login/session help

[milsapj]

hi,

new to site and to php programming so please be patient. Here is my problem. I origionally coded my website as a html but due to need for

 

login/member registration I changed to php MySQL. However I have gotten turned around and need guidence as to where (what php file) I

 

should put the session code and how to code it correctly. Based on code samples I see the code needs to be at the top of my index.php file

 

and that is where I put it but cant get code to work properly. Here is seq of calls: index.php==> leftcolumn_login.inc.php

 

(form)==>checklogin.php... I can login from my home page ok but I have not been able to track my sessions to enable me to display the home

 

page (and other pages) with the correct header once I have logged in for the first time....ie I initially display SignIn links on all pages when user

 

hits site, but once they login I give a "welcome back member" msg and want to change the pages to display SignOut links only so I need to

 

track the seession logins (hope Im explaining it correctly...the db is working fine).One more thing, based on the way I tried to code the index file I

 

wanted to select a particular include file (that shows a differenct header) based on the session that user is on but this may not be the best way

 

to do it. I am definately open to changing my code based on your expertice but do not want to make too many drastic changes unless

 

necessary but I do want to know what I'm doing wrong.  I have attached my code which will be several include files along with my index file but for now I will give a few samles of my code to see if its enough for you all to see something immediate however I do not

 

want to glog this msg. I would really like to commicate with someone through my personal email rather than make too many post to this site. I

 

am in ATL and trying to communicate with the PHP group here.Thanks for anyones help ahead of time.Here are the code snipets...you may

 

see in code where I commented out some code that I was trying to use:

Index file:

<?php

session_start();

// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less

if (!isset($_SESSION['count'])) {

  $_SESSION['count'] = 0;

} else {

  $_SESSION['count']++;

}

?>

<!DOCTYPE html.......<head>...<body>

<!-- Wrapper sets the layout width -->

<div id="wrapper">

  <!-- header-->

  <?php include("header.inc.php"); ?>

 

  <!-- BEGIN leftcolumn-->

  <?php include("leftcolumn_login.inc.php");

//  $where = 'index.php';

//  echo $where;

//    echo $type_login;

//  if ($type_login == '1') {

//      include("leftcolumn_login.inc.php");

//    } ElseIf ($type_login == '2') {

//      include("leftcolumn_invalidmember.inc.php");

//  } Else {

//      include("leftcolumn_login.inc.php");

//    }

    ?>

  <!-- END leftcolumn-->

 

  <!--#include file="nav.inc.php" -->

    <?php include("nav.inc.php"); ?>

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

leftcolumn_login.inc.php:

          <form name="form1" method="post" action="checklogin.php">

              <td nowrap>

                <table width="100%" border="0" cellspacing="0" cellpadding="4" class=loginmodulecontent>

                    <tr>

                      <td><b><font size="2" color="#FFFF00">Username: </font></b><br>

                          <b><font size="2" color="#FFFF00"><input name="myusername" id="myusername" type="text" size="10"/><br>

                                Password:<br></font></b>

                          <input name="mypassword" id="mypassword" type="password" size="10"/><br>

                          <input type="submit" name="Submit" value="Login"><br>

                          <font size="2"><a href="register.php?content=register"><strong>Click to sign-up</font></a><br>

                          <font size="2"><a href="password.php?content=password"><strong>Forgot Login?</strong></font></a><br>

                      </td>

                    </tr>

                </table>

              </td>

          </form>

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

checklogin.php:

<?php

//$host="localhost/"; // Host name

//$host="127.0.0.1/"; // Host name

$host="localhost"; // Host name

//$host="localhost/Richard_website_phpMySQL/index.php"; // Host name

 

$where = "checklogin.php";

$db_name="crescendo"; // Database name

$tbl_name="register"; // Table name

 

// username and password sent from form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

// To protect MySQL injection (more detail about MySQL injection)

//$myusername = stripslashes($myusername);

//$mypassword = stripslashes($mypassword);

//$myusername = mysql_real_escape_string($myusername);

//$mypassword = mysql_real_escape_string($mypassword);

 

// Connect to server and select databse using substitution variables and user input

mysql_connect("$host", "$myusername", "$mypassword")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

//directly connecing to database with these values

//mysql_connect('localhost', 'johnny', 'johnny');

//mysql_select_db('crescendo')or die("cannot select DB");

 

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

echo $where; echo $myusername; echo $mypassword;

if($count==1){

  // Register $myusername, $mypassword and redirect to file "login_success.php"

  $type_login == '1';

  echo $type_login;

  session_register("myusername");

  session_register("mypassword");

  //if login successfull redirect to Welcome Back member home page

  header("location:index_member.php?typelogin=$type_login");

 

} ElseIf ($myusername > '') { // PHP Elseif Statement

  $type_login == '2';

  echo $type_login;

  //if login unsuccessfull redirect to home page

  header("location:index.php?typelogin=$type_login");

} Else {

  $type_login == '';

  echo $type_login;

  header("location:index.php?typelogin=$type_login");

}

?>

 

[attachment deleted by admin]

[wildteen88]

I cannot understand what you're asking in your post, but one issue I do see in your code is the use of the session_register function.

 

You should not use this function to create session variables. When creating session variables you'd do something like this

$_SESSION['myvarname'] = 'some value';

 

But make sure you have called session_start before you use/assign $_SESSION variables.

 

Also please note when posting code make sure you wrap it within in

or

tags

[milsapj]

tx wildteen88....sorry for not sounding clear on what i wanted. Ok I have 4 followup questions: 1) Is there a quick 'easy to use' debug tool i can use to see my variable values so i can see exactly what my values are because I'm not exactly sure what all the login/seesion code is doing since I got the code off this (and another ) php forum. I really just am not understanding which php files that I should have the session code in and how to use the session that I am on to determine which successive web pages to display (ie I want to diplay new header on my web pages that only have sign off link unlike the initial pages that i display when user 1st enters the site and i have 'sign in' links on the pages?

2) the varname I store my login name on the login page is "<input name="myusername".....so in the code u suggest  I coded this way: $_SESSION['myusername'] = 'usernamevalue';.....however since i cant see values and i do not see a different code responce, should i check the "usernamevalue" field in my code to see if I have logged in for the 1st time??? Again, I don't really understand in which php file I should be checking to see when I have logged in for the 1st time. How am I suppose to track which session I am on so that I know whether the user has already logged in or not? 

 

3) I keep getting the following error if I log in with wrong userid/passw combination...why does it keep trying to use password=YES???

 

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'johnny'@'localhost' (using password: YES) in C:\WampServer2.0i\www\Richard_website_phpMySQL\checklogin.php on line 22

cannot connect

 

4) Everytime I login with the correct userid/password I do get my welcome loggin page but if i click on the home page link again it immediately displays the home page asking me to login again...if i was tracking my session correctly this should not be happening...right?

[wildteen88]

3) I keep getting the following error if I log in with wrong userid/passw combination...why does it keep trying to use password=YES???

 

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'johnny'@'localhost' (using password: YES) in C:\WampServer2.0i\www\Richard_website_phpMySQL\checklogin.php on line 22

cannot connect

in

Just checked your checklogin.php file. How you are logging in users is incorrect. You shouldn't be creating new MySQL accounts for members that sign up to your site.

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

...

// Connect to server and select databse using substitution variables and user input
mysql_connect("$host", "$myusername", "$mypassword")or die("cannot connect");

The username/password combination you use in mysql_connect() is the main MySQL account you use to manage your mysql database/tables etc. This is the only function for mysql_connect(). You do not use your members username/password details here.

 

2) the varname I store my login name on the login page is "<input name="myusername".....so in the code u suggest  I coded this way: $_SESSION['myusername'] = 'usernamevalue';.....

In my previous post about the use of session_register() I was referring to this in checklogin.php

   session_register("myusername");
   session_register("mypassword");

The above should be

   $_SESSION['myusername'] = $myusername;
     $_SESSION['mypassword'] = $mypassword;

 

Remember you are already getting the username/password from the login form on lines 12 and 13 in checklogin.php:

// username and password sent from form

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

You should also place session_start() at the top of checklogin.php otherwise your session variables will not work as expected.

 

4) Everytime I login with the correct userid/password I do get my welcome loggin page but if i click on the home page link again it immediately displays the home page asking me to login again...if i was tracking my session correctly this should not be happening...right?

The code I do not see in any of the four files you have provided is where you're checking to see if the user has logged in. You've only posted the code which logs the users in (checklogin.php), which sets up the myusername and mypassword session variables. These are the variables you'll want to check to see if the user is logged in or not, as these variables will only exist if the username/password entered in your login form found a match in your databases register table.

 

 

[milsapj]

Tx again wildteen88 I will try these changes and see if I can get the code working. Wildteen88, one thing that would clear a lot up for me is to fully understand exactly WHICH pfp files I'm suppose to put the session start() code in? should it be in the main index.php and every php file (and/or every include file) that I am accessing/writing to the db with...what about the other php pages that only display information (do they also need to check the session variables at the top of each page?..You said I should place session_start() at the top of checklogin.php otherwise my session variables will not work as expected so that is why I want to be clear about this and I dont mean to be difficult & appreciate your help.......As for registration page I know based on what you have told me so far that my register code will need modifying as you will see in the code, however I have attached the file and here is the seq of calls..register.php ==> checkregister.php

tx again ahead of time as you are the only one so far to engage me to help...

 

[attachment deleted by admin]

[wildteen88]

You'll place session_start() in all major pages your members will see, ignoring the files that are being included/required into your pages.