Jump to content

Recommended Posts

I found this script online...it's simple and it will do what i need for now.

But I do have a problem with it.

<?php
    session_start();

    $errorMessage = '';

    if (isset($_POST['txtUserId']))
    {
        $userID = htmlentities($_POST['txtUserId']);
        $userPass = htmlentities($_POST['txtPassword']);

        //replace the following with your MySQL values
        //*********************
        $dbhost = "---";
        $dbuser = "---";
        $dbpass = "";
        $dbname = "fleet_portal";

        //*********************

        $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
        mysql_select_db($dbname);

        // check if the user id and password combination exist in database
        $query = "SELECT * FROM company WHERE `username` = '$userID' AND `password` = '$userPass' AND `enabled`=1";


        $result =mysql_query($query) or die('Query failed. ' . mysql_error());

       if (mysql_num_rows($result) == 1)
       {
          // the user id and password match,
          // set the session
            $_SESSION['test_logged_in'] = true;
            $_SESSION['user']=$userID;

         // after login we move to the main page
		 include"main_login.php";
         exit;
       }
       else $errorMessage = 'Sorry, wrong user id / password';
    }

    if ($errorMessage != '') {
    ?>
            <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
            <?php
    }
?>

<form id="frmLogin" name="frmLogin" method="post">
    <table width="400" cellspacing="2" cellpadding="2" border="0" align="center">
        <tbody>
            <tr>
                <td width>User Id</td>
                <td><input type="text" id="txtUserId" name="txtUserId" /></td>
            </tr>
            <tr>
                <td width>Password</td>
                <td><input type="password" id="txtPassword" name="txtPassword" /></td>
            </tr>
            <tr>
                <td width> </td>
                <td><input type="submit" value="Login" name="btnLogin" /></td>
            </tr>
        </tbody>
    </table>
</form>

 

As you can see, Ive included the main page they see after they log in...

Well on that page I have a few forms that use PHP_SELF...everytime it goes back to main.php?whatever it pops a login again. What can be done to continue the session?

 


         // after login we move to the main page
		 include"main_login.php";
         exit;
  

Link to comment
https://forums.phpfreaks.com/topic/139726-solved-login-script-problems/
Share on other sites

Your problem is, on success condition, you are doing on include file, instead of a redirection.

 

fixed:

 

<?php
    session_start();

    $errorMessage = '';

    if (isset($_POST['txtUserId']))
    {
        $userID = htmlentities($_POST['txtUserId']);
        $userPass = htmlentities($_POST['txtPassword']);

        //replace the following with your MySQL values
        //*********************
        $dbhost = "---";
        $dbuser = "---";
        $dbpass = "";
        $dbname = "fleet_portal";

        //*********************

        $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
        mysql_select_db($dbname);

        // check if the user id and password combination exist in database
        $query = "SELECT * FROM company WHERE `username` = '$userID' AND `password` = '$userPass' AND `enabled`=1";


        $result =mysql_query($query) or die('Query failed. ' . mysql_error());

       if (mysql_num_rows($result) == 1)
       {
          // the user id and password match,
          // set the session
            $_SESSION['test_logged_in'] = true;
            $_SESSION['user']=$userID;

         // after login we move to the main page

         header('Location: main_login.php'); 			 //include"main_login.php"; 
         exit;
       }
       else $errorMessage = 'Sorry, wrong user id / password';
    }

    if ($errorMessage != '') {
    ?>
            <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
            <?php
    }
?>

<form id="frmLogin" name="frmLogin" method="post">
    <table width="400" cellspacing="2" cellpadding="2" border="0" align="center">
        <tbody>
            <tr>
                <td width>User Id</td>
                <td><input type="text" id="txtUserId" name="txtUserId" /></td>
            </tr>
            <tr>
                <td width>Password</td>
                <td><input type="password" id="txtPassword" name="txtPassword" /></td>
            </tr>
            <tr>
                <td width> </td>
                <td><input type="submit" value="Login" name="btnLogin" /></td>
            </tr>
        </tbody>
    </table>
</form>


 

Rgds,

Kris

Ok. I have everything redirecting to the page now. Everything seems good. Here is what I'm using :

 

session_start();
if (!isset($_SESSION['test_logged_in']) || !$_SESSION['test_logged_in']) {
    die("You are not logged in.");
}

 

But when I go to the redirected page directly, it still works as if it when through the login...is it cuz session_start() is before the test?

Yep. It worked thanks.

 

One more question. I'm new with session. I want to carry the username from the login page to the protected page (it acts as my key to get certain info for certain users)...what is the simple was to carry it over?

 

I've tried header('location:main.php?username=$username')

 

The var doesn't even show up on the bar on the main page.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.