Jump to content

[SOLVED] Taking my login a step further

rnintulsa

By rnintulsa
in PHP Coding Help

 Share

Recommended Posts

rnintulsa Member

rnintulsa

Posted
Posted

Hi,  I am learning php and I am attempting to take a simple login for one company and make it where

5 different companies can login from the same login form. 

 

When they pass validation I need them to be redirected to their own company page. 

 

First field is their username, and second field is their company.

 

My problem is how do I tell the process to see recognize a particular company in order to redirect.

 

The validation is processed on this page:

<?php
error_reporting(E_ALL);
session_start( );

// if username and password are set and not empty then proceed with the rest of the process
if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'company' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'company' ] != '' )
{		
$link = mysql_connect( 'host', 'username', 'password' );	

$db_selected = mysql_select_db('dbname', $link);

$username = mysql_real_escape_string($_POST['username'], $link);
$company = mysql_real_escape_string($_POST['company'], $link);

if (!$db_selected) 
{
	echo"Connection to the database failed. Please try again later." ;			
	exit;
}

//checks for username and password in db table.
$results = mysql_query("select * from access where username='" . $username . "' and company = '" . $company . "'" ,$link ) or die(mysql_error());
$num_rows = mysql_num_rows($results);

//greater than zero		
if( $num_rows  > 0 )
{
	$_SESSION['username'] = $username.['company'] = $company; 
	//redirect
	header('Location:orion.php');  		
}
        else
       {
        $_SESSION['username'] = $username.['company'] = $company; 
	//redirect
	header('Location:southern.php');  		
        }
        else
       {
        $_SESSION['username'] = $username.['company'] = $company; 
	//redirect
	header('Location:primetech.php');  		
        }
else
{
	header("Location: login_error.htm");

}

}
?>

 

This is the mysql table 

create table access(
  id int not null auto_increment,
  username varchar( 50 ) not null,
  company varchar( 100 ) not null,  
  primary key(id)
)

 

Please let me know if you need any other information from me.

Thank you for looking and for all feedback.

 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/117938-solved-taking-my-login-a-step-further/
Share on other sites
JasonLewis Member

JasonLewis

Posted
Posted

Try something like this, your code didn't really make much sense in a few spots:

 

<?php
error_reporting(E_ALL);
session_start( );

// if username and password are set and not empty then proceed with the rest of the process
if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'company' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'company' ] != '' )
{		
$link = mysql_connect( 'host', 'username', 'password' );	

$db_selected = mysql_select_db('dbname', $link);

$username = mysql_real_escape_string($_POST['username'], $link);
$company = mysql_real_escape_string($_POST['company'], $link);

if (!$db_selected) 
{
	echo"Connection to the database failed. Please try again later." ;			
	exit;
}

//checks for username and password in db table.
$results = mysql_query("select * from access where username='" . $username . "' and company = '" . $company . "'" ,$link ) or die(mysql_error());
$num_rows = mysql_num_rows($results);

//greater than zero		
if( $num_rows  > 0 )
{
	$_SESSION['username'] = $username;
	//redirect
	$data = mysql_fetch_array($results);

	header("Location: {$data['company']}.php");
}

}
?>

 

You may like to use a switch instead. If your company names are not the names of the pages, or an if statement.

rnintulsa Member

rnintulsa

Posted
  • Author
Posted

ProjectFear, you did it!

 

Now I need to prevent logged in persons from visiting pages other than their own company,

and I am sure this will be done in the if statement, but have no idea how.

 

On each company page I have this php code at top before html:

<?php 
ini_set ("display_errors", "1");
error_reporting(E_ALL);
session_start( ); 
?>

And this code in the center column area:

<div id="center_column">
					<?php
					if (isset($_SESSION['username'].['company'])) 
					{ 
					echo'<br /><br /><br />';
					echo '<p>You are logged in as '.$_SESSION['username'].'</p>'; 

					echo'<a href="#nogo">Project</a><br><br>';
					echo'<a href="#nogo">Links</a><br><br>';
					echo'<a href="#nogo">Will</a><br><br>';
					echo'<a href="#nogo">Go</a><br><br>';
					echo'<a href="#nogo">Here</a><br><br><br><br>';
					} 
					else 
					{ 
					echo '<p>You are not logged in.</p>'; 
					echo '<p>Only logged in members may visit these pages.</p>'; 
					echo '<p><a href="login_access.php">Client login Page</a><br /><br /></p>';
					} 

					?>
				</div>

 

Thank you mucho!

 

 

PHPTOM Member

PHPTOM

Posted
Posted 

<?php
error_reporting(E_ALL);
session_start( );

// if username and password are set and not empty then proceed with the rest of the process
if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'company' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'company' ] != '' )
{








$link = mysql_connect( 'host', 'username', 'password' );









$db_selected = mysql_select_db('dbname', $link);








$username = mysql_real_escape_string($_POST['username'], $link);



$company = mysql_real_escape_string($_POST['company'], $link);






if (!$db_selected) 



{





echo"Connection to the database failed. Please try again later." ;












exit;



}






//checks for username and password in db table.



$results = mysql_query("select * from access where username='" . $username . "' and company = '" . $company . "'" ,$link ) or die(mysql_error());



$num_rows = mysql_num_rows($results);






//greater than zero








if( $num_rows  > 0 )



{





$_SESSION['username'] = $username;
$_SESSION['company'] = $company;





//redirect





$data = mysql_fetch_array($results);










header("Location: {$data['company']}.php");



}




}
?>

 

<div id="center_column">
					<?php
					if (isset($_SESSION['username']) && $_SESSION['company'] == "thecompany") 
					{ 
					echo'<br /><br /><br />';
					echo '<p>You are logged in as '.$_SESSION['username'].'</p>'; 

					echo'<a href="#nogo">Project</a><br><br>';
					echo'<a href="#nogo">Links</a><br><br>';
					echo'<a href="#nogo">Will</a><br><br>';
					echo'<a href="#nogo">Go</a><br><br>';
					echo'<a href="#nogo">Here</a><br><br><br><br>';
					} 
					else 
					{ 
					echo '<p>You are not logged in.</p>'; 
					echo '<p>Only logged in members may visit these pages.</p>'; 
					echo '<p><a href="login_access.php">Client login Page</a><br /><br /></p>';
					} 

					?>
				</div>

rnintulsa Member

rnintulsa

Posted
  • Author
Posted

Thanks PHPTOM, I am using your code, but I am getting this error when I try to log in to

a particular company which I put that code on the page:

 

Notice: Undefined index: company in /nfs/cust/4/45/65/556544/web/southern.php on line 91

 

I will research the Notice, Undefined index to solve.

 

Any suggestions?

 

budimir Advanced Member

budimir

Posted
Posted

It's this peace of coed that is reporting that!

error_reporting(E_ALL);

 

It's not a big deal, just turn of error reporting and everything will be fine! You will see alot of times Undefined index.

 

== is eqaual to

!= is not equal to

rnintulsa Member

rnintulsa

Posted
  • Author
Posted

Yes, your right budimir, the error notice went away, but it is not logging me in.

It is giving me my error report:

 

"You are not logged in.

Only logged in members may visit these pages."

 

Also, I took BOTH sets of PHPTOM's script and put it into the company page, is that what he meant?

Or was the first part to go into the login processing page, and the second part into the company page?

 

I am getting confused on this.

 

budimir Advanced Member

budimir

Posted
Posted

Hey, yes he meant to put both codes to one page, but that could be confusing. Try to do it like this, it will be much easier and easier to track the problems.

 

1.) Create a login.php page where a User needs to put his username and pass

2.) Create a checklogin.php page where you will check if the user was found and redirect him to the page where he needs to go

3.) Create a session.php page where you will start your session() and kepp all the info about the session for that user (you need to include session.php to the top of each page and then when someone wnats to copy and paste the link it will be redirected to the logout page)

 

I hope it gave I little bit clearer picture!

rnintulsa Member

rnintulsa

Posted
  • Author
Posted

Thank you, I have a sessions page, but I see I have not done the

include( 'sessions.php' );

anywhere. 

 

This is what is in my sessions page:

<?php

function set_statement( $statement )
{
	$_SESSION[ 'show_statement' ] = $statement;
}

function show_statement( )
{
	if( isset( $_SESSION[ 'show_statement' ] ) && $_SESSION[ 'show_statement' ] != '' )
	{
		echo '<p id="statement">' . $_SESSION[ 'show_statement' ] . '</p>';

		unset( $_SESSION[ 'show_statement' ] );
	}
}
?>

 

I don't really understand this part.  Even after reading about it.

 

Where am I supposed to put

include( 'sessions.php' );

  Thanks alot.

 

I think I have everything else you mentioned. And I am going to post it to you after I get this sessions stuff right.

 

 

 

 

rnintulsa Member

rnintulsa

Posted
  • Author
Posted

budmir,

I have put it at the top of all three pages, and still cannot log in.  Getting my "You are not logged in.

 

Only logged in members may visit these pages."  error.

 

Login check page:

<?php
include( 'sessions.php' );
error_reporting(E_ALL);

session_start( );

// if username and password are set and not empty then proceed with the rest of the process
if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'company' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'company' ] != '' )
{		
$link = mysql_connect( 'host', 'username', 'password' );


$db_selected = mysql_select_db('dbname', $link);


$username = mysql_real_escape_string($_POST['username'], $link);
$company = mysql_real_escape_string($_POST['company'], $link);

if (!$db_selected) 
{
	echo"Connection to the database failed. Please try again later." ;			
	exit;
}

//checks for username and password in db table.
$results = mysql_query("select * from access where username='" . $username . "' and company = '" . $company . "'" ,$link ) or die(mysql_error());
$num_rows = mysql_num_rows($results);

//greater than zero		
if( $num_rows  > 0 )
{
	$_SESSION['username'] = $username;  
	//redirect
	$data = mysql_fetch_array($results);

	header("Location: {$data['company']}.php"); 		
}
else
{
	header("Location: login_error.htm");

}

}
?>

Top of one of the company pages...Southern.php:

<?php 
include( 'sessions.php' );
ini_set ("display_errors", "1");
session_start( ); 

?>

 

Same company page in the html part:

<div id="center_column">
					<?php


					if (isset($_SESSION['username']) && $_SESSION['company'] == "southern") 
					{ 
					echo'<br /><br /><br />';
					echo '<p>You are logged in as '.$_SESSION['username'].'</p>'; 

					echo'<a href="#nogo">Project</a><br><br>';
					echo'<a href="#nogo">Links</a><br><br>';
					echo'<a href="#nogo">Will</a><br><br>';
					echo'<a href="#nogo">Go</a><br><br>';
					echo'<a href="#nogo">Here</a><br><br><br><br>';
					} 
					else 
					{ 
					echo '<p>You are not logged in.</p>'; 
					echo '<p>Only logged in members may visit these pages.</p>'; 
					echo '<p><a href="login_access.php">Client login Page</a><br /><br /></p>';
					} 

					?>
				</div>

What do you think is preventing me from logging in?

 

budimir Advanced Member

budimir

Posted
Posted

Can you echo your query, so we could see if it's getting all the variables it needs??

 

Also, remove include ('sessions.php'); form loign check page, you don't need it there since you didn't start you're session yet.

 

Also check if your getting anything in variables $username and $company!!!

budimir Advanced Member

budimir

Posted
Posted

OK, so let's rework your code a little bit!

 

Do it like this:

 

$sql = "SELECT * FROM access WHERE username='" . $username . "' and company = '" . $company . "'";
$result = mysql_query($sql,$link) or die(mysql_error());
$num_rows = mysql_num_rows($result);

 

and then you put:

echo "$sql";

 

So we could see what is happening with you query and then will see if you're getting the correct values.

budimir Advanced Member

budimir

Posted
Posted

If I don't need the 

include( 'sessions.php' );

on the login check page then do I need it on the

login page where they submit their username and pw?

 

 

 

No, you need,  

include( 'sessions.php' );

, on every page after a user has been loged in. In this file you can keep all the data about your user and the session.

budimir Advanced Member

budimir

Posted
Posted

No, you need to put it outside an if statment.

 

Put it immediatly after this line:

 

$sql = "SELECT * FROM access WHERE username='" . $username . "' and company = '" . $company . "'";
echo "$sql"; //This will show the query
die;  // This will stop the script from executing further on and it will be easier to see the result of the query
$result = mysql_query($sql,$link) or die(mysql_error());
$num_rows = mysql_num_rows($result);

budimir Advanced Member

budimir

Posted
Posted

OK, that's good.

 

Now, remove your die; from the script.

 

And echo the $num_rows to see if you getting the correct number of records.

 

Also

if( $num_rows  > 0 )
{
	$_SESSION['username'] = $username;  
	//redirect
	$data = mysql_fetch_array($results);
echo "$data['company']";  //take this so we could see if your getting the correct value

	header("Location: {$data['company']}.php"); 		
}

rnintulsa Member

rnintulsa

Posted
  • Author
Posted

It didn't like that line.

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /nfs/cust/4/45/65/556544/web/run_login_access.php on line 42

 

echo "$data['company']";  //take this so we could see if your getting the correct value

 

Trying to see what is wrong, but

'company' in in a solid red box.

 

budimir Advanced Member

budimir

Posted
Posted

Try like this

 

$company = $data['company'];
echo "$company";

 

If you're not getting a value here that's why you are not redirected. Also do you have a page some_company_name.php

Because if it finds the value, but it can't redirect than it has no use.

 

If a user is form Ford and you want to redirect him to that page, you need to have ford.php page!!!

You know that, right????

rnintulsa Member

rnintulsa

Posted
  • Author
Posted

Yes, I do have a southern.php page, and that is the company I am trying to log into.

 

So, am I supposed to replace 

echo "$data['company']";

 

with

 

$company = $data['company'];
echo "$company";

 

or where?

 

Also, what does that big red highlight behind 'company' in

echo "$data['company']";

mean?  The error says it is a Parse Error.

 

Thanks for your patience and great explanations.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.