Opening a session using PHP: basic login.

**duuudie** · Mar 7, 2004 10:23

Hi,

I would like to make a simple test. I'd like to record a username and a password. Then I would like to check them to see if they match. If yes, I'd like to open to make a simple 'session=1' with a 'if not session=1 then redirect to the not logged in page' on top of pages.

I am almost ok with the record part. I would like to know if someone could give me some help about the check part. Nothing fancy in terms of security. Just the basic 'if username=password then session('loggedIn')=1 redirect to welcome.php'.

Thanks a lot for your time.

**Blue_Spade** · Mar 7, 2004 11:05

You can do this many ways - here is the way I do it. I register a variable in the session to note whether they logged in correctly or not. Then on each page I just call in and check to make sure that they have logged in. Here is a sample:

PHP Code:


session_start(); 

if ($_SESSION['loggedin'] != "1" ) { 

   header("Location: http://www.domain.com/login.php");

}

Pretty simple but it gets the job done.

**duuudie** · Mar 7, 2004 12:00

thanks a lot for your answer. So I would have to use on top of each page the session_start as well?

And what would the login/password check line look like?

thanks a lot for your time

**duuudie** · Mar 7, 2004 12:05

Ok I figured out how to check the username/password

Code:

$sql = "SELECT * FROM member WHERE " .
"username = $username AND " .
"password = $password";

how would I add that the session equals one if uname/password match?

**Sahajin** · Mar 7, 2004 14:03

PHP Code:


$sql = "SELECT * FROM member WHERE username = '$username' AND password = '$password'";

$result = mysql_query($sql);

if(mysql_num_rows($result){

    $_SESSION['loggedin'] = TRUE;

} else {

    $_SESSION['loggedin'] = FALSE;

}

**duuudie** · Mar 7, 2004 15:33

thank you very much for the time you took to answre me

could you 'translate' this line in english? Just so I can totally understand what it does:

$result = mysql_query($sql);
if(mysql_num_rows($result){

what is mysql_num_rows purpose?

cheers.

**Sahajin** · Mar 7, 2004 15:37

it finds out if there are any rows returned. if none then the username and password didn't match any in the database.

**duuudie** · Mar 7, 2004 16:25

thank you very much. you're a great help

**Sahajin** · Mar 7, 2004 18:06

thank you and no problem

**moonchild** · Mar 7, 2004 20:41

Originally Posted by Sahajin

PHP Code:


$sql = "SELECT * FROM member WHERE " .

"username = $username AND " .

"password = $password";

$result = mysql_query($sql);

if(mysql_num_rows($result){

    $_SESSION['loggedin'] = TRUE;

} else {

    $_SESSION['loggedin'] = FALSE;

}

should be

PHP Code:


$sql = "SELECT * FROM member WHERE username = '$username' AND password = '$password' LIMIT 0,1";



$result = mysql_query($sql);



if ( mysql_num_rows($result) == 1 ) // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful.

{

     $_SESSION['loggedin'] = 1; // Setting session var 'loggedin' to true

}

else

{

     header("Location:login.php?reason=invalid"); // Redirect to login page, as a matching record was not found in the table.

     exit;  // always 'exit'

}

also, have a look here http://www.sitepoint.com/forums/show...62&postcount=4

**Sahajin** · Mar 7, 2004 21:41

what is the difference. you just did the samething I did.

mysql_num_rows will only return 1 or 0. seeing how we want an exact match it will be 0 so my way is better with less code.

**moonchild** · Mar 7, 2004 21:45

Originally Posted by Sahajin

what is the difference. you just did the samehting I did.

you did this:

if(mysql_num_rows($result){

should be:

if ( mysql_num_rows($result) == 1 ) {

to ensure only 1 match was found.

and you dont need to set the session variable if a record doesnt match. one extra process to do, when it's not needed.

just trying to help

**Sahajin** · Mar 7, 2004 22:05

how many username and passwords will be the same at the sametime?

if you set it up so that each username is unique it will only return 1 anyway. and true I didn't need to set a session if false, just an example anyway.

**duuudie** · Mar 8, 2004 00:06

thank you guys. It's a helpful discussion for me anyways. It helped me understand the different approaches of the same question.

**moonchild** · Mar 8, 2004 02:02

Originally Posted by Sahajin

how many username and passwords will be the same at the sametime?

if you set it up so that each username is unique it will only return 1 anyway. and true I didn't need to set a session if false, just an example anyway.

i dont know, that's why i always use == 1 just in case i screw up in the database. i guess it all depends if you are checking that type of thing before users sign up or whatever, which i hope everyone is.

**duuudie** · Mar 8, 2004 04:54

Originally Posted by moonchild

i dont know, that's why i always use == 1 just in case i screw up in the database. i guess it all depends if you are checking that type of thing before users sign up or whatever, which i hope everyone is.

well I am about doing it... However, the more security the best isnt'it??? So I will aslo use the ==1 trick

**duuudie** · Mar 8, 2004 07:23

hum...
I get this error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\phpdev\www\blog\php\login.php on line 20

line 20 being:

if ( mysql_num_rows($result) == 1 ) // mysql_num_rows() returns the record count from the query result. you want one (1) matching record to verify the login was successful.

what is wrong?

thank you very much for your time

**duuudie** · Mar 8, 2004 07:27

Originally Posted by Blue_Spade

You can do this many ways - here is the way I do it. I register a variable in the session to note whether they logged in correctly or not. Then on each page I just call in and check to make sure that they have logged in. Here is a sample:

PHP Code:


session_start(); 
if ($_SESSION['loggedin'] != "1" ) { 
header("Location: http://www.domain.com/login.php");
}

Pretty simple but it gets the job done.

btw: do I have to write session_start on top of each page?

**Helge** · Mar 8, 2004 07:39

Originally Posted by duuudie

I get this error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\phpdev\www\blog\php\login.php on line 20

That's maybe because the query fails. Add mysql_error() when using mysql_query() like this:

PHP Code:


$result = mysql_query($sql) or die(mysql_error());

Does that return anything?

Originally Posted by duuudie

btw: do I have to write session_start on top of each page?

On every page you want to do something with the session (read or write) you have to have session_start() at the top of the page

Hope this helps.

-Helge

**duuudie** · Mar 8, 2004 09:36

I will try that.

thank you very much for your answer

**Gaheris** · Mar 8, 2004 10:09

Did you use the query moonchild posted? Because that one should work, Sahajins one however is incorrect because he forgot the single quotes around the string values.

**Sahajin** · Mar 8, 2004 10:35

I just copied what was already there. I will fix it for future reference.

**duuudie** · Mar 8, 2004 11:49

first of all, let me thank you - all of you - for your great help. I know I have a hard time learning these basic stuffs so many thanks for your patience.

Here are a few problems that I have.

Here is my login page:

Code:

$sql = "SELECT username, password FROM huh WHERE username = '$username' AND password = '$password' LIMIT 0,1"; 
$result = mysql_query($sql); 
if ( mysql_num_rows($result) == 1 ) // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful. 
{ 
	 $_SESSION['loggedin'] = 1; // Setting session var 'loggedin' to true 
} 
else 
{ 
	 header("Location:index.php"); // Redirect to login page, as a matching record was not found in the table. 
	 exit;  // always 'exit' 
} 
?>

here is what I have on top of the index page, just to make sure that the member has registered correctly (it0s just a little test):

Code:

<?php
session_start(); 
if ($_SESSION['loggedin'] = 1 )
echo"Welcome back dear member";
else
echo"Welcome. It seems that it is your first visit here";
?>

and here is the error message that I have:

Warning: Cannot send session cookie - headers already sent by (output started at c:\phpdev\www\blog\php\index.php:13) in c:\phpdev\www\blog\php\index.php on line 14

Warning: Cannot send session cache limiter - headers already sent (output started at c:\phpdev\www\blog\php\index.php:13) in c:\phpdev\www\blog\php\index.php on line 14
Welcome back dear member

if you can help me that would be lovely.

**Gaheris** · Mar 8, 2004 12:13

The login page should have a session_start call at the top.

PHP Code:


// This ...

if ($_SESSION['loggedin'] = 1 )

// ... should be

if ($_SESSION['loggedin'] == 1 )

// ... or else it would be always true

Delete any whitespace before the PHP open code (<?php).

**duuudie** · Mar 8, 2004 15:19

did it... still have the same problems:

login.php doesn't redirect
index.php has the error.

Anyways I will try with moonchild code, the one linked in one of his above posts.

However if you guys feel like spoting the error in the actual code, feel free to explain me what was wrong.

take care.

User Tag List

Thread: Opening a session using PHP: basic login.

Thread Tools

Display

Opening a session using PHP: basic login.

Bookmarks

Bookmarks

Posting Permissions