Jump to content

Whats wrong with this?

bullbreed

By bullbreed
in PHP Coding Help

 Share

Recommended Posts

bullbreed Member

bullbreed

Posted
Posted

Hello.

 

I am trying do develop a login system that all works on the same page (i.e clicking login doesnt go to another page to tell you that you are logged in or display any errors like missing fields etc.)

 

I want it all to happen in a small div in the header section of the website

 

I have got this far (see code below)

 

But what happens is, when i click on login it works fine but when i then click on another page the message changes to "Please enter a username and password.

 

Your help is very much appreciated

 

<?php
session_start();
?>
<div id="header">
<div class="login">
<?php

$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password){
        $connect = mysql_connect("localhost", "root", "") or die("Couldn't connect!");
        mysql_select_db("********") or die("Couldn't find Database!");
       
        $query = mysql_query("SELECT * FROM users WHERE username = '$username'");
        $numrows = mysql_num_rows($query);
       
        if ($numrows != 0){
        // code to login
                $row = mysql_fetch_assoc($query);
               
                $dbusername = $row['username'];
                $dbpassword = $row['password'];
               
                // Check to see if they match!
                if ($username == $dbusername && md5($password) == $dbpassword){
                        echo "Your In! ";
                        $_SESSION['username'] = $username;
                        echo "Welcome, ".$_SESSION['username']."! <br /><a href='includes/logout.php'>Log out</a>";
                }else{
                        echo "Incorrect username or password!";
                }
        }else{
                echo "That user doesn't exist!";
        }

}else{
        echo "Please enter a username and a password!";
}

if (!isset($_SESSION['username'])){
        ?>
        <form action='login.php' method='POST'>
        Username: <input name='username' type='text' size="20" maxlength="25"  /><br />
        Password: <input name='password' type='password' size="20" maxlength="25"  /><br />
        <input type='submit' value='Login' " /> or <a href='member-register.php'>Register!</a>
        </form>
        <?php
}
?>
</div>
</div>
[code]

Link to comment
Share on other sites
mrMarcus Member

mrMarcus

Posted
Posted

that's because if you go to any other page, the condition of:

 

if ($username && $password){

 

will return false.

 

you could add a name to your submit button:

 

<input type='submit' name='login' value='Login' " />

 

and then wrap your existing code with a condition of execution only if login button has been pressed:

 

<?php
if (isset ($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password){
        $connect = mysql_connect("localhost", "root", "") or die("Couldn't connect!");
        mysql_select_db("********") or die("Couldn't find Database!");
       
        $query = mysql_query("SELECT * FROM users WHERE username = '$username'");
        $numrows = mysql_num_rows($query);
       
        if ($numrows != 0){
        // code to login
                $row = mysql_fetch_assoc($query);
               
                $dbusername = $row['username'];
                $dbpassword = $row['password'];
               
                // Check to see if they match!
                if ($username == $dbusername && md5($password) == $dbpassword){
                        echo "Your In! ";
                        $_SESSION['username'] = $username;
                        echo "Welcome, ".$_SESSION['username']."! <br /><a href='includes/logout.php'>Log out</a>";
                }else{
                        echo "Incorrect username or password!";
                }
        }else{
                echo "That user doesn't exist!";
        }
      
}else{
        echo "Please enter a username and a password!";
}
}
?>

Link to comment
Share on other sites
teamatomic Newbie

teamatomic

Posted
Posted

Its the logical layout of your page. You set session vars yet you never check for them at the start of your page. Something like

 

session_start();

if (isset($_SESSION['username']))

{

//we show page details

}

else

{

// we force a login

}

 

 

HTH

Teamatomic

Link to comment
Share on other sites
bullbreed Member

bullbreed

Posted
  • Author
Posted

I am new to php so please bear with me.  :shy:

 

I added

 

if (isset($_SESSION['username']))

{

echo "Your In! ";

$_SESSION['username'] = $username;

echo "Welcome, ".$_SESSION['username']."! <br /><a href='includes/logout.php'>Log out</a>";

}

else

{

(Then closed this at the bottom of the page as per the code below.)

 

to the code and I know it isn't pretty but it almost works.

Now when I log and i go to a new page the message says;

Your in! ******** Welcome !

Log out

 

The isue with this is that it isnt showing the usrname in the session

 

Additions are marked in red.

If this is completely wrong, what have I done.

could someone do a sample code that it should be so I can compare. Easier to learn that way?  :D

 

<?php
session_start();
?>
<div id="header">
<div class="login">
<?php
[color=red]
if (isset($_SESSION['username']))
{
echo "Your In! ";
$_SESSION['username'] = $username;
echo "Welcome, ".$_SESSION['username']."! <br /><a href='includes/logout.php'>Log out</a>";
}
else
{

[/color]

//Get the Username and Password
$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password){
        $connect = mysql_connect("localhost", "root", "") or die("Couldn't connect!");
        mysql_select_db("*****") or die("Couldn't find Database!");
       
        $query = mysql_query("SELECT * FROM users WHERE username = '$username'");
        $numrows = mysql_num_rows($query);
       
		if ($numrows != 0){
		// code to login
				$row = mysql_fetch_assoc($query);
			   
				$dbusername = $row['username'];
				$dbpassword = $row['password'];
			   
				// Check to see if they match!
				if ($username == $dbusername && md5($password) == $dbpassword){
						echo "Your In! ";
						$_SESSION['username'] = $username;
						echo "Welcome, ".$_SESSION['username']."! <br /><a href='includes/logout.php'>Log out</a>";
				}else{
						echo "Incorrect username or password!";
				}
		}else{
				echo "That user doesn't exist!";
		}

}else{
        echo "Please enter a username and a password!";
}

if (!isset($_SESSION['username'])){
        ?>
        <form action='index.php' method='POST'>
        Username: <input name='username' type='text' size="20" maxlength="25"  /><br />
        Password: <input name='password' type='password' size="20" maxlength="25"  /><br />
        <input type='submit' name'login' value='Login' " /> or <a href='member-register.php'>Register!</a>
        </form>
        <?php
}
[color]
}
[/color]
?>
</div>
</div>

 

Link to comment
Share on other sites
teamatomic Newbie

teamatomic

Posted
Posted

Look at your code. You check if session['username'] is set and then you go and write it again...WHY? if $username has no value now your session['username'] also has no value, so of course it wont display what it doesnt have.

 

echo "Your In! ";

$_SESSION['username'] = $username;

echo "Welcome, ".$_SESSION['username']."! <br /><a href='includes/logout.php'>Log out</a>";

 

Learn to look at your code and follow it down the page and keep track of what you set and where.

 

 

HTH

Teamatomic

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted 
<?php
session_start();
?>
<div id="header">
<div class="login">
<?php

if (!empty($_POST['username']) && !empty($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    $connect = mysql_connect('localhost', 'root', '') or trigger_error('Failed to establish a connection the database server using root@localhost');
    mysql_select_db('database') or trigger_error('Failed to select database <database>');
    
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);
    $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = MD5('$password')");
    $numrows = mysql_num_rows($query);
       
    if (0 !== $numrows) {
        $_SESSION['username'] = $username;
        echo '<a href="#" onclick="window.location.href = window.location">Refresh page</a>';
    } else {
         echo "Incorrect username or password!";
    }	
} else if (isset($_SESSION['username'])) {
    echo 'Welcome, ' . $_SESSION['username'] . '! <br /><a href='includes/logout.php'>Log out</a>';
} else {
    ?>
    <form action='login.php' method='POST'>
        Username: <input name='username' type='text' size="20" maxlength="25"  /><br />
        Password: <input name='password' type='password' size="20" maxlength="25"  /><br />
        <input type='submit' value='Login' " /> or <a href='member-register.php'>Register!</a>
        </form>
        <?php
}
?>
</div>
</div>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.