Jump to content

Recommended Posts

Hi everyone,

 

I'm just trying to made a login/registration system for my website. The login and registration portion is very simple and works fine. Now, I am trying to add session_start() to each page so that the user, once logged in, has special features appear (or else something else if not logged in).

 

At the top of a typical page I have the following:

<?php

session_start();

function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        return true;
    return false;
}

if(isLoggedIn() == true)
{
	$username = $_POST['username'];
}
else
{
	$username = 'NOT LOGGED IN';
}

echo $username

?>

my echo statement appears as NOT LOGGED IN, even though I know I am logged in. I believe it has something to with the function portion but I'm not sure what. I'm pretty newbie so any help is appreciated.

Link to comment
https://forums.phpfreaks.com/topic/280479-if-userloggedin-x-else-y/
Share on other sites

I am very new to PHP myself and have noticed how fiddly it can be. At the moment, get things working by keeping things simple. For example, in the first page, index.php, do:

 

<?php
if (!isset($_SESSION['Login']))
Log_Visitor();
$_SESSION['Login']="No";
$_SESSION['MemberID']=0;
$_SESSION['Name']="";
$_SESSION['AccessLevel']=0;
}
?>
 
When a person logs in, the parameters above are set appropriately. Don't know if this helps.

1) do you have php's error_reporting set to E_ALL and display_errors set to ON so that php would report and display any errors it detects, such as a session_start() related error?

 

2) what exactly is in $_SESSION['valid'] when that code runs, i.e. what does var_dump($_SESSION['valid']); show on that page after the session_start() statement?

then somewhere between where you set $_SESSION['valid'] to a value when you logged in and the code you posted in this thread, it either got unset or something about the URL changed so that the browser is not sending the session id and the session_start() didn't resume the same session you had when you set $_SESSION['valid'] to a value when you logged in.

 

are you sure the session_start() on your login page worked (no php errors) and that your code set $_SESSION['valid'] to a value (by checking using var_dump())? could you have code that is un-setting $_SESSION['valid'] on your login page, such as having a header() redirect that doesn't have an exit; statement after it and when the following code runs, it is un-setting $_SESSION['valid']?

 

is the hostname (www. vs no www.) on your URL the same for the login page and the page with the code you posted in this thread? by default, the session id cookie only matches the exact same hostname variation of the URL where it was set.

my login page is located on index.php because I want users to login immediately. if they have already logged in from a previous session or once they login this time, i want it to say welcome "billy". if not I want my login form to appear. im just trying to get the right statement for 'is this user logged in or not'

here is working script if you need one 

<?php

session_start();
require 'core/_mysql.php';
require 'core/_func.php';

include 'includes/overall/header.php'; 

if (!logged()) {

	if ($_POST) {
		
		if (isset($_POST['username']) && isset($_POST['password'])) {
			
			$user = safe_query(safe_input($_POST['username']));
			$pass = safe_query(safe_input($_POST['password']));
			
			if (!empty($user) && !empty($pass)) {
				
				$q = mysqli_query($db, "SELECT `username`, `password` FROM `users` WHERE `username` = '".$user."'");
				
				if (mysqli_num_rows($q) == 1) {
					
					$r = mysqli_fetch_assoc($q);
					
					if ($user == $r['username'] && $pass == $r['password']) {
						
						$_SESSION['username'] = $r['username'];
						header('Location: index.php');
						exit();
						
					} else {
						echo 'Invalid username / password combination.';
					}
					
				} else {
					echo 'Invalid username.';
				}
				
			} else {
				echo 'Please enter username and password.';
			}
			
		}
		
	}

?>

<form action="login.php" method="POST">
	Username : <input type="text" name="username" placeholder="Username" maxlenght="30" /><br />
	Password : <input type="password" name="password" placeholder="Password" maxlenght="30" /><br />
	<input type="submit" value="Login" /><br />
	<a href="register.php">Sign up</a><br />
	<a href="lost_password.php">Lost password</a>
</form>

<?php

} else {
	header('Location: index.php');
	exit();
}

include 'includes/overall/footer.php';

?>

 

here is working script if you need one 

<?php

session_start();
require 'core/_mysql.php';
require 'core/_func.php';

include 'includes/overall/header.php'; 

if (!logged()) {

	if ($_POST) {
		
		if (isset($_POST['username']) && isset($_POST['password'])) {
			
			$user = safe_query(safe_input($_POST['username']));
			$pass = safe_query(safe_input($_POST['password']));
			
			if (!empty($user) && !empty($pass)) {
				
				$q = mysqli_query($db, "SELECT `username`, `password` FROM `users` WHERE `username` = '".$user."'");
				
				if (mysqli_num_rows($q) == 1) {
					
					$r = mysqli_fetch_assoc($q);
					
					if ($user == $r['username'] && $pass == $r['password']) {
						
						$_SESSION['username'] = $r['username'];
						header('Location: index.php');
						exit();
						
					} else {
						echo 'Invalid username / password combination.';
					}
					
				} else {
					echo 'Invalid username.';
				}
				
			} else {
				echo 'Please enter username and password.';
			}
			
		}
		
	}

?>

<form action="login.php" method="POST">
	Username : <input type="text" name="username" placeholder="Username" maxlenght="30" /><br />
	Password : <input type="password" name="password" placeholder="Password" maxlenght="30" /><br />
	<input type="submit" value="Login" /><br />
	<a href="register.php">Sign up</a><br />
	<a href="lost_password.php">Lost password</a>
</form>

<?php

} else {
	header('Location: index.php');
	exit();
}

include 'includes/overall/footer.php';

?>

Not "working" if you don't have all the required/included files.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.