lordbob Posted January 17, 2007 Share Posted January 17, 2007 ok i have been trying to make a database driven website where people login and use the site, but i want to make sure only people who are logged in can view the various pages.so i looked this up and found the best way was to use sessions....so when the person was logged in i set a session variable (am i right so far?)here is the code for login.php:[code]<?//set the variables as required$dbhost = "fdb1.awardspace.com";$dbuser = "rocketeermus_db1";$dbpass = "zuluhead2";$dbname = "rocketeermus_db1";//do not edit this, it connects the script$members = mysql_connect($dbhost,$dbuser,$dbpass);//line10if(!$members) //error checking :D { echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>"; }mysql_select_db($dbname) or die(mysql_error());$username = $_POST["Username"]; //get the username from the form, as $username$password = md5($_POST["Password"]); //line20 get the password from the form in md5$recieve = sprintf("SELECT * FROM Members WHERE Username='%s' AND Password='%s'", mysql_real_escape_string($Username), mysql_real_escape_string($Password)); //this is the "query", which selects the row where memebername=the one entered, and the same for the password$query = mysql_query($recieve); //do the querysession_start();if($rows = mysql_num_rows($query)) //line30 if the query resulted with a row, start the sessions and go to the index{ $_SESSION['login'] == $Username; header("location: main.html");}else //if not, end incorrect sessions, and go to the index{ session_destroy(); header("location: error.html"); //go to error page}?>[/code]ok so once the session was set i put a little bit of php at the top of every other page which would basically check if the session was set and then act accordinglyhere is the code for that:[code]<?if(!(isset($_SESSION['login']))){header("location: index.html");session_destroy();}?>//blah blah HTML code here[/code]for some reason it always send me back to the login page (index.html) and wont let me go on to the rest of the html, does anyone know what i have done wrong???please help! Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 bump :o Link to comment Share on other sites More sharing options...
trochia Posted January 17, 2007 Share Posted January 17, 2007 First of all, if this is your "real" password info.. I'd edit it out of here :-) Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 ok well i cant find the edit button, but ill change it in a second!but what next? Link to comment Share on other sites More sharing options...
dgiberson Posted January 17, 2007 Share Posted January 17, 2007 on whatever page just use:if (isset($_SESSION['login']) { // displaying information to logged in user} else { echo "You must be logged in to view this page.";} Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 where you say //displaying information to logged in user, should i put my HTML there? Link to comment Share on other sites More sharing options...
dgiberson Posted January 17, 2007 Share Posted January 17, 2007 yeah whatever you want the logged in user to see Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 that doesnt work :-[its still doing whatever is in the else block >:( Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 and it wont let me put html in php tags Link to comment Share on other sites More sharing options...
elis Posted January 17, 2007 Share Posted January 17, 2007 Could you post your full code again in one block, I might be able to find your problem that way.And for html, are you using the echo function or a variable to output the html? Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 ok here goes:[code]<?//set the variables as required$dbhost = "***********";$dbuser = "*************";$dbpass = "***********";$dbname = "*************";//do not edit this, it connects the script$members = mysql_connect($dbhost,$dbuser,$dbpass);//line10if(!$members) //error checking :D { echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>"; }mysql_select_db($dbname) or die(mysql_error());$username = $_POST["Username"]; //get the username from the form, as $username$password = md5($_POST["Password"]); //line20 get the password from the form in md5$recieve = sprintf("SELECT * FROM Members WHERE Username='%s' AND Password='%s'", mysql_real_escape_string($Username), mysql_real_escape_string($Password)); //this is the "query", which selects the row where memebername=the one entered, and the same for the password$query = mysql_query($recieve); //do the querysession_start();if($rows = mysql_num_rows($query)) //line30 if the query resulted with a row, start the sessions and go to the index{ $_SESSION['login'] == $Username; header("location: main.php");}else //if not, end incorrect sessions, and go to the index{ session_destroy(); header("location: error.html"); //return to login}?>[/code]main.php: (i renamed it php instead of .html in an attempt at making it work but no success :()[code]<?if(isset($_SESSION['login'])){//raw html code (is this wrong?)}else {header("location: index.html"); echo "You must be logged in to view this page.";}?>[/code]as for the html code, its just raw html, im assuming this is one of the problems, how do you set a whole page of html to a php variable? Link to comment Share on other sites More sharing options...
printf Posted January 17, 2007 Share Posted January 17, 2007 [code]session_start();[/code]Must be included at the top of each script in your protected service. Then don't start a session until you validate the user exists in the database.printf Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 didnt i do that printf thinf in the login.php?and also how do you store a page of html in a php variable Link to comment Share on other sites More sharing options...
dgiberson Posted January 17, 2007 Share Posted January 17, 2007 change the line $_SESSION['login'] == $Username;to $_SESSION['login'] = $Username; Link to comment Share on other sites More sharing options...
lordbob Posted January 17, 2007 Author Share Posted January 17, 2007 :o :o :o :o :o :o :oIT WORKSTHE MACHINE WORKSthankyou thankyou etc...this is my first php/mysql database and iv finally done that bit woo!thankyou all and i shall continue my journey into the strange and confusingish world of PHP!! Link to comment Share on other sites More sharing options...
Recommended Posts