Jump to content

[SOLVED] slight problem with Session Start after login

webguync

By webguync
in PHP Coding Help

Recommended Posts

mrMarcus Member

mrMarcus

Posted
Posted

try this :

<?PHP
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);

session_start();

#clean up function;
function cleanPost($input) {
    if (get_magic_quotes_gpc()) {
        $input= stripslashes($input);
    }
    $output = mysql_real_escape_string($input);

    return $output;
}

$database_connection = mysql_connect("localhost","username","pw") or die("could not connect to database".mysql_error());
$database_result = mysql_select_db("DBName",$database_connection);

/* check if user is already logged in;
* this should really be done on login
* page so user does not have the chance
* to login if he/she is already logged in
* /
if (!$_SESSION['username'])
{
if (isset ($_POST['submit']))
{
	if (isset ($_POST['username']) && isset ($_POST['password']))
	{
		#do query;
		$query = mysql_query(sprintf("SELECT username, pwid FROM roster WHERE username='%s' AND pwid=md5('%s') LIMIT 1", cleanPost($_POST['username']), cleanPost($_POST['pwid']))) or die ('SQL Error : '.mysql_error());

		#check if we have a match;
		if (mysql_num_rows($query) > 0)
		{
			$data = mysql_fetch_assoc($query);

			#declare session var;
			$_SESSION['username'] = $data['username'];

			#user logged in;
			header("Location: /login_successful.php"); //send them somewhere when they log in;
			exit;
		}
		else
		{ echo "incorrect login credentials."; }
	}
	else
	{ echo "Please enter a username and password."; }
}
else
{ echo "please use the form to login."; }
} else {
echo "you're already logged in.";
}

webguync Advanced Member

webguync

Posted
  • Author
Posted

using the changes by jackpf seems to fix the checking against the pw now, so thanks.

 

the only thing that still doesn't work is when I go directly to the page where you need to be logged in, I am not re-directed back to the login page as should be happening w/ this code.

 


// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:ExamLogin.php");
exit;
}

webguync Advanced Member

webguync

Posted
  • Author
Posted

I have a logout link which links to my logout page w/ this code

 

<?php
session_destroy();
if(!isset($_SESSION['username'])){
    header("Location:ExamLogin.php");
    exit;
}
?>

 

but when I navigate back to the index.php page w/o first going to the login page, it acts as if I am still logged in.

 

 

mrMarcus Member

mrMarcus

Posted
Posted

ok, deleting cookies did the trick. Thanks. Is there a way for my logout to have the same function so it won't still show logged in if they navigate to that page w/o logging in first?

yes, you can take from the conditions i gave earlier for that.

 

the best thing to do is when a user successfully logs in, create a session var like 

$_SESSION['logged_in'] = true;

and then use that to do your checks;

 

if ($_SESSION['logged_in']) {
     //user can logout;
} else {
     //not logged in, so they can't logout;
}

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.