lewashby Posted January 6, 2016 Share Posted January 6, 2016 In the following pages I'm trying to validate if a user is signed in or not. If the user is signed in I would like to see 'Log Out' printed to the screen(I'll do more with that later). If the user is not signed in I would like to see a login form at the top right of the screen. As it stands I'm only seeing 'Log Out' on the screen, I can't get the form to show up anymore. I thought it might be because the session variable was still hanging around but I restarted my computer to make absolutely sure but I'm still just getting 'Log Out'. At the moment I need this program to work as is as much as possible. If you see an entirely different approach that you would use that's fine but I don't currently have the time to go changing a lot, I need to get this going kinda quick. Thanks. records-board.php <?php require_once('includes/init.php'); if(!isset($_SESSION)) { init_session(); } ?> <html> <head> <Title>Pop Report</title> <link rel="stylesheet" type="text/css" href="styles/popreport2.css"> <h1>Pop Report</h1> </head> <body> <?php if(isset($_POST['nameinput']) && isset($_POST['passinput'])) { $nameinput = $_POST['nameinput']; $passinput = $_POST['passinput']; User::sign_in($nameinput, $passinput); } if(!isset($_SESSION['user'])) { print_form(); } else { echo "Log Out "; echo $_SESSION['user']->name; // this line was just trouble shooting, it told me nothing! } ?> user.php <?php if(!isset($_SESSION)) { init_session(); } class User { public $name; public function __construct($username, $password) { $connection = get_db_connection(); $query = $connection->query("SELECT * FROM users WHERE username='$username' AND password='$password'"); if(!$query) { echo "Invalid username or password"; } else { $result = $query->fetch(PDO::FETCH_ASSOC); if(!$result['username'] == $username || !$result['password'] == $password) { echo "Invalid username or password"; } else { $this->name = $result['username']; } } } public static function sign_in($username, $password) { $_SESSION['user'] = new User($username, $password); } } ?> <?php function print_form() { echo "<form id='loginform' name='loginform' action='records-board.php' method='post'>"; echo "Username: <input type='text' name='nameinput'>"; echo "Password: <input type='text' name='passinput'><br />"; echo "<input type='submit' value='Sign In'>"; echo "</form>"; } ?> Quote Link to comment Share on other sites More sharing options...
requinix Posted January 6, 2016 Share Posted January 6, 2016 What's the code for init_session()? Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 7, 2016 Share Posted January 7, 2016 Is user.php being imported into the script? Perhaps that's being done in init.php. Is PHP set to display all errors and warnings? Note that you can add the following to the top of your script during the debugging process: <?php error_reporting(E_ALL); ini_set('display_errors', 1); ?> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 7, 2016 Share Posted January 7, 2016 your code contains two logic problems. 1) if(!$query) - this condition means that the query failed with an error of some kind (sql syntax error, wrong table or column name.) it does not mean that the username/password was invalid. your code should actually be using exceptions to handle database errors so that the main program logic only has to deal with the non-error conditions. 2) your code creates an instance of the user class in $_SESSION['user'] any time the User::sign_in() method gets called, regardless of the username/password matching anything. any request to the page after that will result in $_SESSION['user'] being set. your user class needs a property or method you can use in your code to determine the logged in state. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.