I am trying to get this program login to work with sessions. I don't know what I am doing wrong, but part of my code is displaying on the page instead of just my login form. Here is my code

<?php
session_start();
$_SESSION['name']= "test4";
define('DBSERVER', 'localhost');
define('DATABASE', 'dbname');
define('USER', 'myusername');
define('PASSWRD', 'mypassword');
define('TABLE', 'mytablename');
$thisfile = basename($SCRIPT_NAME);
$url = $_REQUEST['url'];
$cmd = $_REQUEST['cmd'];
$goto = $thisfile."?url=".$url;
if ($cmd == "logout") {
$message = "<p>You have been logged out.</p>";
}
if ($cmd == "verify") {
$slogin = $_POST['username'];
$spassword = $_POST['password'];
//first we look to see if we can find the login
$sql="SELECT password, clearance FROM " . TABLE .  " WHERE login='$slogin'";
$connection = mysql_connect(DBSERVER,USER,PASSWRD);
$selectdb = mysql_select_db(DATABASE);
$result = mysql_query($sql);
if(mysql_num_rows($result) == 0) {
  //login was not found
  $message = "<p>Username was not found.  Try again? </p>";   
} else {
  //login okay let's see what that password is
  $row = mysql_fetch_array($result, MYSQL_ASSOC) ;
  $password = $row['password'];
  $clearance = $row['clearance'];
  if($password == $spassword) {
    //that's a match
    $message = "<p>Your clearance level is $clearance.</p>";
        //let's redirect to the page to display the cookie
    $goto = $url;
  } else {
    //login okay, password did not match
    $message = "<p>Password did not match username.  Try again? </p>";
  } 
}
mysql_close($connection);
}
session_destroy();
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>User Authentication</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<? 
if (($cmd == "verify") or ($cmd == "logout")) {
echo "$message"; 
?>
<meta http-equiv="refresh" content="2;URL=<? echo "$goto";?>">
<? } else { ?>
<h3 align="center">Please enter database username and password:</h3>
<form name="form1" method="post" action="<? echo "$thisfile";?>">
  <div align="center">
    <table border="0">
      <tr> 
        <td><strong>Username</strong>:</td>
        <td><input name="username" type="text" size="20" maxlength="20"></td>
      </tr>
      <tr> 
        <td><strong>Password</strong>:</td>
        <td><input name="password" type="password" id="password" size="20" maxlength="20"> 
        </td>
      </tr>
      <tr> 
        <td colspan="2"><input type="submit" name="Submit" value="Submit"> <input name="Reset" type="reset" id="Reset" value="Reset"></td>
      </tr>
    </table>
    <input name="cmd" type="hidden" id="cmd" value="verify">
    <input name="url" type="hidden" id="url" value="<? echo "$url" ?>">
  </div>
</form>

<? } ?>
</body>
</html>





?>

Here is my other file

<?
session_start();
echo $_SESSION['name'];
//this is the location of this script
$thisfile = "test4.php";
//this is the relative path location of the authentication script
$auth = "authenticate.php";

if ($_SESSION['login']!="go"){
    header("Location: authenticate.php")
    exit();
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?
//now we have to see if the proper clearance is available to see stuff.
if ($clearance < 1) {
?>
<H1>PRIVATE! FOR YOUR EYES ONLY!</H1>
<H5><a href="<? echo "$auth?url=$thisfile&cmd=logout"; ?>">LOGOUT</a></H5>
<?
} else {
?>
<H1>SECRURITY ALERT</H1>
<P>You do not have sufficient clearance to view this information.</P>
<meta http-equiv="refresh" content="2;URL=<? echo "$auth?url=$thisfile"; ?>">
<? 
} 
} 
session_destroy();
?>
</body>
</html>

and here is what is displaying

You have been logged out.
"; } if ($cmd == "verify") { $slogin = $_POST; $spassword = $_POST; //first we look to see if we can find the login $sql="SELECT password, clearance FROM " . TABLE . " WHERE login='$slogin'"; $connection = mysql_connect(DBSERVER,USER,PASSWRD); $selectdb = mysql_select_db(DATABASE); $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { //login was not found $message = "
Username was not found. Try again?
"; } else { //login okay let's see what that password is $row = mysql_fetch_array($result, MYSQL_ASSOC) ; $password = $row; $clearance = $row; if($password == $spassword) { //that's a match $message = "
Your clearance level is $clearance.
"; //let's set a cookie with this information setcookie("clearance",$clearance,0); //let's redirect to the page to display the cookie $goto = $url; } else { //login okay, password did not match $message = "
Password did not match username. Try again?
"; } } mysql_close($connection); } ?> ">
Please enter database username and password:

">
Username:

Password:

">

try using the right php opening tag "<?php" not "<?", this makes a big difference. some servers will not read the php code if its not properly enclosed by the right tags. i can make you a login script that will work, i'm bored.

try using the right php opening tag "<?php" not "<?", this makes a big difference. some servers will not read the php code if its not properly enclosed by the right tags. i can make you a login script that will work, i'm bored.

Thanks Keith, You can make me one if you are that bored but I will try to add the php and see if that works too. Thanks again

i have finished the login script. it consists of four pages (login.php,member.php,mysql.php, and javascript.js). you will need to change the database connect info to your information in mysql.php. i added an automatic logout where if the user has no activity after 3 minutes, they will be logged out. download here http://68.103.192.2:8080/downloads/

thanks I will try it out!!

This article has been dead for over six months. Start a new discussion instead.