Jump to content

Recommended Posts

Hi,

I am writing some code to check logins to a mySQL database(WANIP) of remotes sites against usernames in wanipusers database. I have the login.php checking to see if there is a valid session, if not they are prompted to login, if there is a valid session, they are passed to login_success.php. Below is my login.php and the checklogin.php that checks for a valid session and the usernames against the wanipusers database. The login_success.php just gives them a choice to either update the database or add a new site.

 

Currently, once they hit login.php, they are automatically sent to checklogin.php and the incorrect username message is displayed, once they click the return link to enter proper credentials, they are automatically sent to login_success.php, and that's not the way it's supposed to work.

 

Any help would be appreciated,

Thanks,

Leonard

 

****

login.php

<?php
session_start();
// Set timeout and kill session if necessary
$inactive = 600;
if (isset($_SESSION["timeout"])) {
// calculate sessions TTL
$sessionTTL = time() - $_SESSION["timeout"];
if ($sessionTTL > $inactive) {
	session_destroy();
	header("Location: logout.php");
}
}
echo "<title>WANIP Login</title>";
if ($_SESSION["authorized"] = true) {
header( 'Location: login_success.php' ) ;
} else {
$_SESSION["authorized"] = false;
echo "<table width=300 border=0 align=center cellpadding=0 cellspacing=1 bgcolor=#CCCCCC><tr><form method=post action=checklogin.php><td><table width=100% border=0 cellpadding=3 cellspacing=1 bgcolor=#FFFFFF>";
echo "<tr>";
echo "<td colspan=3><strong>Login </strong></td></tr>";
echo "<tr><td width=78>Username</td><td width=6>:</td><td width=294><input name=myusername type=text id=myusername></td></tr><tr><td>Password</td><td>:</td><td><input name=mypassword type=password id=mypassword></td></tr><tr><td> </td><td> </td><td><input type=submit value=Login></td></tr></table></td></form></tr></table>";
echo "</center>";
echo "<center><a href=index.html>Return</a>";
}
?>

****

checklogin.php

<?php

// Connect to server and select databse.
mysql_connect("localhost", "user", "password")or die("cannot connect");
mysql_select_db("wanipusers")or die("cannot select DB");

// Define $myusername and $mypassword
$username=$_POST['myusername'];
$password=$_POST['mypassword'];
echo "$username - $password";

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
$_SESSION["authorized"] = true;
} else {
echo "<center>Incorrect Username and/or Password</center>";
echo "<center><a href=login.php>Return</a> and enter proper credetials</center>";
}
?>

Edited by lwmiller
Link to comment
https://forums.phpfreaks.com/topic/269776-need-help-with-session-login/
Share on other sites

Please use [ code ] or [ php ] tags so we can actually see your code properly.

 

There's nothing I could see in login.php that would automatically do a redirect. Are you sure you're hitting that page? How are you being redirected? Do you have firebug or anything installed so you can confirm the header() calls are working?

 

You should call die(); after every header redirect.

Hi ManiacDan,

I realized I forgot the

 tags after I posted it, thanks for pointing that out.

Actually no, I just realized that I forgot to change the link in the index.html that takes me to the login.php. So now that problem is that once I click the link for login.php, it automatically takes me to login_success.php. So it thinks $_SESSION["autorized"] is true, even if is hasn't been set yet, which it would in login.php.

 

Thanks for your help,

Leonard

Edited by lwmiller

Thanks Dan,

That worked, now it takes me to the login page. But now when I try to return to the login page, it still prompts me to login, instead of passing me to the login_success.php. Would that be due to the fact that I have session_start(); in the login.php? Should it be someplace else?

 

Thanks

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.