hodgey87 Posted September 20, 2011 Share Posted September 20, 2011 Hi, Just wondered if anyone could help Ive been following this tutorial: http://net.tutsplus.com/tutorials/php/user-membership-with-php/ Ive got a simple membership system working now, but just wondering about the login / login links that i currently have. The login link is currently hard coded like so: <ul id="menu"> <li id="active"><a href="index.html">Home</a></li> <li><a href="About.html">About</a></li> <li><a href="Contact.php">Contact</a></li> <li class="end"><a href="login.php">Login</a></li> </ul> and same for the logout: <ul id="menu"> <li id="active"><a href="index.html">Home</a></li> <li><a href="About.html">About</a></li> <li><a href="Contact.php">Contact</a></li> <li class="end"><a href="logout.php">Logout</a></li> </ul> But the problem is, when i go to the about us page for example it will still display the login which really it should have logout. Could anyone offer some assistance please Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 20, 2011 Share Posted September 20, 2011 well the trick of any forum is that you show some effort so we can help with the code you produced. To give a head start. the flavours you have are either login.php or logout.php Now I assume that that tutorial showed you a way to find out wether someone is logged in or not right? Because that would be the main prupose of such a system. So you probably have some condition already. All you need to do is add this condition to an if clause. for instance <?php if(condition){ // is the user logged in? $link = '<a href="logout.php">Logout</a>'; }else{ // if not logged in $link = '<a href="login.php">Login</a>'; } ?> ...... <li class="end"><?php echo $link; ?></li> Note, the above "condition" is the part where you come in. How does your script check if someone is logged in? Quote Link to comment Share on other sites More sharing options...
hodgey87 Posted September 20, 2011 Author Share Posted September 20, 2011 well the trick of any forum is that you show some effort so we can help with the code you produced. To give a head start. the flavours you have are either login.php or logout.php Now I assume that that tutorial showed you a way to find out wether someone is logged in or not right? Because that would be the main prupose of such a system. So you probably have some condition already. All you need to do is add this condition to an if clause. for instance <?php if(condition){ // is the user logged in? $link = '<a href="logout.php">Logout</a>'; }else{ // if not logged in $link = '<a href="login.php">Login</a>'; } ?> ...... <li class="end"><?php echo $link; ?></li> Note, the above "condition" is the part where you come in. How does your script check if someone is logged in? Thank you for your response, websites / php in general arent my forte. Im a Cisco engineer but been roped into building our website I see what your saying though, the part where its checking it a user is logged in or not is here: if(mysql_num_rows($checklogin) == 1) { $row = mysql_fetch_array($checklogin); $email = $row['EmailAddress']; [b]$link = '<a href="logout.php">Logout</a>';[/b] - Can you even do that? $_SESSION['Username'] = $username; $_SESSION['EmailAddress'] = $email; $_SESSION['LoggedIn'] = 1; echo "<h1>Success</h1>"; echo "<p>We are now redirecting you to the member area.</p>"; echo "<meta http-equiv='refresh' content='=2;member.php' />"; } else { $link = '<a href="logout.php">Logout</a>'; echo "<h1>Error</h1>"; echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>"; } } else { ?> Honestly im not sure how it'd be formatted but, ill work on it and see if i can get it in the right area. Quote Link to comment Share on other sites More sharing options...
criostage Posted September 20, 2011 Share Posted September 20, 2011 So your just using PHP SESSIONS to login ? then just do this: if( isset($_SESSION['Username']) && isset($_SESSION['LoggedIn']) ){ $link = '<a href="logout.php">Logout</a>'; }else{ $link = '<a href="login.php">Logout</a>'; } In you case you probably would just use the $_Session["LoggedIn"] but i like to verify more than 1 thing before i can actually log 1 person on ... i m an noob also if you use an cookie you do the same thing but for the $_COOKIE['name_of_the_cookie'] variable. EDIT: heres afew links with help on the $_SESSION and $_COOKIE variables: http://php.net/manual/en/reserved.variables.session.php http://php.net/manual/en/reserved.variables.cookies.php Quote Link to comment Share on other sites More sharing options...
hodgey87 Posted September 20, 2011 Author Share Posted September 20, 2011 So your just using PHP SESSIONS to login ? then just do this: if( isset($_SESSION['Username']) && isset($_SESSION['LoggedIn']) ){ $link = '<a href="logout.php">Logout</a>'; }else{ $link = '<a href="login.php">Logout</a>'; } In you case you probably would just use the $_Session["LoggedIn"] but i like to verify more than 1 thing before i can actually log 1 person on ... i m an noob also if you use an cookie you do the same thing but for the $_COOKIE['name_of_the_cookie'] variable. EDIT: heres afew links with help on the $_SESSION and $_COOKIE variables: http://php.net/manual/en/reserved.variables.session.php http://php.net/manual/en/reserved.variables.cookies.php Ok, that makes sense but is that 'if' statement separate to the statement i already have like so: elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'"); if(mysql_num_rows($checklogin) == 1) { $row = mysql_fetch_array($checklogin); $email = $row['EmailAddress']; $link = '<a href="logout.php">Logout</a>'; $_SESSION['Username'] = $username; $_SESSION['EmailAddress'] = $email; $_SESSION['LoggedIn'] = 1; echo "<h1>Success</h1>"; echo "<p>We are now redirecting you to the member area.</p>"; echo "<meta http-equiv='refresh' content='=2;member.php' />"; } else { $link = '<a href="login.php">Login</a>'; echo "<h1>Error</h1>"; echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>"; } } Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 20, 2011 Share Posted September 20, 2011 I would post that outside your other if statement because i assume it depends on a submit button. But any place fits as long as you see why and what is happening. in addition to what the person above me posted, i would add an additional check to see if the value of $_SESSION['LogedIn'] is as expected. Just to prevent than someone gains access despite the value (because that if statement only checks if the variable is set not it's value). What if a different script sets the value to 0 to lock the user down. That would have no effect. <?php if(isset ($_SESSION['Username']) && isset($_SESSION['LoggedIn']) && $_SESSION['LoggedIn']=== 1){ $link = '<a href="logout.php">Logout</a>'; }else{ $link = '<a href="login.php">Logout</a>'; } ?> P.s. before you launch anything make sure you read some security tutorials. Cisco will like that Quote Link to comment Share on other sites More sharing options...
criostage Posted September 20, 2011 Share Posted September 20, 2011 cssfreakie thank you my mistake ;X Quote Link to comment Share on other sites More sharing options...
hodgey87 Posted September 20, 2011 Author Share Posted September 20, 2011 <?php if(isset ($_SESSION['Username']) && isset($_SESSION['LoggedIn']) && $_SESSION['LoggedIn']=== 1){ $link = '<a href="logout.php">Logout</a>'; }else{ $link = '<a href="login.php">Logout</a>'; } ?> Ok thank you, ive added the extra if statement in but i cant display the logout link in the navigation. Ive edited the code like you said: <li class="end"><?php echo $link; ?></li> and <?php if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) { ?> <!--<h1>Member Area</h1>--> <center><p>Thanks for logging in! You are <b><?=$_SESSION['Username']?></b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p></center> <ul> <!--<li><a href="logout.php">Logout.</a></li>--> </ul> <?php } elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'"); if(mysql_num_rows($checklogin) == 1) { $row = mysql_fetch_array($checklogin); $email = $row['EmailAddress']; $_SESSION['Username'] = $username; $_SESSION['EmailAddress'] = $email; $_SESSION['LoggedIn'] = 1; echo "<h1>Success</h1>"; echo "<p>We are now redirecting you to the member area.</p>"; echo "<meta http-equiv='refresh' content='=2;member.php' />"; } else { echo "<h1>Error</h1>"; echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>"; } } else { ?> [b]<?php if(isset ($_SESSION['Username']) && isset($_SESSION['LoggedIn']) && $_SESSION['LoggedIn']=== 1){ $link = '<a href="logout.php">Logout</a>'; }else{ $link = '<a href="login.php">Logout</a>'; } ?>[/b] Yes i know im not the best at this, but i am trying Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 20, 2011 Share Posted September 20, 2011 try the following , and read the comments made in the code. (btw I find those meta redirects pretty unfriendly) Hope the following makes sense <?php // ## CHECK IF SOMEONE PRESSED SUBMIT AND GAVE CREDENTIALS // if not there is no need to run this code if(isset($_POST['submit']) //first check if someone pressed submit otherwise it's a waste && !empty($_POST['username']) && !empty($_POST['password'])){ // open // set variables $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'"); $message = ''; // query database if(mysql_num_rows($checklogin) == 1) { $row = mysql_fetch_array($checklogin); $email = $row['EmailAddress']; $_SESSION['Username'] = $username; $_SESSION['EmailAddress'] = $email; $_SESSION['LoggedIn'] = 1; $message .= "<h1>Success</h1>"; // instead of echoing out we give it to a variable to use it later $message .= "<p>We are now redirecting you to the member area.</p>"; $message .= "<meta http-equiv='refresh' content='=2;member.php' />"; } else { $message .= "<h1>Error</h1>"; $message .= "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>"; } }// close // ## CHECK USER LOGGED IN STATUS ## // This piece of code just checks if the user got logged in. if(isset ($_SESSION['Username']) && isset($_SESSION['LoggedIn']) && $_SESSION['LoggedIn']=== 1){ $link = '<a href="logout.php">Logout</a>'; $welcome = $_SESSION['Username']; // anything you want to hide from normal user you can place or set inside here. }else{ $link = '<a href="login.php">Logout</a>'; $welcome = 'guest'; } ?> <body> <h1>welcome <?php echo $welcome;?></h1> <div class="message"><?php echo $message; ?></div> <!---- ## here follows the menu ## -------> <ul id="menu"> <li id="active"><a href="index.html">Home</a></li> <li><a href="About.html">About</a></li> <li><a href="Contact.php">Contact</a></li> <li class="end"><?php echo $link; ?></li> </ul> <!--- you probably have some form here --> </body> Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 20, 2011 Share Posted September 20, 2011 p.s. this line: md5(mysql_real_escape_string($_POST['password'])) makes no sense. the following is sufficient since md5 already transforms it into a fixed length hash without any dangerous characters (as far as I know): md5($_POST['password']) Quote Link to comment Share on other sites More sharing options...
hodgey87 Posted September 21, 2011 Author Share Posted September 21, 2011 p.s. this line: md5(mysql_real_escape_string($_POST['password'])) makes no sense. the following is sufficient since md5 already transforms it into a fixed length hash without any dangerous characters (as far as I know): md5($_POST['password']) Thanks for your help really appreciate it, got it working had re arranged the code and it worked fine. Just one final thing though On the index page i have 'login' but when i go back to the index page once logged in it still displays login. Ive looked at the code like so: <?php if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) { $link1 = '<a href="login.php">Member</a>'; $link = '<a href="logout.php">Logout</a>'; ?> <!--<h1>Member Area</h1>--> <!--<center><p>Thanks for logging in! You are <b><?=$_SESSION['Username']?></b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p></center>--> <ul> <!--<li><a href="logout.php">Logout.</a></li>--> <!--<li><?php echo $link; ?></li>--> </ul> <?php } elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'"); if(mysql_num_rows($checklogin) == 1) { $row = mysql_fetch_array($checklogin); $email = $row['EmailAddress']; $_SESSION['Username'] = $username; $_SESSION['EmailAddress'] = $email; $_SESSION['LoggedIn'] = 1; echo "<h1>Success</h1>"; echo "<p>We are now redirecting you to the member area.</p>"; echo "<meta http-equiv='refresh' content='=2;member.php' />"; } else { echo "<h1>Error</h1>"; echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>"; } } else { ?> <?php } ?> <nav> <ul id="menu"> <li id="active"><a href="index.php">Home</a></li> <li><a href="About.php">About</a></li> <li><a href="Contact.php">Contact</a></li> <!--<li><a href="login.php">Member</a></li>--> [b]<li><?php echo $link; ?></li> <li class="end"><?php echo $link1; ?></li>[/b] </ul> </nav> </div> Is it possible to switch between the 2 links depending on whether your logged in or not? With this bit in the navigation: <ul id="menu"> <li id="active"><a href="index.php">Home</a></li> <li><a href="About.php">About</a></li> <li><a href="Contact.php">Contact</a></li> <li><?php echo $link; ?></li> <li class="end"><?php echo $link1; ?></li> </ul> Thanks in advance. Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 21, 2011 Share Posted September 21, 2011 I recommend you still spend a tiny bit more time on the script given. Since the idea you came up with is a bit odd (assuming you looked at the script given). if you look at what you came up with: <?php if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) { $link1 = '<a href="login.php">Member</a>'; $link = '<a href="logout.php">Logout</a>'; ?> You assign 2 variables here, while the whole trick of the us of an if statement is that we can switch between cases. (condition true, or else) Now look at what is given to you: <?php // ## CHECK USER LOGGED IN STATUS ## // This piece of code just checks if the user got logged in. if(isset ($_SESSION['Username']) && isset($_SESSION['LoggedIn']) && $_SESSION['LoggedIn']=== 1){ $link = '<a href="logout.php">Logout</a>'; $welcome = $_SESSION['Username']; // anything you want to hide from normal user you can place or set inside here. }else{ $link = '<a href="login.php">Logout</a>'; $welcome = 'guest'; } ?> This if statement assigns a different value to only 1 $link variable. For the case the user is logged in and incase the user is not logged in. So that is exactly what you need. Switch cases depending on the logged in status. So, there is no need to change that menu (<ul>). you just echo $link inside there and the logic above will determine whether it should say login or logout. Sorry but I have a hard time understanding why you moved on with that old script. I don't see the logic in that. Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 21, 2011 Share Posted September 21, 2011 i made a spelling error in the else{} part else{ $link = '<a href="login.php">Logout</a>'; $welcome = 'guest'; } should be else{ $link = '<a href="login.php">Login/a>'; $welcome = 'guest'; } The logic stays the same though ... Quote Link to comment Share on other sites More sharing options...
hodgey87 Posted September 21, 2011 Author Share Posted September 21, 2011 i made a spelling error in the else{} part else{ $link = '<a href="login.php">Logout</a>'; $welcome = 'guest'; } should be else{ $link = '<a href="login.php">Login/a>'; $welcome = 'guest'; } The logic stays the same though ... Thanks i tried your script but couldnt get it too work properly, but with the other one it worked fine. Ive added in your logic though with the if statements and it works perfect. Im not a php developer and probably will never do this again i think as long it does what its supposed to thatll do for now. Thanks for your help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.