Jump to content

[SOLVED] PHP mySql session Login help please

TheStalker

By TheStalker
in PHP Coding Help

Recommended Posts

TheStalker Member

TheStalker

Posted
Posted

hi ive been following a guide on how to make a session varible Login in php i just cant get it to work. IT would be ideal for what i am doing if i could just get it to work. It must be some thing small, i would be really greatful if someone would look at it or try it for me. All that seems to happen it when i goto login it looks like it goes to the login.php page then come right back to the login.htm right away.

 

the database im using is called randv and i have a table called users

 

 

here is the code:

 

database table users:

database.jpg

 

 

Login.htm

<html> 
<head> 
<title>Login</title> 
</head> 
<body> 
<form method="POST" action="login.php"> 
Username: <input type="text" name="username" size="20"> 
Password: <input type="password" name="password" size="20"> 
<input type="submit" value="Submit" name="login"> 
</form> 
</body> 
</html>

 

 

Login.php

 

<?PHP 
//check that the user is calling the page from the login form and not accessing it directly 
//and redirect back to the login form if necessary 
if (!isset($username) || !isset($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
//check that the form fields are not empty, and redirect back to the login page if they are 
elseif (empty($username) || empty($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
else{ 

//convert the field values to simple variables 

//add slashes to the username and md5() the password 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 


//set the database connection variables 

$dbHost = "localhost"; 
$dbUser = "root"; 
$dbPass = ""; 
$dbDatabase = "randv"; 

//connet to the database 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); 

//check that at least one row was returned 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

  //start the session and register a variable 

  session_start(); 
  session_register('username'); 

  //successful login code will go here... 
  echo 'Success!'; 

  //we will redirect the user to another page where we will make sure they're logged in 
  header( "Location: checkLogin.php" ); 

  } 

  } 
  else { 

  //if nothing is returned by the query, unsuccessful login code goes here... 

  echo 'Incorrect login name or password. Please try again.'; 
  } 
  } 
  ?>

 

checkLogin.php

<?php 

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('username')){ 

//the session variable is registered, the user is allowed to see anything that follows 

echo 'Welcome, you are still logged in.'; 

} 
else{ 

//the session variable isn't registered, send them back to the login page 
header( "Location: http://localhost/test2/login.htm" ); 
} 

?>

 

logout.php

<?php 
//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('username')){ 

//session variable is registered, the user is ready to logout 
session_unset(); 
session_destroy(); 
} 
else{ 

//the session variable isn't registered, the user shouldn't even be on this page 
header ("Location: http://localhost/test2/login.htm"); 
} 
?>

craygo Member

craygo

Posted
Posted

session_register is may not work, it requires register_globals to be on and they are off by default

 

http://us.php.net/manual/en/function.session-register.php

 

what you want to so is use $_SESSION instead

<?PHP 
//check that the user is calling the page from the login form and not accessing it directly 
//and redirect back to the login form if necessary 
if (!isset($username) || !isset($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
//check that the form fields are not empty, and redirect back to the login page if they are 
elseif (empty($username) || empty($password)) { 
header( "Location: http://localhost/test2/login.htm" ); 
} 
else{ 

//convert the field values to simple variables 

//add slashes to the username and md5() the password 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 


//set the database connection variables 

$dbHost = "localhost"; 
$dbUser = "root"; 
$dbPass = ""; 
$dbDatabase = "randv"; 

//connet to the database 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); 

//check that at least one row was returned 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

  //start the session and register a variable 

  session_start(); 
  $_SESSION['username'] = $row['username']; 
  $_SESSION['logged_in'] = 1;

  //successful login code will go here... 
  echo 'Success!'; 

  //we will redirect the user to another page where we will make sure they're logged in 
  header( "Location: checkLogin.php" ); 

  } 

  } 
  else { 

  //if nothing is returned by the query, unsuccessful login code goes here... 

  echo 'Incorrect login name or password. Please try again.'; 
  } 
  } 
  ?>

 

and

<?php 

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(isset($_SESSION['username']) && $_SESSION['logged_in'] == 1){ 

//the session variable is registered, the user is allowed to see anything that follows 

echo 'Welcome, you are still logged in.'; 

} 
else{ 

//the session variable isn't registered, send them back to the login page 
header( "Location: http://localhost/test2/login.htm" ); 
} 

?>

 

Also look here for how to properly destroy a session

 

http://us.php.net/manual/en/function.session-destroy.php

 

Ray

craygo Member

craygo

Posted
Posted

Change the login.php to this

<?PHP
session_start();
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($_POST['username']) || !isset($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($_POST['username']) || empty($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);


//set the database connection variables

$dbHost = "localhost";
$dbUser = "root";
$dbPass = "";
$dbDatabase = "randv";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //egister a variable
  $_SESSION['username'] = $row['username'];
  $_SESSION['logged_in'] = 1;

  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: checkLogin.php" );

  }

  }
  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
  }
  ?>

 

Ray

TheStalker Member

TheStalker

Posted
  • Author
Posted

cheers buddy your a legend. Did you just move the session_start to the top of the page? That gets me to the page where it says 'Success!. tho i get an error saying "Warning: Cannot modify header information - headers already sent by (output started at C:\wamp1\www\test2\login.php:47) in C:\wamp1\www\test2\login.php on line 50"

 

i take it thats to do with redirecting to the next page checklogin.php?

 

 

craygo Member

craygo

Posted
Posted

Actually I think changing the variables in your checks is what did the job. 

if (!isset($_POST['username']) || !isset($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($_POST['username']) || empty($_POST['password'])) {
header( "Location: http://localhost/test2/login.htm" );
}
else{

 

Try moving just the session_start() to where it was and see what happens.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.