Jump to content

[SOLVED] PHP mySql session Login help please

TheStalker

By TheStalker
in PHP Coding Help

 Share

Recommended Posts

TheStalker Member

TheStalker

Posted
Posted

hi ive been following a guide on how to make a session varible Login in php i just cant get it to work. IT would be ideal for what i am doing if i could just get it to work. It must be some thing small, i would be really greatful if someone would look at it or try it for me. All that seems to happen it when i goto login it looks like it goes to the login.php page then come right back to the login.htm right away.

 

the database im using is called randv and i have a table called users

 

 

here is the code:

 

database table users:

database.jpg

 

 

Login.htm

<html> 
<head> 
<title>Login</title> 
</head> 
<body> 
<form method="POST" action="login.php"> 
Username: <input type="text" name="username" size="20"> 
Password: <input type="password" name="password" size="20"> 
<input type="submit" value="Submit" name="login"> 
</form> 
</body> 
</html>

 

 

Login.php

 

<?PHP 
//check that the user is calling the page from the login form and not accessing it directly 
//and redirect back to the login form if necessary 
if (!isset($username) || !isset($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
//check that the form fields are not empty, and redirect back to the login page if they are 
elseif (empty($username) || empty($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
else{ 

//convert the field values to simple variables 

//add slashes to the username and md5() the password 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 


//set the database connection variables 

$dbHost = "localhost"; 
$dbUser = "root"; 
$dbPass = ""; 
$dbDatabase = "randv"; 

//connet to the database 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); 

//check that at least one row was returned 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

  //start the session and register a variable 

  session_start(); 
  session_register('username'); 

  //successful login code will go here... 
  echo 'Success!'; 

  //we will redirect the user to another page where we will make sure they're logged in 
  header( "Location: checkLogin.php" ); 

  } 

  } 
  else { 

  //if nothing is returned by the query, unsuccessful login code goes here... 

  echo 'Incorrect login name or password. Please try again.'; 
  } 
  } 
  ?>

 

checkLogin.php

<?php 

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('username')){ 

//the session variable is registered, the user is allowed to see anything that follows 

echo 'Welcome, you are still logged in.'; 

} 
else{ 

//the session variable isn't registered, send them back to the login page 
header( "Location: http://localhost/test2/login.htm" ); 
} 

?>

 

logout.php

<?php 
//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('username')){ 

//session variable is registered, the user is ready to logout 
session_unset(); 
session_destroy(); 
} 
else{ 

//the session variable isn't registered, the user shouldn't even be on this page 
header ("Location: http://localhost/test2/login.htm"); 
} 
?>

craygo Member

craygo

Posted
Posted

session_register is may not work, it requires register_globals to be on and they are off by default

 

http://us.php.net/manual/en/function.session-register.php

 

what you want to so is use $_SESSION instead

<?PHP 
//check that the user is calling the page from the login form and not accessing it directly 
//and redirect back to the login form if necessary 
if (!isset($username) || !isset($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
//check that the form fields are not empty, and redirect back to the login page if they are 
elseif (empty($username) || empty($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
else{ 

//convert the field values to simple variables 

//add slashes to the username and md5() the password 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 


//set the database connection variables 

$dbHost = "localhost"; 
$dbUser = "root"; 
$dbPass = ""; 
$dbDatabase = "randv"; 

//connet to the database 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); 

//check that at least one row was returned 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

  //start the session and register a variable 

  session_start(); 
  $_SESSION['username'] = $row['username']; 
  $_SESSION['logged_in'] = 1;

  //successful login code will go here... 
  echo 'Success!'; 

  //we will redirect the user to another page where we will make sure they're logged in 
  header( "Location: checkLogin.php" ); 

  } 

  } 
  else { 

  //if nothing is returned by the query, unsuccessful login code goes here... 

  echo 'Incorrect login name or password. Please try again.'; 
  } 
  } 
  ?>

 

and

<?php 

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(isset($_SESSION['username']) && $_SESSION['logged_in'] == 1){ 

//the session variable is registered, the user is allowed to see anything that follows 

echo 'Welcome, you are still logged in.'; 

} 
else{ 

//the session variable isn't registered, send them back to the login page 
header( "Location: http://localhost/test2/login.htm" ); 
} 

?>

 

Also look here for how to properly destroy a session

 

http://us.php.net/manual/en/function.session-destroy.php

 

Ray

craygo Member

craygo

Posted
Posted

Change the login.php to this

<?PHP
session_start();
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($_POST['username']) || !isset($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($_POST['username']) || empty($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);


//set the database connection variables

$dbHost = "localhost";
$dbUser = "root";
$dbPass = "";
$dbDatabase = "randv";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //egister a variable
  $_SESSION['username'] = $row['username'];
  $_SESSION['logged_in'] = 1;

  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: checkLogin.php" );

  }

  }
  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
  }
  ?>

 

Ray

TheStalker Member

TheStalker

Posted
  • Author
Posted

cheers buddy your a legend. Did you just move the session_start to the top of the page? That gets me to the page where it says 'Success!. tho i get an error saying "Warning: Cannot modify header information - headers already sent by (output started at C:\wamp1\www\test2\login.php:47) in C:\wamp1\www\test2\login.php on line 50"

 

i take it thats to do with redirecting to the next page checklogin.php?

 

 

craygo Member

craygo

Posted
Posted

Actually I think changing the variables in your checks is what did the job. 

if (!isset($_POST['username']) || !isset($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($_POST['username']) || empty($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
else{

 

Try moving just the session_start() to where it was and see what happens.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.