Jump to content

[SOLVED] slight problem with Session Start after login

webguync

By webguync
in PHP Coding Help

 Share

Recommended Posts

mrMarcus Member

mrMarcus

Posted
Posted

try this :

<?PHP
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);

session_start();

#clean up function;
function cleanPost($input) {
    if (get_magic_quotes_gpc()) {
        $input= stripslashes($input);
    }
    $output = mysql_real_escape_string($input);

    return $output;
}

$database_connection = mysql_connect("localhost","username","pw") or die("could not connect to database".mysql_error());
$database_result = mysql_select_db("DBName",$database_connection);

/* check if user is already logged in;
* this should really be done on login
* page so user does not have the chance
* to login if he/she is already logged in
* /
if (!$_SESSION['username'])
{
if (isset ($_POST['submit']))
{
	if (isset ($_POST['username']) && isset ($_POST['password']))
	{
		#do query;
		$query = mysql_query(sprintf("SELECT username, pwid FROM roster WHERE username='%s' AND pwid=md5('%s') LIMIT 1", cleanPost($_POST['username']), cleanPost($_POST['pwid']))) or die ('SQL Error : '.mysql_error());

		#check if we have a match;
		if (mysql_num_rows($query) > 0)
		{
			$data = mysql_fetch_assoc($query);

			#declare session var;
			$_SESSION['username'] = $data['username'];

			#user logged in;
			header("Location: /login_successful.php"); //send them somewhere when they log in;
			exit;
		}
		else
		{ echo "incorrect login credentials."; }
	}
	else
	{ echo "Please enter a username and password."; }
}
else
{ echo "please use the form to login."; }
} else {
echo "you're already logged in.";
}

Link to comment
Share on other sites
webguync Advanced Member

webguync

Posted
  • Author
Posted

using the changes by jackpf seems to fix the checking against the pw now, so thanks.

 

the only thing that still doesn't work is when I go directly to the page where you need to be logged in, I am not re-directed back to the login page as should be happening w/ this code.

 


// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:ExamLogin.php");
exit;
}

Link to comment
Share on other sites
webguync Advanced Member

webguync

Posted
  • Author
Posted

I have a logout link which links to my logout page w/ this code

 

<?php
session_destroy();
if(!isset($_SESSION['username'])){
    header("Location:ExamLogin.php");
    exit;
}
?>

 

but when I navigate back to the index.php page w/o first going to the login page, it acts as if I am still logged in.

 

 

Link to comment
Share on other sites
mrMarcus Member

mrMarcus

Posted
Posted

ok, deleting cookies did the trick. Thanks. Is there a way for my logout to have the same function so it won't still show logged in if they navigate to that page w/o logging in first?

yes, you can take from the conditions i gave earlier for that.

 

the best thing to do is when a user successfully logs in, create a session var like 

$_SESSION['logged_in'] = true;

and then use that to do your checks;

 

if ($_SESSION['logged_in']) {
     //user can logout;
} else {
     //not logged in, so they can't logout;
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.