jspstorm Posted April 7, 2011 Share Posted April 7, 2011 I'm trying to implement sessions into my website. At the moment index.php contains a login form that posts to AccountManagement.php. AccountManagement.php then checks the database to see if they have entered a correct username/password combination. This all works fine, however I would like the site to remember that a user has logged in, and not tell them that they have entered an invalid password every time they come to this page by any means other than index.php's login form (e.g. a back button on a page that follows from AccountManagement). I have tried for days to get this to work using a for loop that checks if the session is started, but I can't seem to get the placement/syntax correct. Any help would be greatly appreciated. AccountManagement.php: <?php include ("Includes/database.php"); include ("Includes/htmlheader.php"); dbconnect ("localhost", "xxxxx", "xxxxx", "xxxxx"); $query=sprintf("SELECT wowUsername, Password, UserID FROM Users WHERE (((wowUsername)=\"%s\") AND ((Password)=\"%s\"));", $_POST['Username'], $_POST['Password']); $result=mysql_query($query); if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message);} if (mysql_num_rows($result) !=1) { $errormessage= "Incorrect Username or Password, please try again."; include ("Includes/error.php"); } else { $row=mysql_fetch_assoc($result); $CustomerID = $row['UserID']; $query2=sprintf("SELECT CustomerID, FName FROM Customers WHERE CustomerID=$CustomerID"); $result2=mysql_query($query2); $row2=mysql_fetch_assoc($result2); $_SESSION['UserID']=$CustomerID; ?> <form action="index.php" id="home" name="home" style="width: 8em"></form> <h1> Account Management </h1> <p><h3 align="center">Welcome <?php echo $row2['FName'];?>, use the buttons below to manage your subscriptions.<h3><br /> <h2> <form action="Subscription.php" id="subs" name="subs"> <p> <input class="button5" name="Setup" type="submit" value="New Subscription" align="center" /></p> </form></h2> <form action="AccountUpdate.php" id="remove" name="remove" style="width: 8em"> <p> <input class="button5" name="NewDetails" type="submit" value="Update Details" /> </p></form> </p> <p> <form action="AccountCancel.php" id="remove" name="remove" style="width: 8em"> <input name="Logout3" type="submit" class="button5" value="Cancel Account" align="right" /> </form> </p> <p> <br /> <form action="index.php" id="remove" name="remove" style="width: 8em"> <input class="button5" name="Logout" type="submit" value="Log Out" /> </p> </p> <?php } ?> </div> </body> </html> </form> htmlheader.php: <?php error_reporting(E_ERROR | E_WARNING | E_PARSE ); if(!isset($_SESSION)) { session_start(); $_SESSION['UserID']=0; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head><link rel="stylesheet" type="text/css" href="CSS/Styles.css"/> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Account Management</title> </head> <body> </form> <div id="content"> Quote Link to comment Share on other sites More sharing options...
nethnet Posted April 7, 2011 Share Posted April 7, 2011 I didn't read through your code completely since it was a bit long (and it's a bit late) but essentially what it sounds like you want to do is a simple setup like this: <?php if ($_SESSION['UserID'] > 0) { // Everything that should happen if the user is already logged in } else { // Log the user in and set the $_SESSION['UserID'] variable } ?> I put "> 0" in the if statement, because I noticed you set the variable equal to 0 in the htmlheader.php file. Quote Link to comment Share on other sites More sharing options...
jspstorm Posted April 7, 2011 Author Share Posted April 7, 2011 I've tried that with the exact same syntax, but when I create an if loop that executes the login database check if the session userid is 0, or simply loads the page if userid > 0, I get an error about unexpected t_else, or unexpected t_default. I've tried this numerous different ways. Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 7, 2011 Share Posted April 7, 2011 what is the code on the index page look like,I assume you are starting the session on that page too ? Quote Link to comment Share on other sites More sharing options...
jspstorm Posted April 7, 2011 Author Share Posted April 7, 2011 No, the index page contains the login form and not much else, it doesn't check if you're logged in, only pages following from account management do. Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 7, 2011 Share Posted April 7, 2011 everytime you use the header file you are implicitly setting the Session userid to 0, i wouldnt bother to do this, its either going to be filled with the users ID or not exist (ie login has failed) in effect you are logging them out on every call of a page with the htmlheader.php included in it just do: <?php if(!isset($_SESSION)){ session_start(); } then put the whole login script into an if statement that only triggers if form is posted. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.