Jump to content

[SOLVED] after login scripts

chanfuterboy

By chanfuterboy
in PHP Coding Help

 Share

Recommended Posts

chanfuterboy Member

chanfuterboy

Posted
Posted

As you login, you want that all pages that comes after that will be only for member to see. I have the script so But it does not help me to check status in DB if the user is online it can see the next page or need to go login page. can someone help me

 

<?php

session_start();

require_once("connect.php");

 

// Check his status.

if (!empty($_SESSION[username])) // he got it.

{

echo "You are currently logged in, <b>$_SESSION[username]</b>.";

}

else // bad info.

{

echo "You are currently <b>NOT</b> logged in.";

}

 

?>

Link to comment
Share on other sites
chanfuterboy Member

chanfuterboy

Posted
  • Author
Posted

I thinks this code can help you pin on the db to get the info that i want

 

 

<?php

// we must never forget to start the session

session_start();

 

if (isset($_POST['username']) && isset($_POST['password'])) {

     

  $username = $_POST['username'];

  $password = $_POST['password'];

 

require_once("connect.php");

 

  // check if the user id and password combination exist in database

  $query = "SELECT username

          FROM members

          WHERE username = '$username'

                AND password = '$password'";

 

  $row = mysql_query($query)

  or die ("Error - Couldn't login user."); 

 

  if (mysql_num_rows($row) == 1) {

      // the user id and password match,

      // set the session

      $_SESSION[username] = $row[username];

 

 

Link to comment
Share on other sites
alexdemers Newbie

alexdemers

Posted
Posted

You didn't mysql_fetch_array(). $row actually contains a result and not an array.

 

Change to this:

 

<?php
if (mysql_num_rows($row) == 1) {
    // the user id and password match,
    // set the session
    $real_row = mysql_fetch_array($row);
    $_SESSION['username'] = real_row['username'];
}
?>

 

2 things. I highly recommend you use quotes for non constant. If you didn't declare a constant then use quotes. In big applications, it will drastically slow down the application. Also, a little tip: when you do assign a variable to mysql_query(), I recommend naming it $result since it's the result and not records (array).

 

Hope this solves it.

Link to comment
Share on other sites
chanfuterboy Member

chanfuterboy

Posted
  • Author
Posted

The idea is now first, if you login, print that, and not print that. My problem is i dont know the right script to call the db so it can see if someone is online or not

 

<?php

session_start();

require_once("connect.php");

 

if (mysql_num_rows($row) == 1) {

{

echo "You are currently logged in, <b>$_SESSION[username]</b>.";

}

else // bad info.

{

echo "You are currently <b>NOT</b> logged in.";

}

 

?>

 

 

 

Link to comment
Share on other sites
alexdemers Newbie

alexdemers

Posted
Posted

There's 3 steps in getting data from the database.

 

1. Connect to the database (which hopefully you did in connect.php)

2. Query the database (which is what mysql_query() does)

    a. mysql_query() returns either a resource (an internal pointer to that query) or false on failure (syntax error or any other MySQL related errors)

    b. You assign that returned value to $row (in your case, but I recommand changing the variable name to something more precise like $result)

3. You fetch the results from that query: mysql_fetch_array()

    a. If you're sure you will always return 0 or 1 query, you don't have to use a loop; so you can assign it directly: $row = mysql_fetch_array($result). Else, you should to while ($row = mysql_fetch_array($query)) { echo $row['username']; }

    b. Now $row will contain an array which you can juggle with and do what you have to do. In your case, assign $row['username'] to a session variable: $_SESSION['username'];

 

 

Link to comment
Share on other sites
alexdemers Newbie

alexdemers

Posted
Posted

The idea is now first, if you login, print that, and not print that. My problem is i dont know the right script to call the db so it can see if someone is online or not

 

<?php

session_start();

require_once("connect.php");

 

if (mysql_num_rows($row) == 1) {

{

echo "You are currently logged in, <b>$_SESSION[username]</b>.";

}

else // bad info.

{

echo "You are currently <b>NOT</b> logged in.";

}

 

?>

 

 

 

 

Well, what I just explained you is it's not that script (which I just quoted here) you have problems with, it's the one where you assign the username to $_SESSION['username']. That's the problem. And I just corrected that problem. So refer to this post to fix your script http://www.phpfreaks.com/forums/index.php/topic,263787.msg1243513.html#msg1243513

Link to comment
Share on other sites
TeNDoLLA Newbie

TeNDoLLA

Posted
Posted 
<?php
// Start session.
session_start();

// Check if user posted login info.
if (isset($_POST['username']) && isset($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
}

// Include db connect.
require_once("connect.php");

// Fetch user from db if exists.
$sql = "SELECT username
	FROM members
	WHERE username = '$username'
	AND password = '$password'";

$result = mysql_query($sql) or die(mysql_error());

// If user found set session variable.
if (mysql_num_rows($result) == 1)
{
$row = mysql_fetch_array($result);
$_SESSION['username'] = $row['username'];
}

if (isset($_SESSION['username']))
{
// User is logged in.
}
else
{
// User is not logged.
}

Link to comment
Share on other sites
alexdemers Newbie

alexdemers

Posted
Posted

Look. Replace this code (yours):

<?php
// we must never forget to start the session
session_start();

if (isset($_POST['username']) && isset($_POST['password'])) {
            
   $username = $_POST['username'];
   $password = $_POST['password'];

require_once("connect.php");

   // check if the user id and password combination exist in database
   $query = "SELECT username
           FROM members
           WHERE username = '$username'
                 AND password = '$password'";

   $row = mysql_query($query)
   or die ("Error - Couldn't login user."); 

   if (mysql_num_rows($row) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION[username] = $row[username];

 

 

With my corrected code:

<?php
// we must never forget to start the session
session_start();

if (isset($_POST['username']) && isset($_POST['password'])) {
            
   $username = $_POST['username'];
   $password = $_POST['password'];

require_once("connect.php");

   // check if the user id and password combination exist in database
   $query = "SELECT username
           FROM members
           WHERE username = '$username'
                 AND password = '$password'";

   $row = mysql_query($query)
   or die ("Error - Couldn't login user."); 
if (mysql_num_rows($row) == 1) {
    // the user id and password match,
    // set the session
    $real_row = mysql_fetch_array($row);
    $_SESSION['username'] = real_row['username'];
}
?>

 

 

If that's not what you're looking for then I really don't know what you are trying to do. But, like I said, the code you provided in your first post is correct and there's no problems with it (except security, but that's not the issue).

Link to comment
Share on other sites
chanfuterboy Member

chanfuterboy

Posted
  • Author
Posted

I was talking about  this script

It tell me empty query

 

<?php

// Start session.

session_start();

 

// Check if user posted login info.

if (isset($_POST['username']) && isset($_POST['password']))

{

$username = mysql_real_escape_string($_POST['username']);

$password = mysql_real_escape_string($_POST['password']);

}

 

// Include db connect.

require_once("connect.php");

 

// Fetch user from db if exists.

$sql = "SELECT username

FROM members

WHERE username = '$username'

AND password = '$password'";

 

$result = mysql_query($query) or die(mysql_error());

 

// If user found set session variable.

if (mysql_num_rows($result) == 1)

{

$row = mysql_fetch_array($result);

$_SESSION['username'] = $row['username'];

}

 

if (isset($_SESSION['username']))

{

// User is logged in.

}

else

{

// User is not logged.

}

?>

 

It need to be a page that when i go up, it see if you are login or not

Link to comment
Share on other sites
TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

I edited it. Had a little mistake in it. I changed the $query variable to $sql and forgot to change it also from mysql_query($query) -> to -> mysql_query($sql). SO change that part and it should be fine.

 

It should have also given you a notice about that $query variable is not defined. So I assume you don't have error reporting on, which should be always on during development. Add these lines in the beginning of your script to make sure you see the errors also if they occur.

 

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

Link to comment
Share on other sites
chanfuterboy Member

chanfuterboy

Posted
  • Author
Posted

hi,

 

i got the follow error

 

Notice: Undefined variable: username in /var/www/html/shoe/members.php on line 23

 

Notice: Undefined variable: password in /var/www/html/shoe/members.php on line 23

 

Notice: Undefined variable: query in /var/www/html/shoe/members.php on line 25

Query was empty

Link to comment
Share on other sites
chanfuterboy Member

chanfuterboy

Posted
  • Author
Posted

something like this im looking for function

 

page_protect() {

session_start();

 

//check for cookies

 

if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_name'])){

      $_SESSION['user_id'] = $_COOKIE['user_id'];

      $_SESSION['user_name'] = $_COOKIE['user_name'];

  }

 

 

if (!isset($_SESSION['user_id']))

{

header("Location: login.php");

}

 

 

The only thing is i need help to pin it to my code

Link to comment
Share on other sites
TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

As I said I changed the variable $query name to $sql so make sure that variable holding the SQL query is named correctly all over the app. And username and passowrd notifications appear because you are defining and running the sql query that uses these variables outside the isset(POST['username']) part. Move the mysql stuff also inside the part if the form is submitted. Something like this (corrected a bit the code which I posted earlier)

 

<?php
// Start session.
session_start();

// Check if user posted login info.
if (isset($_POST['username']) && isset($_POST['password']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   
// Include db connect.
require_once("connect.php");

// Fetch user from db if exists.
$sql = "SELECT username
      FROM members
      WHERE username = '$username'
      AND password = '$password'";

$result = mysql_query($sql) or die(mysql_error());

// If user found set session variable.
if (mysql_num_rows($result) == 1)
{
   $row = mysql_fetch_array($result);
   $_SESSION['username'] = $row['username'];
}
}

if (isset($_SESSION['username']))
{
   // User is logged in.
}
else
{
   // User is not logged.
}

 

This should get you rid of the notices.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.