 |  |  |  |  |  |  |  |
Holding a users ID and pwd during a session
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
Thread Solved |
Hi,
I am having a little access/control issue. I can add a user to the database using a signup page, go back to the login page, and then log in using the new user. but if i click on a link to go to anoher page that requires the user to be logged in, it forgets the user, and directs them to log back in.
this is the code i am using to control access, the file is implemented like this on every protected page:
[CODE]
<?php
session_start();
$username = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username'];
$password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['username'];
if(!isset($username))
{
?>
<html>
<head>
<title>The Book.com - Not Signed In</title>
</head>
<body>
<div class = "head">
<p>The Book.com</p>
</div>
<div class = "content">
<p>You are not signed in. Pleas sign in</p>
<form method = "POST" action = "<?=$_SERVER[PHP_SELF]?>">
<label>Username:</label>
<input type = "text" name = "username" maxlength = "100" size = "25" />
<label>Password: </label>
<input type = "password" name = "password" maxlength = "16" size = "25" />
<input type = "submit" value = "Log In" name = "submit" />
</form>
</div>
</html>
<?php
exit; }
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$dbhost = "localhost";
$dbname = "thebook";
$dbuser = "TheBook";
$dbpass = "thebook";
$dbcon = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $dbcon);
$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$password'";
$query = mysql_query($sql, $dbcon);
if(mysql_num_rows($query) == 0)
{
unset($_SESSION['username']);
unset($_SESSION['password']);
?>
<html>
<head>
<title>The Book.com - Access Denied</title>
</head>
<body>
<p>Your username or password was incorrect, or you are not a registered user of the site.
To try logging in again click <a href = "<?=$_SERVER[PHP_SELF]?>">here</a>. T become a registered
member of this site click <a href = "signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}
?>
[CODE]
any help would be muchly appreciated.
I am having a little access/control issue. I can add a user to the database using a signup page, go back to the login page, and then log in using the new user. but if i click on a link to go to anoher page that requires the user to be logged in, it forgets the user, and directs them to log back in.
this is the code i am using to control access, the file is implemented like this on every protected page:
PHP Syntax (Toggle Plain Text)
[CODE]
<?php
session_start();
$username = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username'];
$password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['username'];
if(!isset($username))
{
?>
<html>
<head>
<title>The Book.com - Not Signed In</title>
</head>
<body>
<div class = "head">
<p>The Book.com</p>
</div>
<div class = "content">
<p>You are not signed in. Pleas sign in</p>
<form method = "POST" action = "<?=$_SERVER[PHP_SELF]?>">
<label>Username:</label>
<input type = "text" name = "username" maxlength = "100" size = "25" />
<label>Password: </label>
<input type = "password" name = "password" maxlength = "16" size = "25" />
<input type = "submit" value = "Log In" name = "submit" />
</form>
</div>
</html>
<?php
exit; }
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$dbhost = "localhost";
$dbname = "thebook";
$dbuser = "TheBook";
$dbpass = "thebook";
$dbcon = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $dbcon);
$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$password'";
$query = mysql_query($sql, $dbcon);
if(mysql_num_rows($query) == 0)
{
unset($_SESSION['username']);
unset($_SESSION['password']);
?>
<html>
<head>
<title>The Book.com - Access Denied</title>
</head>
<body>
<p>Your username or password was incorrect, or you are not a registered user of the site.
To try logging in again click <a href = "<?=$_SERVER[PHP_SELF]?>">here</a>. T become a registered
member of this site click <a href = "signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}
?>
[CODE]
any help would be muchly appreciated.
•
•
Join Date: Aug 2009
Posts: 81
Reputation: 
Solved Threads: 18
Junior Poster in Training
Let me first tell you: NEVER give a password through a SESSION UNCODED. I also recommend you simply do the following:
- If a user has logged in (correctly) then a variable named $_SESSION['auth'] is set "true" or "yes" and if it is needed in the rest of the pages, you also set a $_SESSION['user'] or a $_SESSION['user_id']. If you still want to give a password through, please use md5(), sha1() or another encrypt function.
And at each page you do the following:
You can also put some javascript in it that redirects the user directly to the login page.
~G
- If a user has logged in (correctly) then a variable named $_SESSION['auth'] is set "true" or "yes" and if it is needed in the rest of the pages, you also set a $_SESSION['user'] or a $_SESSION['user_id']. If you still want to give a password through, please use md5(), sha1() or another encrypt function.
And at each page you do the following:
PHP Syntax (Toggle Plain Text)
You can also put some javascript in it that redirects the user directly to the login page.
~G
Last edited by Graphix; Sep 24th, 2009 at 4:06 am.
 |
Similar Threads
- Just how safe is a session based on a mysql field id for user indetifcation? (PHP)
- Script needed: To 21 users, who each have access to certain dloads! Plz (PHP)
- Template Engine Problem (PHP)
- Login Page in asp.net using C# using MS access database (C#)
- Multiple type of users (PHP)
- session handling problem (JSP)
- OPTION problem (PHP)
- PHP / IIS / Integrated login w/ home directories (PHP)
- TWERQ.com Tabbed search results. Start TWERQn! (Website Reviews)
- How can i retrieve data after i logod on..... (ASP.NET)
Other Threads in the PHP Forum
- Previous Thread: Get Directory Listing
- Next Thread: Apache with XAMPLITE - Error
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
# 5.2.10 ajax apache api array beginner binary broken cakephp checkbox class clean clients cms code cron curl database date display dissertation dynamic echo echo$_get[x]changingitintovariable... email error file files folder form forms function functions google href htaccess html image images include insert integration ip java javascript joomla ldap legislation limit link local login loop mail memberships menu mlm multiple mysql mysqlquery oop open paypal pdf persist php problem query radio random recursion regex remote rss script search server sessions sms soap sockets source space spam sql syntax system table tutorial update upload url validation validator variable video web xml youtube
