Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder noneforit's Avatar
    Join Date
    Apr 2009
    Location
    England
    Posts
    268
    Thanks
    10
    Thanked 20 Times in 20 Posts

    Help with login script

    Hello

    I used the script below for a login system and it seems to work great

    PHP Code:
    <?php
    $host
    ="localhost"// Host name
    $username="username"// Mysql username
    $password="password"// Mysql password
    $db_name="users_db"// Database name
    $tbl_name="users_tb"// Table name

    // Connect to server and select databse.
    mysql_connect("$host""$username""$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    // username and password sent from form
    $myusername=$_POST['username'];
    $mypassword=$_POST['password'];

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword);
    $myusername mysql_real_escape_string($myusername);
    $mypassword mysql_real_escape_string($mypassword);

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row

    if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("myusername");
    session_register("mypassword");
    header("location:../index.html");
    }
    else {
    echo 
    "Wrong Username or Password";
    }
    ?>
    However, what code do I put at the top of any page that I need to protect...??

    Cheers

  • #2
    met
    met is offline
    Regular Coder
    Join Date
    Oct 2009
    Location
    United Kingdom
    Posts
    728
    Thanks
    4
    Thanked 119 Times in 119 Posts
    PHP Code:
    <?php
    session_start
    ();

    if(!isset(
    $_SESSION['myusername'])) {
       echo 
    'you don\'t have permission to view this page...';
    }

  • #3
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Just check your session variables.

    BTW, session_register() is deprecated and won't work with PHP 6; you should simply assign values to the $_SESSION array.

    See:

    http://us.php.net/manual/en/function...n-register.php

  • #4
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,387
    Thanks
    8
    Thanked 1,077 Times in 1,068 Posts
    At the top of every script that uses sessions, you should have this ...
    (including the script you've shown above) ...

    <?php
    session_start();

    On pages that need protection ....
    PHP Code:
    <?php
    session_start
    ();
    if(isset(
    $_SESSION['myusername'])){
    //they are logged-in, so do nothing.
    }
    else{
    //they are not logged-in, so kick them back to the main page.
    header ("location: index.php");
    }
    ?>

    <html>
    blah blah
    the rest of your page here

  • #5
    Regular Coder noneforit's Avatar
    Join Date
    Apr 2009
    Location
    England
    Posts
    268
    Thanks
    10
    Thanked 20 Times in 20 Posts
    All seems to be working except:

    I go to the protected page which redirects me to the login page as expected.
    I then login which is meant to take me back to the protected page but it just redirects back to the login page....!?!?!

    I have a checklogin.php page:

    PHP Code:
    <?php
    session_start
    ();

    $host="localhost"// Host name
    $username="login"// Mysql username
    $password="password"// Mysql password
    $db_name="users_db"// Database name
    $tbl_name="users_tb"// Table name

    // Connect to server and select databse.
    mysql_connect("$host""$username""$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    // username and password sent from form
    $myusername=$_POST['username'];
    $mypassword=$_POST['password'];

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword);
    $myusername mysql_real_escape_string($myusername);
    $mypassword mysql_real_escape_string($mypassword);

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row

    if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("myusername");
    session_register("mypassword");
    header("location:../index.php");
    }
    else {
    echo 
    "Wrong Username or Password";
    }
    ?>
    A login.php page:

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <
    html xmlns="http://www.w3.org/1999/xhtml">
    <
    head>
    <
    meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <
    title>Please Login</title>
    <
    link href="CSS/login.css" rel="stylesheet" type="text/css" />
    </
    head>

    <
    body>
    <
    class="maintext">You must login to access the members area!</p>
    <
    div id="login">
    <
    form action="php/checklogin.php" method="post">
    Username: <input name="username" type="text" />
    Password: <input name="password" type="text" />
    <
    input name="Login!" type="submit" value="Login!" /></form>
    </
    div>
    </
    body>
    </
    html
    And a protected page index.php:

    PHP Code:
    <?php
    session_start
    ();
    if(isset(
    $_SESSION['myusername'])){
    //they are logged-in, so do nothing.
    }
    else{
    //they are not logged-in, so kick them back to the main page.
    header ("location:login.php");
    }
    ?>

    <HTML HERE.....>

  • #6
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Add a print_r($_SESSION) along with a die() (so you don't get redirected), see what that gives you.

  • #7
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,387
    Thanks
    8
    Thanked 1,077 Times in 1,068 Posts
    I'm thinking it might be the deprecated code ... but not sure ...Try this ...

    Change these two lines:
    session_register("myusername");
    session_register("mypassword");

    To this:
    $_SESSION['myusername']=$myusername;
    $_SESSION['mypassword']="does_not_matter";

    (You're only checking for the existence of "myusername", so you only need that one).

    Maybe it has something to do with session arrays.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •