Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Aug 2008
    Posts
    13
    Thanks
    1
    Thanked 1 Time in 1 Post

    Session won't keep me logged in *HELP*

    Hey guys, I'm building a register/login script. The register works fine as it sends the information to a database which I have checked and it works. The login works but it doesn't seem to keep me logged in?! Heres my login code:

    PHP Code:
    <?php

    session_start
    ();
    include 
    'database.php';

    if(
    $logged[username]) {
    echo 
    'header ("Location: index.php")';
    } else {
    if(isset(
    $_POST['login'])) {
    $username = ($_POST['username']);
    $password = ($_POST['password']);
    if(!
    $username | !$password) {
    echo (
    "A field has been left blank!");
    } else {
    $find mysql_query("SELECT * FROM `users` WHERE `username` = '$username'");
    if (
    $uzes mysql_num_rows($find) == '0') {
    echo (
    "This username doesn't exist!");
    } else {
    $query mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
    $array mysql_fetch_array($query);
    $_SESSION['id'] = "$user[id]";
    $_SESSION['password'] = "$user[password]";
    echo (
    "You are now logged in!");
    echo (
    "<meta http-equiv='Refresh' content='5; URL=index.php'>");
    }
    }
    } else {
    echo (
    "<form method='post' action='$_SERVER[PHP_SELF]'>
    Username:<br>
    <input type='text' name='username' size='30'><br>
    Password:<br>
    <input type='password' name='password' size='30'><br>
    <input type='submit' name='login' value='Login'>
    </form>"
    );
    }
    }
    ?>
    I know I haven't slated or md5'd the passwords but I will do after it's fixed, it directs me to index.php but when I go back to the login.php page it asks me to login again? :S

    PLEASE HELP!!

  • #2
    New Coder
    Join Date
    Apr 2006
    Posts
    20
    Thanks
    2
    Thanked 1 Time in 1 Post
    You need an if statement to check if your $_SESSION variables have been set. If so, you know you're logged in, so you can show something besides the login form.

    --Josh

  • #3
    Regular Coder ohgod's Avatar
    Join Date
    Jun 2008
    Location
    Ohio
    Posts
    579
    Thanks
    6
    Thanked 69 Times in 69 Posts
    that looks a lil bloated to me... here is one i use, maybe it'll help.

    at the top of any page i want to use the session with:
    PHP Code:
    <?php

    session_start
    ();

    // is the one accessing this page logged in or not?
    if (!isset($_SESSION['is_logged_in']) 
       || 
    $_SESSION['is_logged_in'] !== true) {

       
    // not logged in, move to login page
       
    header('Location: login.php');
       exit;
    }
    ?>
    so if that session variable is blank or false we move to the login page. there we have the following:

    PHP Code:
    <?
    session_start
    (); 
    $errorMessage '';
    //make sure they entered both
    if (isset($_POST['uid']) && isset($_POST['upw'])) {
       include 
    'dbs.php';
       
    $conn mysql_connect($sqlsrv$sqlusr$sqlpw) or die("Could not connect : " mysql_error());
    mysql_select_db($sqldb) or die ("Database " $sqldb " not selected.." mysql_error());

       
    //just in case  
       
    $userId strip_tags($_POST['uid']);
       
    $password strip_tags($_POST['upw']);

       
    // check if the user id and password combination exist in database
       
    $sql 'SELECT `id` FROM `uid` WHERE `id` = "' mysql_real_escape_string($userId) . '" AND `password` = "' mysql_real_escape_string($password) . '"';

       
    $result mysql_query($sql$conn
                 or die(
    'Query failed. ' mysql_error()); 

       if (
    mysql_num_rows($result) == 1) {
          
    // the user id and password match, 
          // set the session
          
    $_SESSION['is_logged_in'] = true;

          
    // after login we move to the main page
          
    header('Location: index.php?page=select');
          exit;
       } else {
          
    $errorMessage 'Sorry, wrong user id / password';
       }
    }
    ?>

    <html>
    <head>
    <title>Please Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <style type="text/css" media="screen">@import "tabs.css";</style>

    </head> 
    <body OnLoad="document.frmLogin.uid.focus();">
    <table border="0" cellpadding="3" cellspacing="1" class="forumline" align="center" valign="middle">
    <tr><th><big><b>NOTICE</b></big></strong></th></tr>
    <tr><td align="center">This page and all pages herein contain confidential information and its use is restricted to Tri-State Search and Rescue and designated agents thereof. <br/>Unauthorized access is prohibited. Use may be monitored and recorded.</td></tr>
    <td>
    <h1 align="center">TSSAR Incident Manager Login<h1>
    <?php
    if ($errorMessage != '') {
    ?>
    <p align="center"><strong><font color="#990000"><?php echo $errorMessage?></font></strong></p>
    <?php
    }
    ?> 
    <form method="post" name="frmLogin" action="login.php">
    <table width="400" border="0" cellpadding="3" cellspacing="1" class="forumline" align="center">
    <tr>
    <td width="150">User Id</td>
    <td><input name="uid" type="text"></td>
    </tr>
    <tr>
    <td width="150">Password</td>
    <td><input name="upw" type="password"></td>
    </tr>
    <tr>
    <td width="150">&nbsp;</td>
    <td><input type="submit" name="btnLogin" value="Login"></td>
    </tr>
    </table>
    </form>
    </td>
    </table>
    </body>
    </html>
    anyway, not that you need to use what i have... but it might have some handy examples or something. wha ti don't see is a session variable you're setting to prove authentication on the other pages, but maybe i miseed it.

  • #4
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts
    PHP Code:
    session_start();
    if (!isset(
    $_SESSION['id'])) {
        
    header'Location: login.php' ) ;

    put that at the top of every page to be secure and it'll redirect all those pages to login if they're not logged in

    On the login page you want to do it slightly different just below your session_start()

    PHP Code:
    if (isset($_SESSION['id'])) {
        
    header'Location: secure_section_main_page.php' ) ;

    This time instead of checking that it doesn't exist your checking if it does exist then redirecting to the main menu page for your secure area in your case probably index.php

    you can always optimise your login check too to be smaller check here for more info Help PHP login form
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •