[SOLVED] PHP login/register help

[cfgcjm]

i'm a newb when it comes to php so i need some help with a php login script...I was given the following code as a login

 

<?php
/* Login Script */
require ('mysql.php');
session_start();

if (isset ($_POST['submit'])) { // Check to see if the form has been submitted
$username = $_POST['username'];
$password = md5 ($_POST['password']); // we MD5 encrypted the password at registration, 
									  // so we must do this on the login as well

// See if the user exists
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
if ($r = mysql_query ($sql)) {
	$row = mysql_fetch_array ($r);
	$num = mysql_num_rows ($r);

	if ($num > 0) { // if there is a row with that username/password, the user exists
		// Now we can assign some SESSIONS, so we can verify on later pages that the user is "logged in"
		$_SESSION['users_id'] = $row['users_id'];
		$_SESSION['username'] = $row['username'];
		$_SESSION['loggedin'] = TRUE; // This is where we will check to see if the user is logged in
					print 'Thank you for logging in!';
	} else {
		// User does not exist
		print 'Invalid Username/Password!';
	}
} else {
	// The query failed
	print 'Error:' . mysql_error(); // print the MySQL error
}
} else { // The form was not submitted
// Display the form
print '<form action="login.php" method="post">
	<table border="0">
	  <tr>
	    <td align="right">Username:</td>
		<td align="center"><input type="text" name="username" /></td>
	  </tr>
	  <tr>
	    <td align="right">Password:</td>
		<td align="center"><input type="password" name="password" /></td>
	  </tr>
	  <tr>
	    <td></td>
		<td><input type="submit" name="submit" value="Submit" /></td>
	  </tr>
	</table>
</form>';
}
?>

 

and this a a check login script

 

<?php
/* Is User Logged In? */
session_start();
// this is just your every day page where you would want someone logged in to view the info
if ($_SESSION['loggedin'] == TRUE) { // user is logged in
print 'If you can read this, you are logged in!';
} elseif ($_SESSON['loggedin'] == FALSE) { // user is not logged in
print 'You must be logged in to read this!';
}
?>

 

it all works but i dont know how to protect a page and or have to direct to a protected page

[BlueSkyIS]

to direct someone to another page, use the header() function:

 

header("location:someotherpage.php");

exit; // always follow with an exit.

[cfgcjm]

but i want it to direct to a page that is locked out if your not logged in? dont i need to have the check in script there?

[corillo181]

header('Location: address.php');
// L is always capitalize

 

and try to use some other method that does not involve exit;

exit could ruin your code if there is little mistake.

[corillo181]

if you want to do that you have to add to a page a session check

if($_SESSION['user_id']){
  echo 'welcome to page';
}else{
  echo 'you not signed in';
}

[BlueSkyIS]

header('Location: address.php');
// L is always capitalize

and try to use some other method that does not involve exit;

exit could ruin your code if there is little mistake.

 

It is not necessary to capitalize L. If there is a little mistake, best to exit and fix the mistake than to continue processing.

[cfgcjm]

ok i have no clue what anyone is talking about here...what i need is to go to a page...if the user is logged in load the page...if he is not redirect to another page.

 

if($_SESSION['user_id']){
  echo 'welcome to page';
}else{
  echo 'not signed in';
}

 

that code does not work...it says not signed even when i am

[corillo181]

are you using session_start in every page?

 

because i see you got a require before session_start. session_start should always be the first thing on ever ypage.

[cfgcjm]

what is session_start?

[BlueSkyIS]

<?php
/* Is User Logged In? */
session_start();
// this is just your every day page where you would want someone logged in to view the info
if ($_SESSION['loggedin'] == TRUE) { // user is logged in
print 'If you can read this, you are logged in!';
} elseif ($_SESSON['loggedin'] == FALSE) { // user is not logged in
header("location:notloggedinpage.php"); // Use is not logged in. Send to notloggedinpage.php
      exit;
}
?>

[cfgcjm]

yes i see it's there but i dont know what it means or what it does...someone gave me this code and told me to cut and paste it...i dont know what any of it does or how to use it

[BlueSkyIS]

Use the code I just posted at the top of your protected pages. It says "If the user is logged in, print the 'If you can see this' message. If the user is not logged in, send them to notloggedinpage.php";

[corillo181]

oh thats the problem you can't make it work if you don't understand it.

make 2 testing page and go little by little until you make a code you can understand

 

start with a form

 

if you need help walking you threw the process keep coming here until you got a code you can understand.

[cfgcjm]

I got it now...thanks for your help bluesky

[The Little Guy]

Take the following, and place it before EVERYTHING on the users page.

So... if you redirect them to user.php, place this at the top of that page.

 

<?php
session_start();
if(!$_SESSION['loggedin']){ // If ture, skip this
     header("Location: /login.php"); // Redirect to the login page if above line is false
     exit;
}
?>