mazman13 Posted January 6, 2009 Share Posted January 6, 2009 I found this script online...it's simple and it will do what i need for now. But I do have a problem with it. <?php session_start(); $errorMessage = ''; if (isset($_POST['txtUserId'])) { $userID = htmlentities($_POST['txtUserId']); $userPass = htmlentities($_POST['txtPassword']); //replace the following with your MySQL values //********************* $dbhost = "---"; $dbuser = "---"; $dbpass = ""; $dbname = "fleet_portal"; //********************* $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); // check if the user id and password combination exist in database $query = "SELECT * FROM company WHERE `username` = '$userID' AND `password` = '$userPass' AND `enabled`=1"; $result =mysql_query($query) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['test_logged_in'] = true; $_SESSION['user']=$userID; // after login we move to the main page include"main_login.php"; exit; } else $errorMessage = 'Sorry, wrong user id / password'; } if ($errorMessage != '') { ?> <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> <?php } ?> <form id="frmLogin" name="frmLogin" method="post"> <table width="400" cellspacing="2" cellpadding="2" border="0" align="center"> <tbody> <tr> <td width>User Id</td> <td><input type="text" id="txtUserId" name="txtUserId" /></td> </tr> <tr> <td width>Password</td> <td><input type="password" id="txtPassword" name="txtPassword" /></td> </tr> <tr> <td width> </td> <td><input type="submit" value="Login" name="btnLogin" /></td> </tr> </tbody> </table> </form> As you can see, Ive included the main page they see after they log in... Well on that page I have a few forms that use PHP_SELF...everytime it goes back to main.php?whatever it pops a login again. What can be done to continue the session? // after login we move to the main page include"main_login.php"; exit; Quote Link to comment Share on other sites More sharing options...
plodos Posted January 6, 2009 Share Posted January 6, 2009 Put session_start at the top of the all pages than your session variable will continue. <?php session_start(); ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted January 6, 2009 Share Posted January 6, 2009 On your main_login.php page, have session_start at the top and check $_SESSION['test_logged_in']== true; Quote Link to comment Share on other sites More sharing options...
l_kris06 Posted January 6, 2009 Share Posted January 6, 2009 Your problem is, on success condition, you are doing on include file, instead of a redirection. fixed: <?php session_start(); $errorMessage = ''; if (isset($_POST['txtUserId'])) { $userID = htmlentities($_POST['txtUserId']); $userPass = htmlentities($_POST['txtPassword']); //replace the following with your MySQL values //********************* $dbhost = "---"; $dbuser = "---"; $dbpass = ""; $dbname = "fleet_portal"; //********************* $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); // check if the user id and password combination exist in database $query = "SELECT * FROM company WHERE `username` = '$userID' AND `password` = '$userPass' AND `enabled`=1"; $result =mysql_query($query) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['test_logged_in'] = true; $_SESSION['user']=$userID; // after login we move to the main page header('Location: main_login.php'); //include"main_login.php"; exit; } else $errorMessage = 'Sorry, wrong user id / password'; } if ($errorMessage != '') { ?> <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> <?php } ?> <form id="frmLogin" name="frmLogin" method="post"> <table width="400" cellspacing="2" cellpadding="2" border="0" align="center"> <tbody> <tr> <td width>User Id</td> <td><input type="text" id="txtUserId" name="txtUserId" /></td> </tr> <tr> <td width>Password</td> <td><input type="password" id="txtPassword" name="txtPassword" /></td> </tr> <tr> <td width> </td> <td><input type="submit" value="Login" name="btnLogin" /></td> </tr> </tbody> </table> </form> Rgds, Kris Quote Link to comment Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Thanks. I'll try that. Quote Link to comment Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Any ideas on how to make main_login.php password protected if they were trying to go there straight? Quote Link to comment Share on other sites More sharing options...
premiso Posted January 6, 2009 Share Posted January 6, 2009 if (!isset($_SESSION['test_logged_in']) || !$_SESSION['test_logged_in']) { die("You are not logged in."); } Put that at the top of the protected page. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 6, 2009 Share Posted January 6, 2009 I answered that right above. Any ideas on how to make main_login.php password protected if they were trying to go there straight? Quote Link to comment Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Ok. I have everything redirecting to the page now. Everything seems good. Here is what I'm using : session_start(); if (!isset($_SESSION['test_logged_in']) || !$_SESSION['test_logged_in']) { die("You are not logged in."); } But when I go to the redirected page directly, it still works as if it when through the login...is it cuz session_start() is before the test? Quote Link to comment Share on other sites More sharing options...
revraz Posted January 6, 2009 Share Posted January 6, 2009 Means your session is set. Are you logging out someway or closing and re-opening your browser? Quote Link to comment Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 I closed and reopened the browers and it still does it. Everytime I go straight to the "protected" page it opens right up. Quote Link to comment Share on other sites More sharing options...
premiso Posted January 6, 2009 Share Posted January 6, 2009 I closed and reopened the browers and it still does it. Everytime I go straight to the "protected" page it opens right up. Try coding a logout feature and use that. See if it still shows you logged in after logging out. Quote Link to comment Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Yep. It worked thanks. One more question. I'm new with session. I want to carry the username from the login page to the protected page (it acts as my key to get certain info for certain users)...what is the simple was to carry it over? I've tried header('location:main.php?username=$username') The var doesn't even show up on the bar on the main page. Quote Link to comment Share on other sites More sharing options...
mazman13 Posted January 6, 2009 Author Share Posted January 6, 2009 Nope. everything is good. nvm. Thanks again. Quote Link to comment Share on other sites More sharing options...
premiso Posted January 6, 2009 Share Posted January 6, 2009 It will carry automatically if you assign it to $_SESSION['username']. Then just access it that way. Quote Link to comment Share on other sites More sharing options...
mazman13 Posted January 7, 2009 Author Share Posted January 7, 2009 Where would I put that to make it work? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.