Jump to content

Recommended Posts

I am using a login system in php and mySQL but only one page is potected.

 

pages i am using:

1. login.php // inputing details (user name, password)

2. checkloginDetails.php // connect to db and check login details

3. logged_in.php // successfully login

 

...i need more than the one page protected for example; once the user has logged in there will be the main logged in page with other links, remove topics, add, user, remove user all these pages i want protecting but with out the user inputing his details again.

 

Has anyone got an idear onhow i ould achive this?

 

Link to comment
https://forums.phpfreaks.com/topic/212587-login-system-in-php-mysql/
Share on other sites

You could use something like this...

 

//If user has submitted data into username & password fields
if ($username&&$password)
{

include('includes/connect.php');
//select user data from your user's table
$query = mysql_query("SELECT username, password FROM users WHERE username='$username' LIMIT 1") or die(mysql_error());
$numrows = mysql_num_rows($query);

//if the rows related to the query are more than zero
if ($numrows > 0) {

    $row = mysql_fetch_assoc($query);    
    $dbuser = $row['username'];

    // IF the username is equal to the username in the database, and the password is equal to the password in the database
    if ($username == $dbuser && $password == $row['password']) {

                //set a session of the users' username, and redirect them to a member page.
                $_SESSION['username'] = $dbuser;
                header("Location: logged_in.php");
    }
else
    echo "Username or Password is incorrect";
}
else
      echo"Username not registered";

}
else
      echo"Please fill in all fields";

 

 

Then on each protected page, you could have at the top:

 

session_start();

$user = $_SESSION['username'];

if(!$user){
  die("You must be logged in to view this page"); 
}

I want kind of work around the code i already have, how would i go about keeping the existing code but modifying to the theory in which you have?

 

Here is what i have

checklogin.php

<?php
$host="xxxxxxxx"; // Host name 
$username="xxxxxxxxx"; // Mysql username 
$password="xxxxxxxx"; // Mysql password 
$db_name="a2820511_admin"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection 
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php?id=$myusername");
}
else {
echo "Wrong username or password...";
}
?>

 

login-success.php

<? 
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
$myusername; welcome
?>

When using/setting sessions makes sure you are calling session_start() at the top of all your PHP pages that use sessions.

Also when you are setting a session variable do not use session_register(). This function is deprecated and should not be used. Instead use

$_SESSION['myusername'] = $myusername;

In replace of session_register("myusername")

 

Now on every page you want to be protected. You place this at the top of the page

<?php
session_start();
if(!isset($_SESSION['myusername'])){
    header("location:main_login.php");
    exit;
}
?>

Try this son.of.the.morning

 

Filename: checklogin.php

<?php session_start();

$host="mysql14.000webhost.com"; // Host name 
$username="a2820511_boss"; // Mysql username 
$password="dark666"; // Mysql password 
$db_name="a2820511_admin"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection 
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"

$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword; // Although sessioning a password is very dangerous

header("location:login_success.php");
}
else {
echo "Wrong username or password...";
}
?>

 

Filename: login-success.php

<?PHP session_start();

  if(!isset($_SESSION['myusername'])){
    header("location:main_login.php");
    exit;
  }
?>

 

You can just add the above code to all of you protected pages.

 

Paul.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.