Jump to content

[SOLVED] Login Check

ChompGator

By ChompGator
in PHP Coding Help

 Share

Recommended Posts

ChompGator Member

ChompGator

Posted
Posted

Hey,

I have a login script, and what I want to do is add a piece of code to the top of my /members/index.php page that checks to see if that user logged in.

Otherwise whats the purpose of having a login, if someone knows the URL to the members area, they can just by pass the login.

 

So my code for my login is below, I was wondering if anyone knew a code I could put at the top of my members area pages to verify the user is logged in; and could you explain a bit about your code (just so I understand how it works) - thanks

 

<?php
##session_start();
$con = mysql_connect("***","***","***") or die('Could not connect: ' . mysql_error());
mysql_select_db("login", $con);



if(!$_POST['submit']){
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"index.php\">\n";
echo "<tr><td>User-ID-</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\" name=\"submit\"></td></tr>\n";
echo "</form></table>\n";
}else {

$error = array();


if(empty($_POST['username'])) {
	$error[] = "Your username was empty!";
}
else if(empty($_POST['password'])) {
	$error[] = "Your password was empty!";
}
else {
	$username = trim(htmlspecialchars(strip_tags($_POST['username'])));
	$password = trim(htmlspecialchars(strip_tags($_POST['password'])));

	$SQL = "SELECT * FROM `general` WHERE uid = '".$username."' LIMIT 1";
	$QUERY = mysql_query($SQL) or die(mysql_error());
	if(mysql_num_rows($QUERY) == 0) {
		#echo "<pre>"; print_r($ROW); echo "</pre>";
		$error[] = "Your username doesnt exist";
	}
	else {
		$ROW = mysql_fetch_array($QUERY);
		#echo "<pre>"; print_r($ROW); echo "</pre>";
		if($password != $ROW['pass']) {
			$error[] = "Your password was incorrect";
		}
		else {
			if((bool)$ROW['activated'] == FALSE) {
				$error[] = "Your account is not activated!";
			}
		}
	}



}







##	$user = mysql_real_escape_string(trim($_POST['username']));
##	$pass = mysql_real_escape_string(trim($_POST['password']));
##	$errors = array();
##	
##	if(!$user){
##		$error[] = "You did not supply a username!";
##	}else {
##		if(!$pass){
##			$error[] = "You did not supply a password!";
##		}else {
##			$sql = "SELECT count(*) FROM `general` WHERE `uid`='".$uid."'";
##			$res = mysql_query($sql) or die(mysql_error());
##			echo "<pre>"; print_r(mysql_fetch_Array($res)); echo "</pre><br><br> DIE"; die();
##			
##			if(mysql_num_rows($res) == 0){
##				$errors[] = "Username does not exist!";
##			}else {
##				$sql2 = "SELECT uid, activated, accesslevel, pass FROM `general` WHERE `uid`='".$user."' AND `pass`='".md5($pass)."';
##				$res2 = mysql_query($sql2); echo mysql_error();
##				if(mysql_num_rows($res2) == 0){
##					$errors[] = "Incorrect username and password combination!";
##				}else {
##					$row = mysql_fetch_array($res2);
##					echo mysql_error();
##					$array = array();
##					#$array[] = "message";
##
##					echo " The script will die after this.<br><br>";
##					echo "<pre>"; print_r($row); echo "</pre><br><br> DIE"; die();
##
##					if((bool)$row['activated'] == FALSE){
##						$errors[] = "Your account is not activated! VALUE = ".$row['activated']." ::";
##					}
##				}
##			}
##		}
##	}

if(count($error) > 0){
	foreach($error AS $error){
		echo $error . "<br>\n";
	}
}else {
	session_start();
	$_SESSION['uid'] = $ROW['uid'];
	$_SESSION['first_name'] = $ROW['first'];
	$_SESSION['last_name'] = $ROW['last'];
	$_SESSION['rank'] = $ROW['rank'];
	$_SESSION['vatsimid'] = $ROW['vatsimid'];

	echo "<html><head><script language = 'JavaScript' type = 'text/javascript'>\n";





	switch($ROW['accesslevel']){
		case 1:
				}

	echo "</script></head><body></html>";
}
}

?>

Link to comment
https://forums.phpfreaks.com/topic/118275-solved-login-check/
Share on other sites
.josh Advanced Member

.josh

Posted
Posted

pseudo-code

 

login.php

<?php
   session_start();

   // code to check username / password here

  if (username and password are correct) {
     $_SESSION['loggedin'] = true;
  }
?>

 

somepage.php

<?php
   session_start();
   if ($_SESSION['loggedin']) {
      // user is logged in, do something
   } else {
      // they are not logged in, do something
   }
?>

Link to comment
https://forums.phpfreaks.com/topic/118275-solved-login-check/#findComment-608653
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.