows($result); if($rowCheck > 0){ while($row = mysql_fetch_array($result)){ //start the session and register a variable session_start(); session_register('username'); //successful login code will go here... echo 'Success!'; //we will redirect the user to another page where we will make sure they're logged in header( "Location: checkLogin.php" ); } } else { //if nothing is returned by the query, unsuccessful login code goes here... echo 'Incorrect login name or password. Please try again.'; } } ?> checkLogin.php <?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('username')){ //the session variable is registered, the user is allowed to see anything that follows echo 'Welcome, you are still logged in.'; } else{ //the session variable isn't registered, send them back to the login page header( "Location: http://localhost/test2/login.htm" ); } ?> logout.php <?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('username')){ //session variable is registered, the user is ready to logout session_unset(); session_destroy(); } else{ //the session variable isn't registered, the user shouldn't even be on this page header ("Location: http://localhost/test2/login.htm"); } ?> Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/ Share on other sites More sharing options...
craygo Posted July 8, 2008 Share Posted July 8, 2008 session_register is may not work, it requires register_globals to be on and they are off by default http://us.php.net/manual/en/function.session-register.php what you want to so is use $_SESSION instead <?PHP //check that the user is calling the page from the login form and not accessing it directly //and redirect back to the login form if necessary if (!isset($username) || !isset($password)) { header( "Location: http://localhost/test2/login.htm" ); } //check that the form fields are not empty, and redirect back to the login page if they are elseif (empty($username) || empty($password)) { header( "Location: http://localhost/test2/login.htm" ); } else{ //convert the field values to simple variables //add slashes to the username and md5() the password $user = addslashes($_POST['username']); $pass = md5($_POST['password']); //set the database connection variables $dbHost = "localhost"; $dbUser = "root"; $dbPass = ""; $dbDatabase = "randv"; //connet to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); $result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); //check that at least one row was returned $rowCheck = mysql_num_rows($result); if($rowCheck > 0){ while($row = mysql_fetch_array($result)){ //start the session and register a variable session_start(); $_SESSION['username'] = $row['username']; $_SESSION['logged_in'] = 1; //successful login code will go here... echo 'Success!'; //we will redirect the user to another page where we will make sure they're logged in header( "Location: checkLogin.php" ); } } else { //if nothing is returned by the query, unsuccessful login code goes here... echo 'Incorrect login name or password. Please try again.'; } } ?> and <?php //start the session session_start(); //check to make sure the session variable is registered if(isset($_SESSION['username']) && $_SESSION['logged_in'] == 1){ //the session variable is registered, the user is allowed to see anything that follows echo 'Welcome, you are still logged in.'; } else{ //the session variable isn't registered, send them back to the login page header( "Location: http://localhost/test2/login.htm" ); } ?> Also look here for how to properly destroy a session http://us.php.net/manual/en/function.session-destroy.php Ray Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-584521 Share on other sites More sharing options...
TheStalker Posted July 9, 2008 Author Share Posted July 9, 2008 many thanks Ray i will go and try this out now and let you know how i get on Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585298 Share on other sites More sharing options...
TheStalker Posted July 9, 2008 Author Share Posted July 9, 2008 hi i have just tried copying the the code you gave and i still have the same problem Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585320 Share on other sites More sharing options...
craygo Posted July 9, 2008 Share Posted July 9, 2008 Change the login.php to this <?PHP session_start(); //check that the user is calling the page from the login form and not accessing it directly //and redirect back to the login form if necessary if (!isset($_POST['username']) || !isset($_POST['password'])) { header( "Location: http://localhost/test2/login.htm" ); } //check that the form fields are not empty, and redirect back to the login page if they are elseif (empty($_POST['username']) || empty($_POST['password'])) { header( "Location: http://localhost/test2/login.htm" ); } else{ //convert the field values to simple variables //add slashes to the username and md5() the password $user = addslashes($_POST['username']); $pass = md5($_POST['password']); //set the database connection variables $dbHost = "localhost"; $dbUser = "root"; $dbPass = ""; $dbDatabase = "randv"; //connet to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); $result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); //check that at least one row was returned $rowCheck = mysql_num_rows($result); if($rowCheck > 0){ while($row = mysql_fetch_array($result)){ //egister a variable $_SESSION['username'] = $row['username']; $_SESSION['logged_in'] = 1; //successful login code will go here... echo 'Success!'; //we will redirect the user to another page where we will make sure they're logged in header( "Location: checkLogin.php" ); } } else { //if nothing is returned by the query, unsuccessful login code goes here... echo 'Incorrect login name or password. Please try again.'; } } ?> Ray Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585382 Share on other sites More sharing options...
TheStalker Posted July 9, 2008 Author Share Posted July 9, 2008 cheers buddy your a legend. Did you just move the session_start to the top of the page? That gets me to the page where it says 'Success!. tho i get an error saying "Warning: Cannot modify header information - headers already sent by (output started at C:\wamp1\www\test2\login.php:47) in C:\wamp1\www\test2\login.php on line 50" i take it thats to do with redirecting to the next page checklogin.php? Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585421 Share on other sites More sharing options...
TheStalker Posted July 9, 2008 Author Share Posted July 9, 2008 could i use <meta http-equiv="refresh" content="2;url=checklogin.php"> to do the same job? Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585428 Share on other sites More sharing options...
craygo Posted July 9, 2008 Share Posted July 9, 2008 Actually I think changing the variables in your checks is what did the job. if (!isset($_POST['username']) || !isset($_POST['password'])) { header( "Location: http://localhost/test2/login.htm" ); } //check that the form fields are not empty, and redirect back to the login page if they are elseif (empty($_POST['username']) || empty($_POST['password'])) { header( "Location: http://localhost/test2/login.htm" ); } else{ Try moving just the session_start() to where it was and see what happens. Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585452 Share on other sites More sharing options...
TheStalker Posted July 9, 2008 Author Share Posted July 9, 2008 ah i see:) they needed to be posted. Yes your right it dosnt seem to matter where the Session_start is. Thanks again Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585472 Share on other sites More sharing options...
waynew Posted July 9, 2008 Share Posted July 9, 2008 Not related but use mysql_real_escape_string instead of addslashes as addslashes can be fooled. Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-585479 Share on other sites More sharing options...
TheStalker Posted July 11, 2008 Author Share Posted July 11, 2008 ok thanks will look into it Link to comment https://forums.phpfreaks.com/topic/113743-solved-php-mysql-session-login-help-please/#findComment-587467 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.