plonyahu Posted May 10, 2015 Share Posted May 10, 2015 Hi, I've been going out of my mid for almost a week now trying to figure out how to make this work... I want multiple users to have their own individual usernames and passwords and be able to log in and view certain pages that non-registered guests can't see. I've set up my databases and usernames and passwords. I've actually gotten my login code to work now and then, but in trying to get sessions to work and not allow just anyone to manually type in the addresses of certain pages I've managed to mess that up and it doesn't work now either. I've been to MANY different sites and used examples but just can't get the login to work properly nor figure out how to get the sessions to check for a logged in user. My code so far...I've taken out my real password login,php <?php $connection = mysql_connect('localhost', 'root', 'mypassword'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_register("username"); session_register("password"); $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.html"); } ?> And this is what I put at the top of each secured page... membersarea.php <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.html"); } ?> Thanks in advance! Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/ Share on other sites More sharing options...
Barand Posted May 10, 2015 Share Posted May 10, 2015 (edited) session_register("password"); // don't use session_register - deprecated $_SESSION["authorized"] = true; // do it this way instead And every page using sessions must call session_start() at the top of the page Edited May 10, 2015 by Barand Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511317 Share on other sites More sharing options...
plonyahu Posted May 10, 2015 Author Share Posted May 10, 2015 Thank you, the login works again now. For some reason I had to also change this if($count==0), However, even with session_start() at the top of the other pages I can still access the pages without logging in. What else can I do? login,php <?php $connection = mysql_connect('localhost', 'root', 'hp44kw5'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==0){ $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.html"); } ?> membersarea.php <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.html"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511339 Share on other sites More sharing options...
Barand Posted May 10, 2015 Share Posted May 10, 2015 I do not see session_start() at top of login.php Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511342 Share on other sites More sharing options...
plonyahu Posted May 11, 2015 Author Share Posted May 11, 2015 Sorry, I didn't paste that. Now the login is sending me back to login.html and I can still manually visit the membersarea.html login,php <?php session_start(); $connection = mysql_connect('localhost', 'root', 'hp44kw5'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==0){ $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.html"); } ?> membersarea.php <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.html"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511371 Share on other sites More sharing options...
Barand Posted May 11, 2015 Share Posted May 11, 2015 if($count==0){ $_SESSION["authorized"] = true; Are you sure? Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511375 Share on other sites More sharing options...
plonyahu Posted May 11, 2015 Author Share Posted May 11, 2015 Ok, I changed the files just a bit since my login page was html and I couldn't add start_session at the top of the login page...Now when I click on submit I get to the membersarea page even if the username and password isn't correct. Also, I can still manually reach the membersarea page. There is no end to my confusion lol. This is the code at the top of my login.php page that contains the login html code after it <?php session_start(); if ($_SESSION["authorized"] = true) { header("Location: membersarea.php"); } else { header("Location: login.php"); } ?> This is my login and connect code <?php session_start(); $connection = mysql_connect('localhost', 'root', 'hp44kw5'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.php"); } ?> And this is what is at the top of the membersarea.php page <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.php"); } ?> I appreciate your help. Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511390 Share on other sites More sharing options...
Barand Posted May 11, 2015 Share Posted May 11, 2015 if ($_SESSION["authorized"] = true) { "=" is an assignment operator "==" is an equality test Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511392 Share on other sites More sharing options...
maxxd Posted May 11, 2015 Share Posted May 11, 2015 You've also got some problems beyond the sessions stuff as well. First off, the mysql_* functions are deprecated and scheduled for removal in the very near future. Check out PDO or mysqli classes. Secondly, you've got some issues here: $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); You're querying the database twice, and the variable $sql is undefined. You should be getting errors - do you have error reporting and display turned on? In addition to that, selecting all records, then running mysql_num_rows() on the result is inefficient - try this instead: SELECT COUNT(*) AS num_rows FROM members WHERE password = '{$password}' AND username='{$username}'; You can then check $result['num_rows'] after you run the query. One last thing - I don't see where you're encrypting your passwords before storing them in the database. You're not just storing plaintext passwords, are you? Quote Link to comment https://forums.phpfreaks.com/topic/296177-please-help-with-login-and-sessions/#findComment-1511414 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.