mazman13 Posted January 6, 2009 Share Posted January 6, 2009 I found this script online...it's simple and it will do what i need for now. But I do have a problem with it. <?php session_start(); $errorMessage = ''; if (isset($_POST['txtUserId'])) { $userID = htmlentities($_POST['txtUserId']); $userPass = htmlentities($_POST['txtPassword']); //replace the following with your MySQL values //********************* $dbhost = "---"; $dbuser = "---"; $dbpass = ""; $dbname = "fleet_portal"; //********************* $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); // check if the user id and password combination exist in database $query = "SELECT * FROM company WHERE `username` = '$userID' AND `password` = '$userPass' AND `enabled`=1"; $result =mysql_query($query) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['test_logged_in'] = true; $_SESSION['user']=$userID; // after login we move to the main page include"main_login.php"; exit; } else $errorMessage = 'Sorry, wrong user id / password'; } if ($errorMessage != '') { ?> <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> <?php } ?> <form id="frmLogin" name="frmLogin" method="post"> <table width="400" cellspacing="2" cellpadding="2" border="0" align="center"> <tbody> <tr> <td width>User Id</td> <td><input type="text" id="txtUserId" name="txtUserId" /></td> </tr> <tr> <td width>Password</td> <td><input type="password" id="txtPassword" name="txtPassword" /></td> </tr> <tr> <td width> </td> <td><input type="submit" value="Login" name="btnLogin" /></td> </tr> </tbody> </table> </form> As you can see, Ive included the main page they see after they log in... Well on that page I have a few forms that use PHP_SELF...everytime it goes back to main.php?whatever it pops a login again. What can be done to continue the session? // after login we move to the main page include"main_login.php"; exit; Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/ Share on other sites More sharing options...
plodos Posted January 6, 2009 Share Posted January 6, 2009 Put session_start at the top of the all pages than your session variable will continue. <?php session_start(); ?> Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731036 Share on other sites More sharing options...
revraz Posted January 6, 2009 Share Posted January 6, 2009 On your main_login.php page, have session_start at the top and check $_SESSION['test_logged_in']== true; Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731038 Share on other sites More sharing options...
l_kris06 Posted January 6, 2009 Share Posted January 6, 2009 Your problem is, on success condition, you are doing on include file, instead of a redirection. fixed: <?php session_start(); $errorMessage = ''; if (isset($_POST['txtUserId'])) { $userID = htmlentities($_POST['txtUserId']); $userPass = htmlentities($_POST['txtPassword']); //replace the following with your MySQL values //********************* $dbhost = "---"; $dbuser = "---"; $dbpass = ""; $dbname = "fleet_portal"; //********************* $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); // check if the user id and password combination exist in database $query = "SELECT * FROM company WHERE `username` = '$userID' AND `password` = '$userPass' AND `enabled`=1"; $result =mysql_query($query) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['test_logged_in'] = true; $_SESSION['user']=$userID; // after login we move to the main page header('Location: main_login.php'); //include"main_login.php"; exit; } else $errorMessage = 'Sorry, wrong user id / password'; } if ($errorMessage != '') { ?> <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> <?php } ?> <form id="frmLogin" name="frmLogin" method="post"> <table width="400" cellspacing="2" cellpadding="2" border="0" align="center"> <tbody> <tr> <td width>User Id</td> <td><input type="text" id="txtUserId" name="txtUserId" /></td> </tr> <tr> <td width>Password</td> <td><input type="password" id="txtPassword" name="txtPassword" /></td> </tr> <tr> <td width> </td> <td><input type="submit" value="Login" name="btnLogin" /></td> </tr> </tbody> </table> </form> Rgds, Kris Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731043 Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Thanks. I'll try that. Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731087 Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Any ideas on how to make main_login.php password protected if they were trying to go there straight? Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731090 Share on other sites More sharing options...
premiso Posted January 6, 2009 Share Posted January 6, 2009 if (!isset($_SESSION['test_logged_in']) || !$_SESSION['test_logged_in']) { die("You are not logged in."); } Put that at the top of the protected page. Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731093 Share on other sites More sharing options...
revraz Posted January 6, 2009 Share Posted January 6, 2009 I answered that right above. Any ideas on how to make main_login.php password protected if they were trying to go there straight? Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731108 Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Ok. I have everything redirecting to the page now. Everything seems good. Here is what I'm using : session_start(); if (!isset($_SESSION['test_logged_in']) || !$_SESSION['test_logged_in']) { die("You are not logged in."); } But when I go to the redirected page directly, it still works as if it when through the login...is it cuz session_start() is before the test? Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731171 Share on other sites More sharing options...
revraz Posted January 6, 2009 Share Posted January 6, 2009 Means your session is set. Are you logging out someway or closing and re-opening your browser? Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731174 Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 I closed and reopened the browers and it still does it. Everytime I go straight to the "protected" page it opens right up. Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731183 Share on other sites More sharing options...
premiso Posted January 6, 2009 Share Posted January 6, 2009 I closed and reopened the browers and it still does it. Everytime I go straight to the "protected" page it opens right up. Try coding a logout feature and use that. See if it still shows you logged in after logging out. Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731184 Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Yep. It worked thanks. One more question. I'm new with session. I want to carry the username from the login page to the protected page (it acts as my key to get certain info for certain users)...what is the simple was to carry it over? I've tried header('location:main.php?username=$username') The var doesn't even show up on the bar on the main page. Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731197 Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Nope. everything is good. nvm. Thanks again. Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731201 Share on other sites More sharing options...
premiso Posted January 6, 2009 Share Posted January 6, 2009 It will carry automatically if you assign it to $_SESSION['username']. Then just access it that way. Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-731203 Share on other sites More sharing options...
mazman13 Posted January 7, 2009 Author Share Posted January 7, 2009 Where would I put that to make it work? Link to comment https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/#findComment-732054 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.