View Full Version : User Login: looking for a point in the right direction

03-06-2010, 09:36 PM
This is an ubernoober questions, but I am building a user login, have the form with username & password confirmation verification that processes correctly, returning the values when true and errors when false. My question is this, upon verifying the data as true, how do I define the user as Logged in? Following the if/else statement that checks for errors as the following...

if(count($_POST)>0) {
//lets process
$errors =checkReg($_POST['un'],$_POST['pw'],$_POST['conf']);
//are there any errors????
if(count($errors)>0) {
//I have errors
foreach($errors as $error) {
print "Please correct: $error<br />";
else {
//all is good
foreach($_POST as $form_element=>$user_entry) {
print $form_element." is ".$user_entry."<br />";

03-06-2010, 10:52 PM
You use PHP SESSIONS, which are like cookies, but stored on the server instead.
They SESSION remains active until the user logs out or closes their browser.

So, you have your two files,
1) Your login form (like you already have).
2) The form that checks for a valid user/pass.

Usually, the usernames and passwords are stored in a database, and you
check against those ... but you don't have a database, so not sure how
you determine if the username and password are correct.
What are you comparing the user's username and password to?

So this is what your login script might look like:

session_start(); // this has to be the first line of any script that uses SESSIONS.


// check username and password -- in this example, I have to define it manually.
if($username == "johndoe" && $password == "abcdefg"){

// both were correct, so set a SESSION variable ...
$_SESSION['loggedin'] = '$username';
header ("location: index.php");

// if you get here, that means they did not log in correctly.
// return back to your login page (or wherever you want) ...
header ("location: login.php");


On every page that looks for the logged-in user, you do this at the top of your HTML:

// do nothing - user is logged in OK
// user is not logged-in, so you can either redirect or do something else.
// in this example, you kick them out of this page ...
header ("location: index.php");
. your protected HTML page with the username showing ...
. blah blah
Welcome Back: <?=$_SESSION['loggedin']?> !
.blah blah

From now on (until they log out or close their browser), you can read their username,
and the fact that the SESSION exists, means they are properly logged-in. Just knowing
they are logged-in is all you really need to know.

Here's the way to log them out ... by destroying the SESSION:

header ("location: http://www.mywebsite.com");


03-20-2010, 07:09 PM
Starting to make much more sense now. Thank you for this explanation. Had a little trouble wrapping my head around a generic session vs a session that had a variable assigned to it. As I understand it, a generic session will just set and track the browsers movements as it navigates a site whereas a session, assigned a variable is able to allow access or functionality that would be otherwise restricted to a client that does not meet the privileges allowed via a login.

Again, thanks for the help.