Miko Posted May 1, 2009 Share Posted May 1, 2009 Hello, Thought that my other post about login script was enough but it wasn't I've got the concept about how to create a login with checking if your data submited is correct. But now I'm encoutering a problem with the sessions. My scripts echo's a message when your logged in after submited the form, no problem here. But I must include this script in every other page because some of the options on the other pages may be viewed by A, B and not by C for exemple. Now the script is included in my page, but it seems that I must relog every time I change the page. Strange thing is after submited the form for login I get the message that login is succesfull and when I click again on my home page (where the login form is) I get again the login form. So it seems I'm forgetting something here. My complete code: authentication.php: <?php require "config.php"; if(isset($_POST['submit'])){ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $password = md5($password); $query = "SELECT * FROM USERS WHERE USER = '$username' AND PASSWORD = '$password'"; $result = mysql_query($query); if(!$query){ echo "Query failed."; } else{ $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; echo "Succes! You are now logged in!"; } } ?> login form: <div id="login"> <form action="authentication.php" method="post"> <table> <tr> <td>Username:</td> <td><input type="text" name="username" class="input"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" class="input"></td> </tr> <tr> <td><input type="submit" name="submit" Value="Login!" class="button"></td> </tr> </table> </form> </div><!-- login --> Anyone an idea what I'm forgetting? thanks Link to comment https://forums.phpfreaks.com/topic/156392-check-if-logged-in/ Share on other sites More sharing options...
ignace Posted May 1, 2009 Share Posted May 1, 2009 But I must include this script in every other page because some of the options on the other pages may be viewed by A, B and not by C for exemple. Then you are no longer talking about authentication (logging in/logging out) but authorization have a look at access control http://en.wikipedia.org/wiki/Role-based_access_control. You need to start your session before you can add information to it, start your session by typing session_start(); on the top of your page before you have any output. I would also strongly advice creating some functions like authenticate($user, $pass), is_authenticated() and is_authorized($resource, $privilege) as these functionality will be most likely be used throughout your application Link to comment https://forums.phpfreaks.com/topic/156392-check-if-logged-in/#findComment-823374 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.