Jump to content

session help


Ezchan

Recommended Posts

I am fairly new at programming and I am running into a problem. What I am trying to do is have my login.php create and declare the session variables, then my dashboard.html file should only show the current html if $_SESSION['isloggedin'] is set. I tested to make sure login.php was declaring the session variable and it is. Im not sure what I am doing wrong, any help is greatly appreciated. I left out a lot of the dashboard html in the middle because it is quite extensive. Thanks!

 

 

Login.php

?php
session_start();
include 'dbconnect.php';

$username = $_POST['username'];
$password = $_POST['password'];

function login($email, $password) {
	
	$login = mysql_query("SELECT * FROM (Teachers) where email = '$email' and password = '$password'");
	if (mysql_fetch_row($login)>0){
		if(!$login){
			die('Could not securely login to your account. Error e09993');
			}
		else{
			

			
			$_SESSION['name']= mysql_fetch_row($login)[2];
			$_SESSION['email']= mysql_fetch_row($login)[1];
			$_SESSION['lastName']= mysql_fetch_row($login)[3];
			$_SESSION['birthdate']=mysql_fetch_row($login)[4];
			$_SESSION['teacherCode']=mysql_fetch_row($login)[6];
			$_SESSION['active']= mysql_fetch_row($login)[8];
			$_SESSION['isloggedin']= true;
			


		}

	}
	else{
		echo "Invalid Username/ Password";
		exit();

	}



}


login($username, $password);
//header('Location: ..\dashboard.html');

?>

Top Dashboard.html

<?php 
include 'dbconnect.php';
session_start();
if(isset($_SESSION['isloggedin']))
{ ?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="Dashboard">
    <meta name="keyword" content="Dashboard, Bootstrap, Admin, Template, Theme, Responsive, Fluid, Retina">

    <title>DASHGUM - FREE Bootstrap Admin Template</title>

    <!-- Bootstrap core CSS -->
    <link href="assets/css/bootstrap.css" rel="stylesheet">
    <!--external css-->
    <link href="assets/font-awesome/css/font-awesome.css" rel="stylesheet" />
    <link rel="stylesheet" type="text/css" href="assets/css/zabuto_calendar.css">
    <link rel="stylesheet" type="text/css" href="assets/js/gritter/css/jquery.gritter.css" />
    <link rel="stylesheet" type="text/css" href="assets/lineicons/style.css">    
    
    <!-- Custom styles for this template -->
    <link href="assets/css/style.css" rel="stylesheet">
    <link href="assets/css/style-responsive.css" rel="stylesheet">

    <script src="assets/js/chart-master/Chart.js"></script>
    
    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>

  <body>

  <section id="container" >
      <!-- **********************************************************************************************************************************************************
      TOP BAR CONTENT & NOTIFICATIONS
      *********************************************************************************************************************************************************** -->
      <!--header start-->
      <header class="header black-bg">
              <div class="sidebar-toggle-box">
                  <div class="fa fa-bars tooltips" data-placement="right" data-original-title="Toggle Navigation"></div>
              </div>

Bottom Dashboard.html

</html>
<?php } ?>

dashboard.html

login.php

Link to comment
Share on other sites

Just in case you're not aware, the login query is susceptible to SQL injection attacks. You'll want to escape the values of $email and $password with mysql_real_escape_string(). More information can be found here:

http://php.net/manual/en/function.mysql-real-escape-string.php

 

Note the warning at the top about mysql_* function being deprecated.

 

 

Also, it looks like you are storing passwords as plain text. You'll want to look at hashing those passwords at some point. More information can be found here:

http://php.net/manual/en/faq.passwords.php

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.