Jump to content
plonyahu

Please help with login and sessions?

Recommended Posts

Hi, I've been going out of my mid for almost a week now trying to figure out how to make this work... I want multiple users to have their own individual usernames and passwords and be able to log in and view certain pages that non-registered guests can't see. I've set up my databases and usernames and passwords. I've actually gotten my login code to work now and then, but in trying to get sessions to work and not allow just anyone to manually type in the addresses of certain pages I've managed to mess that up and it doesn't work now either. I've been to MANY different sites and used examples but just can't get the login to work properly nor figure out how to get the sessions to check for a logged in user.

My code so far...I've taken out my real password

 

login,php

 

<?php
 $connection = mysql_connect('localhost', 'root', 'mypassword');
if (!$connection){
    die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("select * from members where password='$password' AND username='$username'", $connection);
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
 
session_register("username");
session_register("password");
$_SESSION["authorized"] = true;
header("location:membersarea.php");
} else
header ("Location: login.html");
}
?>
 
 
And this is what I put at the top of each secured page...
 
membersarea.php
 
<?php
session_start();
if ($_SESSION["authorized"] = true) {
}
else
{
   header("Location: login.html");
}
?>
 
Thanks in advance!

Share this post


Link to post
Share on other sites
session_register("password");            // don't use session_register - deprecated

$_SESSION["authorized"] = true;          // do it this way instead

And every page using sessions must call session_start() at the top of the page

Edited by Barand

Share this post


Link to post
Share on other sites

Thank you, the login works again now. For some reason I had to also change this if($count==0), However, even with session_start() at the top of the other pages I can still access the pages without logging in. What else can I do?

 
 
 

login,php

 
<?php
 $connection = mysql_connect('localhost', 'root', 'hp44kw5');
if (!$connection){
    die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("select * from members where password='$password' AND username='$username'", $connection);
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==0){
$_SESSION["authorized"] = true;
header("location:membersarea.php");
} else
header ("Location: login.html");
}
?>
 
 
membersarea.php
 
<?php
session_start();
if ($_SESSION["authorized"] = true) {
}
else
{
   header("Location: login.html");
}
?>

Share this post


Link to post
Share on other sites

Sorry, I didn't paste that. Now the login is sending me back to login.html and I can still manually visit the membersarea.html :(

 

login,php

 
<?php
session_start();
 $connection = mysql_connect('localhost', 'root', 'hp44kw5');
if (!$connection){
    die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("select * from members where password='$password' AND username='$username'", $connection);
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==0){
$_SESSION["authorized"] = true;
header("location:membersarea.php");
} else
header ("Location: login.html");
}
?>
 
 
membersarea.php
 
<?php
session_start();
if ($_SESSION["authorized"] = true) {
}
else
{
   header("Location: login.html");
}
?>

Share this post


Link to post
Share on other sites

 

if($count==0){
    $_SESSION["authorized"] = true;

 

Are you sure?

Share this post


Link to post
Share on other sites

Ok, I changed the files just a bit since my login page was html and I couldn't add start_session at the top of the login page...Now when I click on submit I get to the membersarea page even if the username and password isn't correct. Also, I can still manually reach the membersarea page. There is no end to my confusion lol.

 

This is the code at the top of my login.php page that contains the login html code after it

 

<?php
session_start();
if ($_SESSION["authorized"] = true) {
header("Location: membersarea.php");
}
else
{
   header("Location: login.php");
}
?>
 
This is my login and connect code
 
<?php
session_start();
 $connection = mysql_connect('localhost', 'root', 'hp44kw5');
if (!$connection){
    die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("select * from members where password='$password' AND username='$username'", $connection);
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION["authorized"] = true;
header("location:membersarea.php");
} else
header ("Location: login.php");
}
?>
 
And this is what is at the top of the membersarea.php page

 

<?php
session_start();
if ($_SESSION["authorized"] = true) {
}
else
{
   header("Location: login.php");
}
?>
 
I appreciate your help.

Share this post


Link to post
Share on other sites

 

if ($_SESSION["authorized"] = true) {

 

"=" is an assignment operator

"==" is an equality test

Share this post


Link to post
Share on other sites

You've also got some problems beyond the sessions stuff as well.

 

First off, the mysql_* functions are deprecated and scheduled for removal in the very near future. Check out PDO or mysqli classes.

 

Secondly, you've got some issues here:

$query = mysql_query("select * from members where password='$password' AND username='$username'", $connection);
$result=mysql_query($sql);

You're querying the database twice, and the variable $sql is undefined. You should be getting errors - do you have error reporting and display turned on? In addition to that, selecting all records, then running mysql_num_rows() on the result is inefficient - try this instead:

SELECT COUNT(*) AS num_rows FROM members WHERE password = '{$password}' AND username='{$username}';

You can then check $result['num_rows'] after you run the query.

 

One last thing - I don't see where you're encrypting your passwords before storing them in the database. You're not just storing plaintext passwords, are you?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.