Jump to content

PHP session and login trouble


jspstorm

Recommended Posts

I'm trying to implement sessions into my website. At the moment index.php contains a login form that posts to AccountManagement.php. AccountManagement.php then checks the database to see if they have entered a correct username/password combination. This all works fine, however I would like the site to remember that a user has logged in, and not tell them that they have entered an invalid password every time they come to this page by any means other than index.php's login form (e.g. a back button on a page that follows from AccountManagement). I have tried for days to get this to work using a for loop that checks if the session is started, but I can't seem to get the placement/syntax correct.

Any help would be greatly appreciated.

 

 

AccountManagement.php:

<?php
include ("Includes/database.php");
include ("Includes/htmlheader.php");
dbconnect ("localhost", "xxxxx", "xxxxx", "xxxxx");
$query=sprintf("SELECT wowUsername, Password, UserID FROM Users WHERE (((wowUsername)=\"%s\") AND ((Password)=\"%s\"));", $_POST['Username'], $_POST['Password']);
$result=mysql_query($query);
if (!$result) {
$message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $query;
    die($message);}
if (mysql_num_rows($result) !=1) {
	$errormessage= "Incorrect Username or Password, please try again.";
	include ("Includes/error.php");
	}
else { 
$row=mysql_fetch_assoc($result);
$CustomerID = $row['UserID'];
$query2=sprintf("SELECT CustomerID, FName FROM Customers WHERE CustomerID=$CustomerID");
$result2=mysql_query($query2);
$row2=mysql_fetch_assoc($result2);
$_SESSION['UserID']=$CustomerID;
?>
<form action="index.php" id="home" name="home" style="width: 8em"></form>
<h1>   
  Account Management
</h1>
<p><h3 align="center">Welcome <?php echo $row2['FName'];?>, use the buttons below to manage your subscriptions.<h3><br />
<h2>
<form action="Subscription.php" id="subs" name="subs">
  <p>
    <input class="button5" name="Setup" type="submit" value="New Subscription" align="center" /></p>
  </form></h2>
<form action="AccountUpdate.php" id="remove" name="remove" style="width: 8em">
  <p>
    <input class="button5" name="NewDetails" type="submit" value="Update Details" />
    </p></form>
  </p>
  <p>
  <form action="AccountCancel.php" id="remove" name="remove" style="width: 8em">
    <input name="Logout3" type="submit" class="button5" value="Cancel Account" align="right" />
    </form>
  </p>
  <p>
  <br />
  <form action="index.php" id="remove" name="remove" style="width: 8em">
    <input class="button5" name="Logout" type="submit" value="Log Out" />
  </p>
  </p>
<?php
}
?>
</div>
</body>
</html>
</form>

 

htmlheader.php:

<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE );
if(!isset($_SESSION))
{
session_start();
$_SESSION['UserID']=0;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><link rel="stylesheet" type="text/css" href="CSS/Styles.css"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Account Management</title>
</head>

<body>
</form>
<div id="content">

Link to comment
Share on other sites

I didn't read through your code completely since it was a bit long (and it's a bit late) but essentially what it sounds like you want to do is a simple setup like this:

 

<?php

if ($_SESSION['UserID'] > 0) {

// Everything that should happen if the user is already logged in

} else {

// Log the user in and set the $_SESSION['UserID'] variable

}

?>

 

I put "> 0" in the if statement, because I noticed you set the variable equal to 0 in the htmlheader.php file.

Link to comment
Share on other sites

I've tried that with the exact same syntax, but when I create an if loop that executes the login database check if the session userid is 0, or simply loads the page if userid > 0, I get an error about unexpected t_else, or unexpected t_default. I've tried this numerous different ways.

Link to comment
Share on other sites

everytime you use the header file you are implicitly setting the Session userid to 0, i wouldnt bother to do this, its either going to be filled with the users ID or not exist (ie login has failed)

in effect you are logging them out on every call of a page with the htmlheader.php included in it

just do:

<?php
if(!isset($_SESSION)){
session_start();
}

then put the whole login script into an if statement that only triggers if form is posted.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.