PHP Login Script Issues

[Catana]

Hi,

 

Currently having an issue with php login script. The login script works fine and logs in the correct user, but the problem is, is that any link I click regardless whether it is the log out button, it seems to end the session and logs me back out again. Total newbie to php, can I have some help please? Also, is there a way to display the users' name from the user table inside the echo  "you logged in as", I can only seem to get the ID? Thank you for your help.

 

 Login form (in page header):

 

 

<div class="loginform">


<?php
  


if ($_SESSION['id'] > 0){ 


   echo "You are logged in as"; 


?> 
        
        <?php
print $GLOBALS['user']->name; 
?>
                 
          <a href="logout.php">Logout</a>
            
        <?php


}else{ 


  echo "<p>Login:</p>\n"; 


?>
                
            <form name="loginform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<b>Username:</b> <input type="text" name="liusername"> 
   <b>Password:</b> <input type="password" name="lipassword">
             <input type="submit" name="lisubmit" value="Login">
  </form> 


</div>

 

 

 

PHP authenticate (in page top)

 

 

 

<?php


if (isset($_POST['lisubmit']));


$query = "SELECT user_id, user_password FROM user WHERE user_username = '".$_POST['liusername']."'"; 


$result = mysql_query($query) or die (mysql_error());


$row = mysql_fetch_array($result);




if ($row['user_password'] == $_POST['lipassword']){


$_SESSION['loggedin'] = true;
$_SESSION['id'] = $row['user_id'];




}else{


$_SESSION['loggedin'] = false;
$_SESSION['id'] = 0;


}


?>

Edited April 7, 2014 by Catana

[Ch0cu3r]

 

 

I can only seem to get the ID?

That is because you are only setting the id in the session.

$_SESSION['loggedin'] = true;
$_SESSION['id'] = $row['user_id'];

To set the username in the session too, add the following after those lines

$_SESSION['username'] = $_POST['liusername']

Now you can display the users username by echoing $_SESSION['username'] variable

 

 

You will however want to sanitise and validate the $_POST data before using it in the query. Passwords should be hashed, not stored as plain text.

        <?php
print $GLOBALS['user']->name; 
?>

globals of any sort should never be used. Wherever you have learnt that you should forget about it. What is the $user class?

 

 

 

it seems to end the session and logs me back out again.

Make sure you have started ( session_start() )  the session on any page that uses $_SESSIONS. Either that or you most likely a logic issue. It is hard to tell with the code you posted.

Edited April 7, 2014 by Ch0cu3r

[Catana]

Thanks for that, the username works like a treat.

Oh the globals I found from another site as I was testing to make the username display, I've deleted that, thanks for the advice.

 

As for the login, it doesn't work for some reason.

I have put a session start within my index page and have separated the majority of the site into separate include files, I have also tried putting a session start within the file that has the login script, but that doesn't work either?

 

Thanks for your help.

[Ch0cu3r]

So login form is no longer working?

[Catana]

Sorry for the confusion, the login form works and logs users from the database into the website, but still refuses to stay logged in once I click any other link on the site.

 

I have created a session destroy for the logout link which I believe works, but it appears every other link is not carrying over the session to other pages of the site; it's really strange. 

[Ch0cu3r]

You'll need to post more code, such as how are you checking to see if the user is logged in or not.

 

It could be you have logic issue and the logout code is being ran somehow, or you're starting the session after output has been sent to the browser, which you cannot do.

 

So you might want to post examples of how you are starting the session. 

[Catana]

Thank you for your help, I managed to find the issue, it was a semicolon that I found shouldn't of been there. 

Thanks!