Jump to content

Check if user has login


IrOnMaSk

Recommended Posts

There are 2 pieces: 1 ~ create a session variable and 2 ~ check for a session variable. So as an example when you've checked the user's username/password to see if they are correct set the username into a session:

 

$_SESSION['username'] = $username;

 

Then on the pages you want to prevent users who aren't logged in you'd use the code:

 

$username = $_SESSION['username'];

if($username != NULL){
// This is where your protected page's code belongs
} else {
// If the user isn't logged in take them to the login page instead
header("Location: login.php");
}

Thanks for your reply jj, it makes sense. I'm not sure though to how I implement that into the script. So here's how I check to see if username/password match when user login.

<?php 

// Connects to your Database 

mysql_connect("localhost", "Sopoan", "Javascrip1") or die(mysql_error()); 

mysql_select_db("member") or die(mysql_error()); 


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page

{ 
	$username = $_COOKIE['ID_my_site']; 

	$pass = $_COOKIE['Key_my_site'];

	 	$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

	while($info = mysql_fetch_array( $check )) 	

		{

		if ($pass != $info['password']) 

			{

			 			}

		else

			{

			header("Location: members.php");



			}

		}

}


//if the login form is submitted 

if (isset($_POST['submit'])) { // if form has been submitted



// makes sure they filled it in

	if(!$_POST['username'] | !$_POST['pass']) {

		die('You did not fill in a required field.');

	}

	// checks it against the database



	if (!get_magic_quotes_gpc()) {

		$_POST['email'] = addslashes($_POST['email']);

	}

	$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);

if ($check2 == 0) {

		die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>');

while($info = mysql_fetch_array( $check )) 	

{

$_POST['pass'] = stripslashes($_POST['pass']);

	$info['password'] = stripslashes($info['password']);

	$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

	if ($_POST['pass'] != $info['password']) {

		die('Incorrect password, please try again.');

	}

	else 

{ 

// if login is ok then we add a cookie 

	 $_POST['username'] = stripslashes($_POST['username']); 

	 $hour = time() + 3600; 

setcookie(ID_my_site, $_POST['username'], $hour); 

setcookie(Key_my_site, $_POST['pass'], $hour);	 

//then redirect them to the members area 

header("Location: members.php"); 

} 

} 

} 

else 

{	 

// if they are not logged in 

?> 

<form action="login.php" method="post"> 

<table border="0"> 

<tr><td colspan=2><h1>Login</h1></td></tr> 

<tr><td>Username:</td><td> 

<input type="text" name="username" maxlength="40"> 

</td></tr> 

<tr><td>Password:</td><td> 

<input type="password" name="pass" maxlength="50"> 

</td></tr> 

<tr><td colspan="2" align="right"> 

<input type="submit" name="submit" value="Login"> 

</td></tr> 

</table> 

</form> 

<?php 

} 
?> 

Thanks

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.