joefoldsfive Posted December 17, 2010 Share Posted December 17, 2010 i've searched and searched on this and can find the answer that almost works every time but my situation is slightly different: all php register member login script advice on the web is set up with a join page, index, login page and a few scripts holding it all together. I need an index page that firstly checks to see if a member is logged on, and then either displays information for the member, or if not logged on, information for a non-member. all has to be on the same index page. i'm aware that using IF else statement I can achieve this, and i can get the form to log in to appear if non-member is detected, but i can't get anything to appear if a member logs in driving me a bit mad and any help would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
denno020 Posted December 17, 2010 Share Posted December 17, 2010 php code that you have so far? Will help greatly in understanding the problem and helping to find a solution Denno Quote Link to comment Share on other sites More sharing options...
joefoldsfive Posted December 17, 2010 Author Share Posted December 17, 2010 ah yes might help! ok two scripts/pages ndex.php checkuser.php logic is - everytime index is run - it immediately runs checkuser to check if logged in. INDEX.PHP (there is other html code that does nothing really) <?php session_start(); include_once "checkuser.php"; ?> <?php if ($_POST['email']) { include_once "connect_to_mysql.php"; $email = stripslashes($_POST['email']); $email = strip_tags($email); $email = mysql_real_escape_string($email); $password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters $password = md5($password); // Make query and then register all database data that - // cannot be changed by member into SESSION variables. // Data that you want member to be able to change - // should never be set into a SESSION variable. $sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$password' AND emailactivated='1'"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Get member ID into a session variable $id = $row["id"]; session_register('id'); $_SESSION['id'] = $id; // Get member username into a session variable $username = $row["username"]; session_register('username'); $_SESSION['username'] = $username; // Update last_log_date field for this member now mysql_query("UPDATE members SET lastlogin=now() WHERE id='$id'"); // Print success message here if all went well then exit the script header("location: index.php"); exit(); } // close while } else { // Print login failure message to the user and link them back to your login page print '<br /><br /><font color="#FF0000">No match in our records, try again </font><br /> <br /><a href="login.php">Click here</a> to go back to the login page.'; exit(); } }// close if post checkuser.php very basic but - trying to show the login form if not a user, and the users details if it is a user <?php $toplinks = ""; if (isset($_SESSION['id'])) { // Put stored session variables into local php variable $userid = $_SESSION['id']; $username = $_SESSION['username']; $toplinks = '<a href="member_profile.php">' . $username . '</a> • <a href="member_account.php">Account</a> • <a href="logout.php">Log Out</a>'; } else { $toplinks = '<table align="center" cellpadding="5"> <form action="login.php" method="post" enctype="multipart/form-data" name="logform" id="logform" onSubmit="return validate_form ( );"> <tr> <td class="style7"><div align="right">Email Address:</div></td> <td><input name="email" type="text" id="email" size="30" maxlength="64" /></td> </tr> <tr> <td class="style7"><div align="right">Password:</div></td> <td><input name="password" type="password" id="password" size="30" maxlength="24" /></td> </tr> <tr> <td> </td> <td><input name="Submit" type="submit" value="Login" /></td> </tr> </form> </table> <p> <a href="join_form.php">Register</a> • <a href="login.php">Login</a>'; } ?> p.s the html in the index page ecos $toplinks wehatever it becomes. the problem may be is that I've changed a script that works with many pages to try and get it onto one so my php is probably messy! Quote Link to comment Share on other sites More sharing options...
denno020 Posted December 17, 2010 Share Posted December 17, 2010 As a really quick suggestion, have you tried omitting the $email = stripslashes($_POST['email']); $email = strip_tags($email); $email = mysql_real_escape_string($email); Maybe one of them is taking out the @ symbol and therefore making the email address incorrect? (I'm not too familiar with how those functions work, but this is what I would do if I were testing your code). Where do you actually display $toplinks? I can't see it echoed anywhere.. Isn't it supposed to be? Denno Quote Link to comment Share on other sites More sharing options...
joefoldsfive Posted December 17, 2010 Author Share Posted December 17, 2010 $toplinks is echoed in a table further down in the index code - i didn't copy but it's there and works as it echos the non-member results fine. it's also authenticating the user when you log in - i.e I can get it to redirect to a different page and show logged in so it can't be the email not being recognised. But when I get it to reload the index page but hopefully this time with session data, it doesn't work. Quote Link to comment Share on other sites More sharing options...
denno020 Posted December 17, 2010 Share Posted December 17, 2010 Is session_start() the very first thing that is read? In your second post you say "there is other html code that does nothing really". I'm pretty sure that you need to have session_start() as the very first thing that is executed/read. Try that? Denno Quote Link to comment Share on other sites More sharing options...
joefoldsfive Posted December 17, 2010 Author Share Posted December 17, 2010 <?php session_start(); first thing on the index page Quote Link to comment Share on other sites More sharing options...
denno020 Posted December 17, 2010 Share Posted December 17, 2010 Doesn't make a difference? Denno Quote Link to comment Share on other sites More sharing options...
joefoldsfive Posted December 17, 2010 Author Share Posted December 17, 2010 fraid not i don't mind going back to basics and re-working whole code to get this to work it is very important it all happens on the first index page, cannot have a separate login page. Quote Link to comment Share on other sites More sharing options...
denno020 Posted December 17, 2010 Share Posted December 17, 2010 Alright well if you're happy to re-work what you've already got, and start again, here is some code that I've been using, and it works nicely. I've got the user name and password 'hard coded', but I'm sure you can alter this to access a db, and do all your filtering on the email. index.php <?php session_start(); include_once "admin_check.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </script> </head> <body> <table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td></td> </tr> <tr> <td>Show member information here</td> </tr> </table> <p> </p> </body> </html> admin_check.php <table width="100%" border="0" cellspacing="1" cellpadding="1"> <tr> <td>Login Form</td> <td><a href="index.php">Admin Home</a></td> <td><a href="../index.php">View Live Website</a></td> </tr> </table> <?php $error_msg=""; if($_POST['username']){ $username = $_POST['admin']; $password = $_POST['password']; //Simple hard coded values for the correct username and password $admin = "adminUser"; $adminpass = "password123"; if(($username != $admin) || ($password != $adminpass)){ $error_msg = ': <font color="FF0000">Your login information is incorrect</font>'; }else{ session_register('admin'); $_SESSION['admin'] = $username; require_once "index.php"; exit(); } } ?> <?php if($_SESSION['admin'] != "adminUser"){ echo '<h3>Only the administrator can view this directory</h3><br/> <table width="340" border="0" cellspacing="1" cellpadding="1"> <form action="admin_check.php" method="post" target="_self"> <tr> <td><table width="340" border="0" cellspacing="1" cellpadding="1"> <tr> <td colspan="2">Please Log In Here' . $error_msg . '</td> </tr> <tr> <td width = "111">Username:</td> <td width = "219"><label for="textfield"></label> <input type="text" name="username" id="username" /></td> </tr> <tr> <td>Password:</td> <td> <input type="password" name="password" id="password"/></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" name="submit" id="submit" value="LogIn" /></td> </tr> </table></td> </tr> </form> </table> <a href="../">Click here to head back to the homepage</a>'; exit(); } ?> Obviously, you're not doing an admin check, but it's the same principal, having a login. If you can't follow anything above, let me know and I'll try and explain it in detail . Denno Quote Link to comment Share on other sites More sharing options...
joefoldsfive Posted December 17, 2010 Author Share Posted December 17, 2010 looks like that could work but what happens if the admin does log in succesfully? what is displayed? this is where my code fails at the moment Quote Link to comment Share on other sites More sharing options...
denno020 Posted December 17, 2010 Share Posted December 17, 2010 In the code I provided, if admin has successfully logged in, then pretty much nothing happens... The contents of index is shown as intended.. The second if statement in admin_check will check if the username set in the session is the correct one, and if it is, it will skip the if and continue processing the page (in this case, it would be the rest of the index page, as admin_check was included into it). Not sure if that makes sense? Denno Quote Link to comment Share on other sites More sharing options...
joefoldsfive Posted December 17, 2010 Author Share Posted December 17, 2010 so effectively the login fields are only shown if admin is not found looks good - I will cross it with my user password rather than admin and also need the security measures i have in my original coding thank you for the help Quote Link to comment Share on other sites More sharing options...
denno020 Posted December 17, 2010 Share Posted December 17, 2010 Pretty much exactly lol. If the username is not found in the session, or if the username that is found, is wrong, then the log in form is shown, and the rest of the page processing is stopped. More than happy to help, hopefully you find it useful. Denno Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.