Login using sessions

[kellz]

hey all i'm kellllz (kelsey if you prefer^^) Im trying to make a login form using sessions to make sure the person IS actually logged in on the next page so here is the login page code, I must warn you I'm not a very good programmer lol!

 

<?php
session_start();
if (!empty($_SESSION['login'])) {
   session_destroy();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>


<body>

<form id="form1" name="form1" method="post" action="test.php">
  <label>name:<br />
  <input type="text" name="name" />
  </label>
  <br />
  <label>password:<br />
  <input type="password" name="password" />
  </label>
  <br />
  <br />
  <label>
  <input type="submit" name="Submit" value="Submit" />
  </label>
  <br />
</form>
<br />

<?php
//---------simple XOR encryption
function e($m){
$d='';for ($i=0;$i<strlen($m);$i++){
$d.=chr(ord($m[$i])^3);$i++;$i=$i-1;
}return $d;}
//------------------------------
if (isset($_POST['name'])) {
$name = $_POST['name'];$pass = $_POST['password'];
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("login") or die(mysql_error());
$result = mysql_query("SELECT * FROM adminlogin") //fetch from database
or die(mysql_error());  $row = mysql_fetch_array( $result );
if ($name == $row['name'] && $pass == e($row['pass'])) {
$_SESSION['login'] = 1;
echo '<script language="javascript" type="text/javascript">window.location="admin.php?' . htmlspecialchars(SID) . '";</script>';
}
}

?>

</body>
</html>

 

ok so yea erm.. it doesn't seem to be appending the session ID to the url of the next page so that i could do:

<?php
if (isset($_SESSION['admin'])) { echo 'your in!'; }
?>

 

I just want to make a login form so when i login it knows me on the next page in the control (admin) area so someone cant type the direct url to that admin page and enter it.

 

remember I'm new so be gentle! 

 

thx for any help.

[jd2007]

u r using a bad way of doing this, ur mysql query is bad

 

u have to modify it so, it matches only the name and password given, so do this:

 

change the sql query in :

 

SELECT * FROM adminlogin

 

to

 

SELECT * FROM adminlogin where (name column)='$name' and (password column)='$pass'";

 

then, replace this:

 

 $row = mysql_fetch_array( $result );
if ($name == $row['name'] && $pass == e($row['pass'])) {
$_SESSION['login'] = 1;
echo '<script language="javascript" type="text/javascript">window.location="admin.php?' . htmlspecialchars(SID) . '";</script>';
}

 

with this:

 

<?php

if (mysql_num_rows($result)==1)
{
$_SESSION['login'] = 1;
echo '<script language="javascript" type="text/javascript">window.location="admin.php?' .    htmlspecialchars(SID) . '";</script>';
}

?>

 

the way i showed tests if one match is found in the database, if it is, the user is logged. this is a faster way. Remember your code musn't be too long...always find a simpler way to do big things, so that its faster  !

 

also, note, every page should start with session_start() !

 

 

[kellz]

yey it works! thx.

 

btw probably a stupid question but i cant find much info on it with google.

what exactly are TPL Files? it's kinda HTML'ish inside and i know they are template files or something but whats the use in them? I can't edit them like i could with a html file in dreamweaver, nothing shows in the design view. It gets annoying that i cant do much with them, not sure how to use them or why to use them and google doesn't seem to give many answers on them..

 

thx.

[jd2007]

i dunno, sorry...try searching at www.search.com...  its better than google