Jump to content

php login: retaining login with uploads

yujikaido

By yujikaido
in PHP Coding Help

 Share

Recommended Posts

yujikaido Newbie

yujikaido

Posted
Posted

I have a simple script to login and then upload a picture but I keep getting logged out. I know it has something to do with sessions or keeping my login authorization intact while I do the upload. The Upload does work but I get the login with my status msg of successful upload below.  Can anyone please tell me what I need to add and please specific as  I just started learning php and have worked on it all weekend with getting it to work like it suppose to. Thank you.

 

<html>
<h1>
<p align="center">
Staff Login
</p>
</h1>
<body bgcolor='#FFCC66'>
<?php

// Define your username and password
$username = "yuji";
$password = "kaido";
// associate array for login
if ($_REQUEST['txtUsername'] != $username || $_REQUEST['txtPassword'] != $password) {

?>
<!-- table is formed along with color and shape-->
<font size="+2">
<table width=25% align=center bgcolor=#FFFFCC border=3>
<form name="form" method="post" 
<td  align=center  bgcolor=#FABCCC</td

<label for="txtUsername">Username:</label>

<input type="text" title="Enter your Username" name="txtUsername" /></p>


<label for="txtpassword">Password:</label>

<input type="password" title="Enter your password" name="txtPassword" /></p>



<input type="submit" name="Submit" value="Login" /></p>

</form>

<?php

}
else { ## if login username and password was correct send following command to page.



  echo("<p align='center'>Upload picture form");
echo "<form enctype='multipart/form-data' method='post' action='login.php'>";
echo "<p align='center'>Image: ";
echo "<input name='file' type='file'>";
echo "<input type='submit' name='state' value='Upload'>";
echo "</form>";

}  

if ($_REQUEST['state'] == 'Upload')
{
echo("<p>Incoming file processing");
$target_path = "images/";

$target_path = $target_path . 
	basename( $_FILES['file']['name']); 

        echo "<p>Number of files: " . count($_FILES);

echo "<p>Incoming File name: ";
echo ($_FILES['file']['name']);
echo "<p>Attempting...";
echo "<p>Copy from: " . $_FILES['file']['tmp_name'];
echo "<p>Copy to: " . $target_path;

if (move_uploaded_file($_FILES['file']['tmp_name'], $target_path))
{
	echo "<p>File [".  $_FILES['file']['name'] . 
		"] has been uploaded";
} 
else
{
	echo "<p>There was an error uploading the file to" .
		$target_path . " Please try again";
}
echo "<form method='post' action='login.php'>";
echo "<input type='submit' name='state' value='Try again'>";
echo "</form>";



?>

<?php 

}

?>
</html>

 

[attachment deleted by admin]

Link to comment
https://forums.phpfreaks.com/topic/194468-php-login-retaining-login-with-uploads/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The php code on that page does not set up a 'log in' that persists beyond the page request when the form is first submitted. It is just some authentication code.

 

Your first step would be to modify that code so that it starts a session and sets a session variable that indicates the current visitor is logged in. You can then start (resume) a session on any page and test that session variable to see if the visitor is logged in or not.

yujikaido Newbie

yujikaido

Posted
  • Author
Posted

Thanks for the replies. Yeah I have been playing with the sessions and i can't seem to get to work and I tried looking for examples online but can't get it to work. for example. please help,as  I am dying to find a solution have been working on it all weekend. Also I am putting all my code on one php file so I am not using any additional pages.

 

session_start();
if ($_SESSION['loggedIn'] != "true") {
         header("Location: http://localhost/loginphoto.php"); # I have tried this.

# also I have tried this.

session_start(); 
$_SESSION['username'] = $username; 
$_SESSION['password']   = $password;

Anti-Moronic Regular Member

Anti-Moronic

Posted
Posted

Thanks for the replies. Yeah I have been playing with the sessions and i can't seem to get to work and I tried looking for examples online but can't get it to work. for example. please help,as  I am dying to find a solution have been working on it all weekend. Also I am putting all my code on one php file so I am not using any additional pages.

 

session_start();
if ($_SESSION['loggedIn'] != "true") {
         header("Location: http://localhost/loginphoto.php"); # I have tried this.

# also I have tried this.

session_start(); 
$_SESSION['username'] = $username; 
$_SESSION['password']   = $password;

 

First, make absolute sure there is no whitespace or lines before session_start() - that *could* cause issues. Next, once you have run that, the session variables will be available, so only refer to session variables after that - like so:

 

<?php session_start();

if(empty($_SESSION['loggedIn'])){
  // redirect to login form or present login form on this page
}

?>

 

Then you need to check if the form has been submitted for upload:

 

if(isset($_POST['formname'])){

  // parse form and do upload

}

 

If that block of code is below the session check and they are all on the same page, you don't need to check for a session again...

 

<?php session_start();

if(empty($_SESSION['loggedIn'])){
  header('Location:http://localhost/loginphoto.php');
  return;
}

if(isset($_POST['formname'])){
  // parse form and do upload
}

?>

 

Of course, this is assuming there is something which creates a login session.

 

But make sure you use 'return' if the session fails even after the header() function if you redirect as the code will still be run despite the redirect.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Since you are attempting to use a single page, the following basic code will work -

 

Any page you would like to protect -

<?php
require 'login.php'; // prevent access unless logged in
// remainder of the code and content on the protected page goes here...
echo "<p>$logout_link</p>";
echo "<p>you are logged in and can access the rest of this page -<p>";
?>

 

login.php code -

<?php
// Simple (demo) log in code. Minimal functional code with no error checking, validation, etc...
// This code is designed to be included at the start of any page that you want to protect so that only logged in visitors can view the protected content on the page.
// The code is all or nothing. If the visitor is not logged in, the log in form is displayed and nothing else. If the visitor is logged in, the remainder of the protected code and content on the page is displayed.
// The log in uses a session and is valid until the current browser session ends.
// The log in form submits to the current page and the username/passwords are hard-coded in an array.
// You would need to provide a menu/links as necessary to navigate to any other page.

// detect direct access to included/required file
if(strtolower(basename($_SERVER["SCRIPT_NAME"])) == strtolower(basename(__FILE__))){
die('No Direct Access');
}

session_start(); // start/resume session

$auth = array(); // array of username/passwords
$auth['user'] = 'pwd'; // add an entry for each permitted visitor, key = username, value = password

// get the host name and script name of the current page (used in redirects to clear the end of the URL.)
$host = $_SERVER["HTTP_HOST"];
$file = $_SERVER["SCRIPT_NAME"];
// make a log out link (can be used in on the main page) -
$logout_link = "<a href='http://$host$file?logout'>Logout</a>";

// process any log out request
if(isset($_GET['logout'])){
unset($_SESSION['loggedin']);
header("Location: http://$host$file"); // redirect to the current page, without any GET parameters on the URL
die(); // prevent the remainder of the code on the page from being executed
}

// process any log in request
if(isset($_GET['login']) && !isset($_SESSION['loggedin'])){
// any validation, redisplay of entered values... not included in this demo code
$form_errors = array(); // array to hold all form errors
if(isset($auth[$_POST['username']]) && $auth[$_POST['username']] == $_POST['password']){
	$_SESSION['loggedin'] = $_POST['username']; // indicate logged in
	header("Location: http://$host$file"); // redirect to the current page, without any GET parameters on the URL
	die(); // prevent the remainder of the code on the page from being executed
} else {
	$form_errors[] = 'The username/password was not correct<br />';
}
}

// check if not logged in
if(!isset($_SESSION['loggedin'])){
// the current visitor is not logged in
// display any form error messages -
if(!empty($form_errors)){
	foreach($form_errors as $error){
		echo $error;
	}
}
echo "You are not logged in, enter your username and password -";
?>
<form action="?login" method="post">
Username: <input type="text" name="username"><br />
Password: <input type="text" name="password"><br />
<input type="submit">
</form>
<?php
die(); // prevent the remainder of the code on the page from being executed
}
// at this point you are correctly logged in
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.