Jump to content

[SOLVED] Member login, check login, login success

zimmer

By zimmer
in PHP Coding Help

 Share

Recommended Posts

zimmer Newbie

zimmer

Posted
Posted

I am new to to PHP and I found a template to help me get a member log in to a section of my web page. The member log in works no matter what is unput into the user or password , check log in seems to be working but I dont know for sure, the login success file posts login successful. I will post everything I have and tell me what is going wrong.

 

Main_login.php

 

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">

<tr>

<form name="form1" method="post" action="checklogin.php">

<td>

<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr>

<td colspan="3"><strong>Member Login </strong></td>

</tr>

<tr>

<td width="78">Username</td>

<td width="6">:</td>

<td width="294"><input name="myusername" type="text" id="myusername"></td>

</tr>

<tr>

<td>Password</td>

<td>:</td>

<td><input name="mypassword" type="text" id="mypassword"></td>

</tr>

<tr>

<td> </td>

<td> </td>

<td><input type="submit" name="Submit" value="Login"></td>

</tr>

</table>

</td>

</form>

</tr>

</table>

 

Checklogin.php

<?php

ob_start();

$hostname='host'; // Host name

$username="username"; // Mysql username

$password="password"; // Mysql password

$db_name="database"; // Database name

$tbl_name="table"; // Table name

 

 

// Connect to server and select databse.

mysql_connect("$hostname", "$username", "$password")or die("Couldn't connect to SQL Server on $hostname");

mysql_select_db("$db_name")or die("Couldn't select database on $db_name");

 

// Define $myusername and $mypassword

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

//$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

 

if($result=true){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword");

header("location:login_success.php");

}

else {

echo "Wrong Username or Password";

}

 

ob_end_flush();

?>

 

Login_success.php

 

<?

//Check if session is not registered , redirect back to main page.

//Put this code in first line of web page.

 

session_start();

if(!session_is_registered(myusername)){

header("location:index.php");

}

?>

 

<html>

<body>

Login Successful

</body>

</html>

 

 

 

Issues:

1. I need to ensure the user/pass is only allowed for users in the database.

2. I need the login successful page to redirect to a another page.

3. I need the page from 2 not viewable without logging in.

 

 

 

 

 

-Zimmer

Link to comment
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
Posted

This will fix the check for valid username and passwords I hope...

 

edit: If you want to redirect the user, this script must come before ANY HTML. Meaning, Line 1

 


<?php
ob_start();
$hostname='host'; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="database"; // Database name 
$tbl_name="table"; // Table name 


// Connect to server and select databse.
mysql_connect("$hostname", "$username", "$password")or die("Couldn't connect to SQL Server on $hostname"); 
mysql_select_db("$db_name")or die("Couldn't select database on $db_name");

// Define $myusername and $mypassword 
$myusername=mysql_real_escape_string($_POST['myusername']); 
$mypassword=mysql_real_escape_string($_POST['mypassword']); 

$sql="SELECT * FROM ".$tbl_name." WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count == 0){
echo "Wrong Username or Password";

}
else {
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("Location:login_success.php");
}

ob_end_flush();
?>

Login_success.php

<? 
//Check if session is not registered , redirect back to main page. 
//Put this code in first line of web page. 

session_start();
if(!session_is_registered(myusername)){
header("location:index.php");
}
?>

Link to comment
Share on other sites
zimmer Newbie

zimmer

Posted
  • Author
Posted

I by passes that because I was getting an error.

 

This will fix the check for valid username and passwords I hope...

 

edit: If you want to redirect the user, this script must come before ANY HTML. Meaning, Line 1

 


<?php
ob_start();
$hostname='host'; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="database"; // Database name 
$tbl_name="table"; // Table name 


// Connect to server and select databse.
mysql_connect("$hostname", "$username", "$password")or die("Couldn't connect to SQL Server on $hostname"); 
mysql_select_db("$db_name")or die("Couldn't select database on $db_name");

// Define $myusername and $mypassword 
$myusername=mysql_real_escape_string($_POST['myusername']); 
$mypassword=mysql_real_escape_string($_POST['mypassword']); 

$sql="SELECT * FROM ".$tbl_name." WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count == 0){
echo "Wrong Username or Password";

}
else {
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("Location:login_success.php");
}

ob_end_flush();
?>

Login_success.php

<? 
//Check if session is not registered , redirect back to main page. 
//Put this code in first line of web page. 

session_start();
if(!session_is_registered(myusername)){
header("location:index.php");
}
?>

 

I am getting the following error with those changes.

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/r/e/m/remmiz/html/checklogin.php on line 21

Wrong Username or Password

Link to comment
Share on other sites
zimmer Newbie

zimmer

Posted
  • Author
Posted

ok, I have tried a few things but I keep getting this error. Also when I type the address with employees.php I can see the page without having to login.

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/content/r/e/m/remmiz/html/employees.php:2) in /home/content/r/e/m/remmiz/html/employees.php on line 6

 

 

Here is the top 36 lines of the page:

 

<head>

<?

//Check if session is not registered , redirect back to main page.

//Put this code in first line of web page.

 

session_start();

if(!session_is_registered(myusername)){

header("location:index.html");

}

?>

<style type="text/css">

 

#dropmenudiv{

position:absolute;

border:1px solid black;

border-bottom-width: 0;

font:normal 12px Verdana;

line-height:18px;

z-index:100;

}

 

#dropmenudiv a{

width: 100%;

display: block;

text-indent: 3px;

border-bottom: 1px solid black;

padding: 1px 0;

text-decoration: none;

font-weight: bold;

}

 

#dropmenudiv a:hover{ /*hover background color*/

background-color: yellow;

}

 

</style>

 

Link to comment
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
Posted

The script has to go before any HTML on your page

 

<?php

session_start();
if(!session_is_registered(myusername)){
header("location:index.html");
}

?>

//////////////// HTML GOES HERE

 

session_start(); ALWAYS AT LINE 1 of your document

header Always needs to be called before any html on the document, refer to my example ^above^

Link to comment
Share on other sites
zimmer Newbie

zimmer

Posted
  • Author
Posted

Yeah, I was just going to reply that I figured it out, but you posted the answer too!

 

One final question with this topic. When I type the address in manually without logging in how do I direct it to the log in page automatically instead of a "page not found" page?

Link to comment
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
Posted

Yeah, I was just going to reply that I figured it out, but you posted the answer too!

 

One final question with this topic. When I type the address in manually without logging in how do I direct it to the log in page automatically instead of a "page not found" page?

 

what do you mean? If the user isnt logged in?

Link to comment
Share on other sites
zimmer Newbie

zimmer

Posted
  • Author
Posted

You shouldn't get a page not found at all if your code is redirecting right.

 

But when you login, set a $_SESSION with some type of key.  Then check that key at every page you want them to be logged in to see.

 

 

I will have to look into this...because I have no idea what that is/means.

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

Then something else is wrong, you must be typing the url wrong if that is a valid page and works if you are logged in.

 

Yes. If a user is not logged in but types the address of the employee.php it currently loads a "page not found" error page. I would like to have to point directly to the login page.

Link to comment
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
Posted

Yes. If a user is not logged in but types the address of the employee.php it currently loads a "page not found" error page. I would like to have to point directly to the login page.

 

Alright please change this line of code,

 

session_register("myusername");
session_register("mypassword");

 

to

 

$_SESSION['username'] = $username;
$_SESSION['is_logged'] = true;

// NEVER EVER put the password in a session, for security reasons.

 

 

And to answer your question,

 

put this on top of each page you want blocked

 

<?php
session_start();
if(!isset($_SESSION['is_logged'])){

header("Location: Login.php");

}
?>

 

Other than that, maybe your links are wrong.

Link to comment
Share on other sites
zimmer Newbie

zimmer

Posted
  • Author
Posted 

<?php
session_start();
if(!isset($_SESSION['is_logged'])){

header("Location: Login.php");

}
?>

 

Other than that, maybe your links are wrong.

 

I used this and it worked:

session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}

Link to comment
Share on other sites
zimmer Newbie

zimmer

Posted
  • Author
Posted

Yes. If a user is not logged in but types the address of the employee.php it currently loads a "page not found" error page. I would like to have to point directly to the login page.

 

Alright please change this line of code,

 

session_register("myusername");
session_register("mypassword");

 

to

 

$_SESSION['username'] = $username;
$_SESSION['is_logged'] = true;

// NEVER EVER put the password in a session, for security reasons.

 

 

If I do this then will I have to change what I used in my above post?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.