Jump to content

Recommended Posts

I have this code that is a basic login/logout/register page. Once you successfully login, it still displays the error message that you would see if there was an error when you tried to log in (i.e. incorrect username and/or password). I'm not asking for a rewrite, I just need someone to see if my logic is wrong and kind of give me a hint of where to look. Thanks in advance. I'm new to PHP and this forum and it's really nice that everyone is so helpful. I hope that one day, because of you guys, I'll know enough to help other people.

[code]<?php
session_start();
session_register("LoggedInUser");

$uname = $_POST['username'];
$pwd = $_POST['password'];
$action = (empty($_GET['action'])) ? "" : $_GET['action']; // Ask Russell what this does
$loggedIn = FALSE;
$loginError = FALSE;

if (!isset($role)) {
$role = "Unapproved";
}
if (isset($HTTP_SESSION_VARS['LoggedInUser'])) {
$loggedIn = TRUE;
}
if ($loggedIn) {
$loginError = FALSE;
}
if ($_GET['action'] == "logout") {
session_destroy();
$loggedIn = FALSE;
}
if (isset($uname)) {
//Connect To Database
$hostname = "...";
$username = "...";
$password = "...";
$dbname = "...";

mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect! Please try again.");
mysql_select_db($dbname);

$query = "SELECT * FROM Users";
$result = mysql_query($query);
if($result) {
while($row = mysql_fetch_array($result)){
$name = $row["Username"];
$pass = $row["Password"];
$status = $row["Status"];
if ($uname == $name && $pwd == $pass) {
$HTTP_SESSION_VARS["LoggedInUser"] = $uname;
$loggedIn = TRUE;
$loginError = FALSE;
if ($status == "Admin") {
$role = "Admin";
} else if ($status == "Member") {
$role = "Member";
} else {
$role = "Unapproved";
}
} else {
$loginError = TRUE;
}
}
}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>charlieholder[dot]com . 21 and invincible</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta name="author" content="charlie holder" />
  <meta name="description" content=" " />
  <link rel="stylesheet" href="css/style.css" type="text/css" />
  <link rel="icon" href="favicon.ico" type="image/x-icon" />
  <link rel="SHORTCUT ICON" href="favicon.ico" type="image/x-icon" />
</head>
<body id="centerHack">
<div class="main">
<div class="header"><div class="header_content"></div></div>
<div class="middle">
<div class="middle_content">
<?php
// If you are not logged in, show the login link.
if (!$loggedIn) { ?>
<p><a href="index.php?action=login">Login</a></p>
<?php }
echo $loginError; // Test to see what $loginError is set to
// If while logging in there was an error, show the error message
if ($loginError) { ?>
<p class="errorMsg">Login failed. Please try again.</p>
<?php }
// If no one is logged in and, the action is login or there was a login error, show the login form
if (!isset($HTTP_SESSION_VARS['LoggedInUser']) && ($action == "login" || $loginError)) {
include "loginForm.html";
}
// If you are not logged in, show the register link.
if (!$loggedIn) { ?>
<p><a href="index.php?action=register">Register</a></p>
<?php }
// If you are not logged in and the action is register show the register form
if (!isset($HTTP_SESSION_VARS['LoggedInUser']) && $action == "register") {
include "registerForm.html";
}
// If you are logged in, show the logout link, welcome message, and role
if (isset($HTTP_SESSION_VARS['LoggedInUser']) && $loggedIn) { ?>
<a href="index.php?action=logout">Logout</a>
<p>Welcome <?php echo $uname; ?>, you are currently logged in.</p>
<p><u><?php echo $role; ?></u></p>
<?php } ?>
</div>
</div>
<div class="footer">
<div class="footer_content">
<a href="http://blog.charlieholder.com" title="weblog">Blog</a>
</div>
</div>
</div>
</body>
</html>[/code]
Link to comment
https://forums.phpfreaks.com/topic/25401-solved-i-cannot-find-the-err-of-my-ways/
Share on other sites

hola and welcome to the forums.  it would be easier for us to help you if you actually told us what the problem was? I mean, I see some things you should probably change, logic and security-wise, but does it work and you are looking on how to improve it, or do you have a specific problem with it?
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.