cheesybiscuits Posted January 31, 2012 Share Posted January 31, 2012 Hi, I made a login/register system and it was working fine, but now I seem to have broken it and I'm scratching my head as to why. I think it's something to do with the $_SESSION array, the error happens from going from the login.php page to members.php, I log in successfully, but when I get to the members page it says "you must be logged in". index.php has the form to login or a link to register.php to make an account <?php session_start(); ?> <html> <head> <title>Lincs Crusade | Login page.</title> </head> <body> <form action="login.php" method="POST"> Username: <input type="text" name="username"><br /> Password: <input type="password" name="password"><br /> <input type="submit" value="Login"> </form> <a href="register.php">Click here to register!</a> </body> </html> The register.php page <?php session_start(); echo "<h2>Register</h2>"; $submit = $_POST['submit']; $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); $repeatpassword = strip_tags($_POST['repeatpassword']); $email = $_POST['email']; $date = date("Y-m-d"); if ($submit) { if ($username&&$password&&$repeatpassword&&$email) { if ($password==$repeatpassword) { if (strlen($username)>65) { echo "Length of username is too long!"; } elseif (strlen($email)>100) { echo "Length of email is too long!"; } elseif (strlen($password)>65||strlen($password)< { echo "Password must be between 8 and 65 characters long!"; } else { include('functions.php'); echo "All fields were accepted! "; $password = md5($password); $repeatpassword = ($repeatpassword); $email = md5($email); connect(); mysql_query(" INSERT INTO users VALUES ('','$username','$password','$email','$date') ") or die("Could not insert values into <em>users</em> table!"); mysql_query(" INSERT INTO stats VALUES ('$username',10,10,0,1) ") or die("Could not insert values into <em>stats</em> table!"); $_SESSION['username'] == $username; die("You have been registered! Please return to <a href=\"index.php\">homepage</a> and login."); } } else { echo "Your passwords do not match!"; } } else { echo "Please fill in <em>all</em> fields!"; } } ?> <html> <head> <title>Lincs Crusade | Register an Account.</title> </head> <body> <form action="register.php" method="POST"> <p>Your username:</p> <p>Note: Do not use your real name.</p> <input type="text" name="username" value="<?php echo $username ?>"/>= <p>Choose a password:</p> <input type="password" name="password" /> <p>Please repeat password:</p> <input type="password" name="repeatpassword" /> <p>Your student email:</p> <p>Note: This is only used for recovering a lost or forgotten password.</p> <input type="text" name="email" /><br /> <input type="submit" value="Register" name="submit" /> <p> Note: Your password and email are md5 encrypted. This means neither I (the author) or anyone else will be able to view your information<br /> in plain text. For example, your password or email will look something like this "534b44a19bf18d20b71ecc4eb77c572f" once it has been encrypted. </p> </form> </body> </html> The login.php page that process the form data to access members.php page <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { include('functions.php'); connect(); $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrow = mysql_num_rows($query); if ($numrow!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&md5($password)==$dbpassword) { echo "You're in! - <a href=\"members.php\">Proceed to the members page</a>"; $_SESSION['username'] == $username; } else { echo "Incorrect password!"; } } else { die ("That user doesn't exist,<a href=\"register.php\">please register an account</a>"); } } else { die("Please enter a username and password!"); } ?> The members.php page <?php session_start(); ?> <html> <head> <title>Lincs Crusade | Members page.</title> </head> <body> <?php if ($_SESSION['username']) { echo "Welcome," .$_SESSION['username']. "!<br />"; echo "<a href=\"stats.php\">View your stats.</a>"; } else { die ("You must be logged in."); } ?> </body> </html> and this is what is in the functions.php file <?php function connect() { mysql_connect("localhost","root","password") or die ("Unable to connect"); mysql_select_db("database") or die ("Unable to find database"); } ?> Thanks for your help. Link to comment https://forums.phpfreaks.com/topic/256142-login-system-not-working/ Share on other sites More sharing options...
scootstah Posted January 31, 2012 Share Posted January 31, 2012 In your login script you are trying to assign $_SESSION['username'] using ==, which is a comparison operator. So change $_SESSION['username'] == $username; To $_SESSION['username'] = $username; Link to comment https://forums.phpfreaks.com/topic/256142-login-system-not-working/#findComment-1313088 Share on other sites More sharing options...
cheesybiscuits Posted January 31, 2012 Author Share Posted January 31, 2012 Well isn't my face red thanks scootstah saved me a lot of frustration Link to comment https://forums.phpfreaks.com/topic/256142-login-system-not-working/#findComment-1313111 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.