help with simple login system

[jomcfall97]

hi im pretty new to php and was wondering about using a simple login system

 

ive looked up some books and have come across this code that seems suitable

 

only thing is i dont know how to implement it properly

 

login.php

<?php

session_start();

$passwords = array("jordan"   => "monkey",
                   "gareth"   => "rhino",
                   "chris" => "lion",
                   "vanessa" => "tiger");

if (!$_POST["username"] or !$_POST["password"]) {
  echo "You must enter your username and password";
  exit;
}

if ($_POST["password"] == $passwords[$_POST["username"]]) {
  echo "Login successful";
  $_SESSION["auth_username"] = $_POST["username"];
}
else {
  echo "Login incorrect";
}
?>

and

 

auth.inc

<?php
session_start();
if (!isset($_SESSION["auth_username"])) {
echo "You must be logged in to view this page";
exit;
}
else {
echo "Hello, you're logged in!";
}

?>

 

i then have a login screen

<FORM ACTION="login.php" METHOD="POST">
<TABLE BORDER=0>
<TR>
  <TD>Username:</TD>
  <TD><INPUT TYPE="TEXT" SIZE=10 NAME="username"></TD>
</TR>
<TR>
  <TD>Password:</TD>
  <TD><INPUT TYPE="PASSWORD" SIZE=10 NAME="password"></TD>
</TR>
</TABLE>
<INPUT TYPE=SUBMIT VALUE="Log in">
</FORM>

it then says to put

 

include "auth.inc";

 

in each page you only want people who have logged in to view

 

unfortunately its not working

 

any help is much appreciated

[Ken2k7]

Please utilize

tags.

[mrMarcus]

unfortunately what is not working?

[jomcfall97]

when i put

 

include "auth.inc";

 

at the top of what i want to be a protected page it still comes up without logging in

 

sorry but like i say im still new to this

[premiso]

Too bad books do not show proper code (although that one is not too far off).

 

<?php
session_start();

if (isset($_GET['logout'])) {
    if (isset($_SESSION["auth_username"])) 
        unset($_SESSION["auth_username"]);
    echo "You are now logged out. <a href='login.php'>Login Again</a>"; // note change this to be your login page form.
    exit;
}

$passwords = array("jordan"   => "monkey",
                   "gareth"   => "rhino",
                   "chris" => "lion",
                   "vanessa" => "tiger");

if (!isset($_POST["username"]) or !isset($_POST["password"])) {
  echo "You must enter your username and password";
  exit;
}elseif (isset($passwords[$_POST['username']]) && $_POST["password"] == $passwords[$_POST["username"]]) {
  echo "Login successful";
  $_SESSION["auth_username"] = $_POST["username"];
}else {
  echo "Login incorrect";
}
?>

 

Using isset on data that may or may not be there is good practice to avoid notice errors.

 

Rename auth.inc to auth.inc.php as with the .php it will hide your code. .inc anyone can see the code.

<?php
session_start();
if (!isset($_SESSION["auth_username"])) {
    echo "You must be logged in to view this page";
    exit;
}else {
    echo "Hello, you're logged in!<br /><a href='login.php?logout=true'>Logout?</a>";
}
?>

 

Now, "how it is not working" I do not know. It seems legit and fine to me, please elaborate on that for further help fixing. You also have to remember everything is going to be case sEnSiTive.

 

at the top of what i want to be a protected page it still comes up without logging in

 

Are you sure the session was not set previously? Try closing the browser then going to a page that you include the auth part in.

 

EDIT:

Added a logout feature for you. Try logging out then going back to the login page. This way you can easily test it without having to close the browser each time to logout.

[mrMarcus]

what is still coming up?  does it say, "You must be logged in to view this page" or "Hello, you're logged in!"?

 

please give a better run down as to what errors are happening, and when they are happening.

 

also, put

error_handling(E_ALL);

at the top of your auth.inc file.