Jump to content

Check if logged in

Miko

By Miko
in PHP Coding Help

 Share

Recommended Posts

Miko Regular Member

Miko

Posted
Posted

Hello,

 

Thought that my other post about login script was enough but it wasn't  :(

I've got the concept about how to create a login with checking if your data submited is correct.

 

But now I'm encoutering a problem with the sessions.

My scripts echo's a message when your logged in after submited the form, no problem here.

 

But I must include this script in every other page because some of the options on the other pages may be viewed by A, B and not by C for exemple.

 

Now the script is included in my page, but it seems that I must relog every time I change the page.

Strange thing is after submited the form for login I get the message that login is succesfull and when I click again on my home page (where the login form is) I get again the login form.

 

So it seems I'm forgetting something here.

 

My complete code:

 

authentication.php:

<?php

require "config.php";

if(isset($_POST['submit'])){
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);

	$password = md5($password);

	$query = "SELECT * FROM USERS WHERE USER = '$username' AND PASSWORD = '$password'";
	$result = mysql_query($query);

	if(!$query){
		echo "Query failed.";
	}
	else{

		$_SESSION['username'] = $username;
		$_SESSION['sid'] = session_id();
		$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
		echo "Succes! You are now logged in!";

	}
}

?>

 

login form:

 

<div id="login">
<form action="authentication.php" method="post">
	<table>
		<tr>
			<td>Username:</td>
			<td><input type="text" name="username" class="input"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td><input type="password" name="password" class="input"></td>
		</tr>
		<tr>
			<td><input type="submit" name="submit" Value="Login!" class="button"></td>
		</tr>
	</table>
</form>
</div><!-- login -->

 

Anyone an idea what I'm forgetting?

 

thanks :)

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted 

But I must include this script in every other page because some of the options on the other pages may be viewed by A, B and not by C for exemple.

 

Then you are no longer talking about authentication (logging in/logging out) but authorization have a look at access control http://en.wikipedia.org/wiki/Role-based_access_control.

 

You need to start your session before you can add information to it, start your session by typing

 

session_start();

 

on the top of your page before you have any output.

 

I would also strongly advice creating some functions like authenticate($user, $pass), is_authenticated() and is_authorized($resource, $privilege) as these functionality will be most likely be used throughout your application

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.