Worqy Posted February 8, 2010 Share Posted February 8, 2010 Hello. I'm very new to this forum, just 5minutes of membership. And I'm very new to PHP to. I need some help setting up a session system on my login script. Here is my PHP files: login.php # <html> # <form name="form1" method="post" action="checklogin.php"> # <head> # <meta http-equiv="Content-Language" content="fi"> # <title>Login</title> # </head> # <body bgcolor="#666666"> # # # <p align="center"><font face="Aharoni" size="5">Login</font></p> # <p align="left"> # Login</p> # # <input name="myusername" type="text" id="myusername"> # <p> # <input name="mypassword" type="password" id="mypassword"></p> # # <input type="submit" name="Submit" value="Login"> # </body> # </form> # </html> login_success.php 1. <?php 2. // Check if session is not registered , redirect back to main page. 3. // Put this code in first line of web page. 4. session_start(); 5. if(!session_is_registered(myusername)){ 6. header("Location:login.php"); 7. } 8. ?> 9. 10. <html> 11. 12. <head> 13. <meta http-equiv="Content-Language" content="fi"> 14. <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> 15. <title>Login Success</title> 16. 17. <body bgcolor="#666666" onload="FP_preloadImgs(/*url*/'button6.jpg',/*url*/'button7.jpg',/*url*/'button9.jpg',/*url*/'buttonA.jpg',/*url*/'buttonC.jpg',/*url*/'buttonD.jpg')"> 18. 19. <p align="center"> </p> 20. <p align="center"><i><font size="5" face="Aharoni">You have been logged in 21. successfully!</font></i></p> 22. <p align="center"> </p> 23. <p align="left"> </p> 24. <p align="left"> </p> 25. <p align="left"><a href="index.php"> 26. <img border="0" id="img2" src="button8.jpg" height="20" width="100" alt="Main Page" onmouseover="FP_swapImg(1,0,/*id*/'img2',/*url*/'button9.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img2',/*url*/'button8.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img2',/*url*/'buttonA.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img2',/*url*/'button9.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="Main Page"></a></p> 27. <p align="left"><a href="cpanel.php"> 28. <img border="0" id="img3" src="buttonB.jpg" height="20" width="100" alt="cPanel" onmouseover="FP_swapImg(1,0,/*id*/'img3',/*url*/'buttonC.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img3',/*url*/'buttonB.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img3',/*url*/'buttonD.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img3',/*url*/'buttonC.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="cPanel"></a></p> 29. <p align="left"><a href="logout.php"> 30. <img border="0" id="img1" src="button5.jpg" height="20" width="100" alt="Logout" onmouseover="FP_swapImg(1,0,/*id*/'img1',/*url*/'button6.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img1',/*url*/'button5.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img1',/*url*/'button7.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img1',/*url*/'button6.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="Logout"></a></p> 31. 32. </body> 33. 34. </html> 35. and the coming cPanel.php 1. <?php 2. 3. session_start(); 4. 5. if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) { 6. header ("Location: login.php"); 7. } 8. 9. ?> 10. 11. <html> 12. <head> 13. <title>Control Panel</title> 14. </head> 15. <body> 16. 17. Control Panel 18. 19. </body> 20. </html> Now I've tried to set up somekind of session system in the cPanel.php, but it doesn't work. I locates me to the login.php even if I'm logged in! //KevinR Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/ Share on other sites More sharing options...
wildteen88 Posted February 8, 2010 Share Posted February 8, 2010 Don't use session_resister when creating your _SESSION variables. Always do $_SESSION['var_name'] = 'some value'; Also when checking if a session variable exists use isset rather than using session_is_registered if(isset($_SESSION['var_name'])) { // do what ever } session_resister and session_is_registered are old functions which should no longer be used. In any page you use session make sure you have session_start at the start of your scripts. Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/#findComment-1008998 Share on other sites More sharing options...
Worqy Posted February 13, 2010 Author Share Posted February 13, 2010 Now my does look like this: checklogin.php <?php $host="localhost"; // Host name $username="root"; // Mysql username $password="160995kk"; // Mysql password $db_name="Game"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = 'sUsername'; $_SESSION['mypassword'] = 'sPassword'; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> login_success.php <?php // Check if session is not registered , redirect back to main page. // Put this code in first line of web page. session_start(); if(isset($_SESSION['sUsername'])) header("Location:login.php"); ?> <html> <head> <meta http-equiv="Content-Language" content="fi"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Login Success</title> <body bgcolor="#666666" onload="FP_preloadImgs(/*url*/'button6.jpg',/*url*/'button7.jpg',/*url*/'button9.jpg',/*url*/'buttonA.jpg',/*url*/'buttonC.jpg',/*url*/'buttonD.jpg')"> <p align="center"> </p> <p align="center"><i><font size="5" face="Aharoni">You have been logged in successfully!</font></i></p> <p align="center"> </p> <p align="left"> </p> <p align="left"> </p> <p align="left"><a href="index.php"> <img border="0" id="img2" src="button8.jpg" height="20" width="100" alt="Main Page" onmouseover="FP_swapImg(1,0,/*id*/'img2',/*url*/'button9.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img2',/*url*/'button8.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img2',/*url*/'buttonA.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img2',/*url*/'button9.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="Main Page"></a></p> <p align="left"><a href="cpanel.php"> <img border="0" id="img3" src="buttonB.jpg" height="20" width="100" alt="cPanel" onmouseover="FP_swapImg(1,0,/*id*/'img3',/*url*/'buttonC.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img3',/*url*/'buttonB.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img3',/*url*/'buttonD.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img3',/*url*/'buttonC.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="cPanel"></a></p> <p align="left"><a href="logout.php"> <img border="0" id="img1" src="button5.jpg" height="20" width="100" alt="Logout" onmouseover="FP_swapImg(1,0,/*id*/'img1',/*url*/'button6.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img1',/*url*/'button5.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img1',/*url*/'button7.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img1',/*url*/'button6.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="Logout"></a></p> </body> </html> cpanel.php <?php session_start(); if(isset($_SESSION['sUsername']) && isset($_SESSION['sPassword'])){ echo "Hello!"; } ?> <html> <head> <title>Control Panel</title> </head> <body> Control Panel </body> </html> logout.php <?php session_start(); session_destroy(); ?> But I can still got access to cpanel.php even if I logout... Ps. Osrry for that I havent posted in a long time. My pc broke down Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/#findComment-1011901 Share on other sites More sharing options...
Alidad Posted February 14, 2010 Share Posted February 14, 2010 do not show your database user name and password in forum, they could break into your data. Alidad Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/#findComment-1012013 Share on other sites More sharing options...
wildteen88 Posted February 14, 2010 Share Posted February 14, 2010 But I can still got access to cpanel.php even if I logout... In cpanel.php you have no code that stops users that are not logged in from accessing it. You should change these lines in cpanel.php if(isset($_SESSION['sUsername']) && isset($_SESSION['sPassword'])){ echo "Hello!"; } to if(!isset($_SESSION['sUsername'], $_SESSION['sPassword'])){ header('Location: login.php'); exit; } Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/#findComment-1012052 Share on other sites More sharing options...
Worqy Posted February 14, 2010 Author Share Posted February 14, 2010 But I can still got access to cpanel.php even if I logout... In cpanel.php you have no code that stops users that are not logged in from accessing it. You should change these lines in cpanel.php if(isset($_SESSION['sUsername']) && isset($_SESSION['sPassword'])){ echo "Hello!"; } to if(!isset($_SESSION['sUsername'], $_SESSION['sPassword'])){ header('Location: login.php'); exit; } But now I get this problem: I login, I go to cPanel, and I directs me back to login.php Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/#findComment-1012071 Share on other sites More sharing options...
wildteen88 Posted February 14, 2010 Share Posted February 14, 2010 These lines in checklogin.php $_SESSION['myusername'] = 'sUsername'; $_SESSION['mypassword'] = 'sPassword'; Should be $_SESSION['sUsername'] = $myusername; $_SESSION['sPassword'] = $mypassword; Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/#findComment-1012073 Share on other sites More sharing options...
Worqy Posted February 14, 2010 Author Share Posted February 14, 2010 It didnt solve the problem... Anything else? Quote Link to comment https://forums.phpfreaks.com/topic/191349-session-help/#findComment-1012078 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.