Jump to content

Recommended Posts

i've searched and searched on this and can find the answer that almost works every time but my situation is slightly different:

 

all php register member login script advice on the web is set up with a join page, index, login page and a few scripts holding it all together.

 

I need an index page that firstly checks to see if a member is logged on, and then either displays information for the member, or if not logged on, information for a non-member.

 

all has to be on the same index page.

 

i'm aware that using IF else statement I can achieve this, and i can get the form to log in to appear if non-member is detected, but i can't get anything to appear if a member logs in

 

driving me a bit mad and any help would be greatly appreciated.

Link to comment
https://forums.phpfreaks.com/topic/221977-any-help-much-appreciated/
Share on other sites

ah yes might help!

 

ok two scripts/pages

 

ndex.php

checkuser.php

 

logic is - everytime index is run - it immediately runs checkuser to check if logged in. 

 

INDEX.PHP  (there is other html code that does nothing really)

<?php

session_start();

include_once "checkuser.php";

?>

 

<?php

 

if ($_POST['email']) {

include_once "connect_to_mysql.php";

$email = stripslashes($_POST['email']);

$email = strip_tags($email);

$email = mysql_real_escape_string($email);

$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters

$password = md5($password);

// Make query and then register all database data that -

// cannot be changed by member into SESSION variables.

// Data that you want member to be able to change -

// should never be set into a SESSION variable.

$sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$password' AND emailactivated='1'");

$login_check = mysql_num_rows($sql);

if($login_check > 0){

    while($row = mysql_fetch_array($sql)){

        // Get member ID into a session variable

        $id = $row["id"]; 

        session_register('id');

        $_SESSION['id'] = $id;

        // Get member username into a session variable

    $username = $row["username"]; 

        session_register('username');

        $_SESSION['username'] = $username;

        // Update last_log_date field for this member now

        mysql_query("UPDATE members SET lastlogin=now() WHERE id='$id'");

        // Print success message here if all went well then exit the script

header("location: index.php");

                exit();

 

                 

    } // close while

} else {

// Print login failure message to the user and link them back to your login page

  print '<br /><br /><font color="#FF0000">No match in our records, try again </font><br />

<br /><a href="login.php">Click here</a> to go back to the login page.';

  exit();

}

}// close if post

 

 

checkuser.php    very basic but - trying to show the login form if not a user, and the users details if it is a user

 

<?php

 

$toplinks = "";

if (isset($_SESSION['id'])) {

// Put stored session variables into local php variable

    $userid = $_SESSION['id'];

    $username = $_SESSION['username'];

$toplinks = '<a href="member_profile.php">' . $username . '</a> •

<a href="member_account.php">Account</a> •

<a href="logout.php">Log Out</a>';

} else {

$toplinks = '<table align="center" cellpadding="5">

      <form action="login.php" method="post" enctype="multipart/form-data" name="logform" id="logform" onSubmit="return validate_form ( );">

        <tr>

          <td class="style7"><div align="right">Email Address:</div></td>

          <td><input name="email" type="text" id="email" size="30" maxlength="64" /></td>

        </tr> 

        <tr>

          <td class="style7"><div align="right">Password:</div></td>

          <td><input name="password" type="password" id="password" size="30" maxlength="24" /></td>

        </tr>

        <tr>

          <td> </td>

          <td><input name="Submit" type="submit" value="Login" /></td>

        </tr>

      </form>

    </table> <p>

    <a href="join_form.php">Register</a> • <a href="login.php">Login</a>';

}

?>

 

 

p.s the html in the index page ecos $toplinks wehatever it becomes.  the problem may be is that I've changed a script that works with many pages to try and get it onto one so my php is probably messy!

As a really quick suggestion, have you tried omitting the

$email = stripslashes($_POST['email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);

Maybe one of them is taking out the @ symbol and therefore making the email address incorrect? (I'm not too familiar with how those functions work, but this is what I would do if I were testing your code).

 

Where do you actually display $toplinks? I can't see it echoed anywhere.. Isn't it supposed to be?

 

Denno

$toplinks is echoed in a table further down in the index code - i didn't copy but it's there and works as it echos the non-member results fine.

 

 

it's also authenticating the user when you log in - i.e I can get it to redirect to a different page and show logged in so it can't be the email not being recognised.

 

But when I get it to reload the index page but hopefully this time with session data, it doesn't work.

Is session_start() the very first thing that is read?

 

In your second post you say "there is other html code that does nothing really". I'm pretty sure that you need to have session_start() as the very first thing that is executed/read.

 

Try that?

 

Denno

Alright well if you're happy to re-work what you've already got, and start again, here is some code that I've been using, and it works nicely. I've got the user name and password 'hard coded', but I'm sure you can alter this to access a db, and do all your filtering on the email.

 

index.php

<?php
session_start();
include_once "admin_check.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</script>
</head>
<body>
<table width="100%" border="0" cellspacing="1" cellpadding="1">
  <tr>
    <td></td>
  </tr>
  <tr>
    <td>Show member information here</td>
  </tr>
</table>
<p> </p>
</body>
</html>

 

admin_check.php

<table width="100%" border="0" cellspacing="1" cellpadding="1">
  <tr>
    <td>Login Form</td>
    <td><a href="index.php">Admin Home</a></td>
    <td><a href="../index.php">View Live Website</a></td>
  </tr>
</table>

<?php 
$error_msg="";
if($_POST['username']){

$username = $_POST['admin'];
$password = $_POST['password'];
//Simple hard coded values for the correct username and password
$admin = "adminUser";
$adminpass = "password123";

if(($username != $admin) || ($password != $adminpass)){
	$error_msg = ': <font color="FF0000">Your login information is incorrect</font>';
}else{
	session_register('admin');
	$_SESSION['admin'] = $username;
	require_once "index.php";
	exit();
}
}
?>
<?php
if($_SESSION['admin'] != "adminUser"){
echo '<h3>Only the administrator can view this directory</h3><br/>
<table width="340" border="0" cellspacing="1" cellpadding="1">
<form action="admin_check.php" method="post" target="_self">
  <tr>
    <td><table width="340" border="0" cellspacing="1" cellpadding="1">
      <tr>
        <td colspan="2">Please Log In Here' . $error_msg . '</td>
        </tr>
      <tr>
        <td width = "111">Username:</td>
        <td width = "219"><label for="textfield"></label>
          <input type="text" name="username" id="username" /></td>
      </tr>
      <tr>
        <td>Password:</td>
        <td> <input type="password" name="password" id="password"/></td>
      </tr>
      <tr>
        <td colspan="2" align="center"><input type="submit" name="submit" id="submit" value="LogIn" /></td>
        </tr>
    </table></td>
  </tr>
  </form>
</table>
<a href="../">Click here to head back to the homepage</a>';
exit();
}
?>

 

Obviously, you're not doing an admin check, but it's the same principal, having a login.

If you can't follow anything above, let me know and I'll try and explain it in detail :).

 

Denno

In the code I provided, if admin has successfully logged in, then pretty much nothing happens... The contents of index is shown as intended..

 

The second if statement in admin_check will check if the username set in the session is the correct one, and if it is, it will skip the if and continue processing the page (in this case, it would be the rest of the index page, as admin_check was included into it).

 

Not sure if that makes sense?

 

Denno

Pretty much exactly lol.

 

If the username is not found in the session, or if the username that is found, is wrong, then the log in form is shown, and the rest of the page processing is stopped.

 

More than happy to help, hopefully you find it useful.

 

Denno

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.