sudsy1970 Posted July 2, 2010 Share Posted July 2, 2010 hi couple of issues with my logon script that could do with some expert help 1) i want to put a script on my members page so that you have to be logged in to see it. i came up with the following. which is great but it doesn't change even when i am logged on. <?php ob_start(); session_start(); // if (!isset($_SESSION["logged_in"])) // { // include "template.php"; // echo "<h2>You are required to Log in to view this page</h2><br><br>"; // echo "<h2>Please use the Links at the top right hand corner of the image</h2><br><br>"; // exit; // } include "template.php" ; ?> 2) i created a member area that i thought would show a login, logout and forgot password link if i wasn't logged in and echo the name of the member would was logged in. however i never get the logged on name part. <div class="member-area"> <?php if ($_SESSION['logged_in']) { ?> <!--- start 'member-area' ---> <ul> <li style="font-weight:bold"><?php echo $_SESSION['fullname']?></li> <li><a href="customer_logout.php" rel="nofollow">Logout</a> »</li> </ul> <?php } else { ?> <!--- start 'member-area' ---> <ul> <li><a href="customer_login.php" rel="nofollow">Log in</a> »</li> <li><a href="customer_create.php" rel="nofollow">Register</a> »</li> <li><a href="password_get.php" rel="nofollow">Forgotten password?</a> »</li> </ul> <?php } ?> </div> <!--- end 'member-area' ---> Any one got any suggestions on where i am going wrong? Thanks for looking (full files are in attachments) [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
coupe-r Posted July 3, 2010 Share Posted July 3, 2010 Try single quotes if (!isset($_SESSION['logged_in'])) Quote Link to comment Share on other sites More sharing options...
sudsy1970 Posted July 3, 2010 Author Share Posted July 3, 2010 still got the same problems, but thanks for the suggestions Quote Link to comment Share on other sites More sharing options...
fred12ned Posted July 3, 2010 Share Posted July 3, 2010 Try making a new page and outputting the whole session variables, check if $_SESSION['logged_in'] is set. <?php session_start(); echo "<pre>"; var_dump($_SESSION); echo "</pre>"; ?> Quote Link to comment Share on other sites More sharing options...
sudsy1970 Posted July 3, 2010 Author Share Posted July 3, 2010 ok tried that and it returned the magical result of array(0) {}. this leads me to think that the login script does not work, would that be correct ? Quote Link to comment Share on other sites More sharing options...
sudsy1970 Posted July 3, 2010 Author Share Posted July 3, 2010 however thinking about it more, i have included a check to see if the username and password match those stored in a table,see code below # If a username and password has been provided, attempt to log the user into the site if (isset($_POST['Username']) && isset($_POST['Password'])) { $username = $_POST['Username']; $password = $_POST['Password']; # Query the database to see if the username and password supplied match $sql = "SELECT CONCAT(FirstName, ' ',LastName) AS Name FROM user WHERE UserName = '$username' AND Password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); so surely it would fail at this point and not proceed to the header relocation part Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2010 Share Posted July 3, 2010 so surely it would fail at this point and not proceed to the header relocation part Only if the query actually failed to execute. Otherwise, the query will return a result regardless of whether the username and password match a record. You need to check what that result is before proceeding. You should also be sanitizing all user-supplied values before placing them in a query string, BTW. Also, make sure there is a session_start(); at the head of the script somewhere . . . <?php # If a username and password has been provided, attempt to log the user into the site if (isset($_POST['Username']) && isset($_POST['Password'])) { $username = $_POST['Username']; $password = $_POST['Password']; # Query the database to see if the username and password supplied match $sql = "SELECT CONCAT(FirstName, ' ',LastName) AS Name FROM user WHERE UserName = '$username' AND Password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); if( mysql_num_rows($result) == 1 ) { // query returned exactly one row; OK to proceed, and set the $_SESSION vars. } else { // if result is anything other than exactly one row, username doesn't exist, // or results are ambiguous, so login can't proceed. } } ?> Quote Link to comment Share on other sites More sharing options...
sudsy1970 Posted July 3, 2010 Author Share Posted July 3, 2010 Can you believe it, no session start, wot a plonker, cheers matey. So now my logout does not work, it does redirect me but if i click on the members page it still shows me as being logged in, it's very simple but have a feeling i should have a session destroy in there somewhere, it's just i know the header function won't work then. any help gratefully accepted. <?php // Set the session variable to show the user is NOT logged in $_SESSION['logged_in'] = false; $_SESSION['username'] = ""; $_SESSION['fullname'] = ""; // Redirect the user to the home page header( 'Location: index.php' ) ; ?> Quote Link to comment Share on other sites More sharing options...
sudsy1970 Posted July 3, 2010 Author Share Posted July 3, 2010 Ok i think that it has something to do with not clearing the Cache, although i am not really sure how to test that. Answers on a postcard to....... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2010 Share Posted July 3, 2010 Generally, this will do it; might need to reset a cookie too, depending if one was set. And remember to include a session_start(); in *all* scripts that will access any type of $_SESSION data. session_start(); $_SESSION = array(); session_destroy(); header('Location: index.php'); // can be whatever you want. logged_out.php, etc. exit(); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.