son.of.the.morning Posted September 5, 2010 Share Posted September 5, 2010 I am using a login system in php and mySQL but only one page is potected. pages i am using: 1. login.php // inputing details (user name, password) 2. checkloginDetails.php // connect to db and check login details 3. logged_in.php // successfully login ...i need more than the one page protected for example; once the user has logged in there will be the main logged in page with other links, remove topics, add, user, remove user all these pages i want protecting but with out the user inputing his details again. Has anyone got an idear onhow i ould achive this? Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/ Share on other sites More sharing options...
mattheww Posted September 5, 2010 Share Posted September 5, 2010 You could use something like this... //If user has submitted data into username & password fields if ($username&&$password) { include('includes/connect.php'); //select user data from your user's table $query = mysql_query("SELECT username, password FROM users WHERE username='$username' LIMIT 1") or die(mysql_error()); $numrows = mysql_num_rows($query); //if the rows related to the query are more than zero if ($numrows > 0) { $row = mysql_fetch_assoc($query); $dbuser = $row['username']; // IF the username is equal to the username in the database, and the password is equal to the password in the database if ($username == $dbuser && $password == $row['password']) { //set a session of the users' username, and redirect them to a member page. $_SESSION['username'] = $dbuser; header("Location: logged_in.php"); } else echo "Username or Password is incorrect"; } else echo"Username not registered"; } else echo"Please fill in all fields"; Then on each protected page, you could have at the top: session_start(); $user = $_SESSION['username']; if(!$user){ die("You must be logged in to view this page"); } Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107461 Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 I want kind of work around the code i already have, how would i go about keeping the existing code but modifying to the theory in which you have? Here is what i have checklogin.php <?php $host="xxxxxxxx"; // Host name $username="xxxxxxxxx"; // Mysql username $password="xxxxxxxx"; // Mysql password $db_name="a2820511_admin"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php?id=$myusername"); } else { echo "Wrong username or password..."; } ?> login-success.php <? session_start(); if(!session_is_registered(myusername)){ header("location:main_login.php"); } $myusername; welcome ?> Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107476 Share on other sites More sharing options...
wildteen88 Posted September 5, 2010 Share Posted September 5, 2010 When using/setting sessions makes sure you are calling session_start() at the top of all your PHP pages that use sessions. Also when you are setting a session variable do not use session_register(). This function is deprecated and should not be used. Instead use $_SESSION['myusername'] = $myusername; In replace of session_register("myusername") Now on every page you want to be protected. You place this at the top of the page <?php session_start(); if(!isset($_SESSION['myusername'])){ header("location:main_login.php"); exit; } ?> Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107482 Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 How is it the session var (myusername) is passed to page to page? Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107487 Share on other sites More sharing options...
PaulRyan Posted September 5, 2010 Share Posted September 5, 2010 Try this son.of.the.morning Filename: checklogin.php <?php session_start(); $host="mysql14.000webhost.com"; // Host name $username="a2820511_boss"; // Mysql username $password="dark666"; // Mysql password $db_name="a2820511_admin"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; // Although sessioning a password is very dangerous header("location:login_success.php"); } else { echo "Wrong username or password..."; } ?> Filename: login-success.php <?PHP session_start(); if(!isset($_SESSION['myusername'])){ header("location:main_login.php"); exit; } ?> You can just add the above code to all of you protected pages. Paul. Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107490 Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 // Although sessioning a password is very dangerous ??? would this have to be done? Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107507 Share on other sites More sharing options...
PaulRyan Posted September 5, 2010 Share Posted September 5, 2010 No of course not, I was just using your code and appending it Just remove that whole line, unless you need to use password for something? Regards, Paul. Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107509 Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 Ok, Thanks Paul, and wildTeen. Ille let you know how i get on. Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107511 Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 Works fine guys, is it possible for one of use to explain how this $_sesion thingy works for futor refference? Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107516 Share on other sites More sharing options...
PaulRyan Posted September 5, 2010 Share Posted September 5, 2010 Glad to hear it son.of.the.morning. Look here: http://php.about.com/od/advancedphp/ss/php_sessions.htm It may give you an insight how sessions work Paul. Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107520 Share on other sites More sharing options...
wildteen88 Posted September 5, 2010 Share Posted September 5, 2010 This link will be more useful for how sessions work http://www.ruturaj.net/tutorials/php/how-sessions-work Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107522 Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 That fantastic guys, much appreciated. Link to comment https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/#findComment-1107525 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.