SitePoint Sponsor

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 53

Hybrid View

  1. #1
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Opening a session using PHP: basic login.

    Hi,

    I would like to make a simple test. I'd like to record a username and a password. Then I would like to check them to see if they match. If yes, I'd like to open to make a simple 'session=1' with a 'if not session=1 then redirect to the not logged in page' on top of pages.

    I am almost ok with the record part. I would like to know if someone could give me some help about the check part. Nothing fancy in terms of security. Just the basic 'if username=password then session('loggedIn')=1 redirect to welcome.php'.

    Thanks a lot for your time.

  2. #2
    SitePoint Zealot Blue_Spade's Avatar
    Join Date
    May 2003
    Location
    Orlando
    Posts
    105
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can do this many ways - here is the way I do it. I register a variable in the session to note whether they logged in correctly or not. Then on each page I just call in and check to make sure that they have logged in. Here is a sample:
    PHP Code:
    session_start(); 
    if (
    $_SESSION['loggedin'] != "1" ) { 
       
    header("Location: http://www.domain.com/login.php");

    Pretty simple but it gets the job done.
    Ryan Steel - Developer / Online Marketing
    Texas Hold Em & Omaha Strategy | Cordless Phone Reviews

  3. #3
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Blue_Spade
    You can do this many ways - here is the way I do it. I register a variable in the session to note whether they logged in correctly or not. Then on each page I just call in and check to make sure that they have logged in. Here is a sample:
    PHP Code:
    session_start(); 
    if (
    $_SESSION['loggedin'] != "1" ) { 
    header("Location: http://www.domain.com/login.php");

    Pretty simple but it gets the job done.
    btw: do I have to write session_start on top of each page?


  4. #4
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks a lot for your answer. So I would have to use on top of each page the session_start as well?

    And what would the login/password check line look like?

    thanks a lot for your time

  5. #5
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok I figured out how to check the username/password
    Code:
    $sql = "SELECT * FROM member WHERE " .
    "username = $username AND " .
    "password = $password";
    how would I add that the session equals one if uname/password match?


  6. #6
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $sql "SELECT * FROM member WHERE username = '$username' AND password = '$password'";
    $result mysql_query($sql);
    if(
    mysql_num_rows($result){
        
    $_SESSION['loggedin'] = TRUE;
    } else {
        
    $_SESSION['loggedin'] = FALSE;

    Last edited by Sahajin; Mar 8, 2004 at 09:35.

  7. #7
    SitePoint Addict moonchild's Avatar
    Join Date
    Nov 2003
    Location
    U$A
    Posts
    258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sahajin
    PHP Code:
    $sql "SELECT * FROM member WHERE " .
    "username = $username AND " .
    "password = $password";
    $result mysql_query($sql);
    if(
    mysql_num_rows($result){
        
    $_SESSION['loggedin'] = TRUE;
    } else {
        
    $_SESSION['loggedin'] = FALSE;

    should be

    PHP Code:
    $sql "SELECT * FROM member WHERE username = '$username' AND password = '$password' LIMIT 0,1";

    $result mysql_query($sql);

    if ( 
    mysql_num_rows($result) == // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful.
    {
         
    $_SESSION['loggedin'] = 1// Setting session var 'loggedin' to true
    }
    else
    {
         
    header("Location:login.php?reason=invalid"); // Redirect to login page, as a matching record was not found in the table.
         
    exit;  // always 'exit'

    also, have a look here http://www.sitepoint.com/forums/show...62&postcount=4

  8. #8
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you very much for the time you took to answre me

    could you 'translate' this line in english? Just so I can totally understand what it does:

    $result = mysql_query($sql);
    if(mysql_num_rows($result){

    what is mysql_num_rows purpose?

    cheers.

  9. #9
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it finds out if there are any rows returned. if none then the username and password didn't match any in the database.

  10. #10
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you very much. you're a great help

  11. #11
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you and no problem
    success is not by chance, it is by choice.

  12. #12
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what is the difference. you just did the samething I did.

    mysql_num_rows will only return 1 or 0. seeing how we want an exact match it will be 0 so my way is better with less code.
    success is not by chance, it is by choice.

  13. #13
    SitePoint Addict moonchild's Avatar
    Join Date
    Nov 2003
    Location
    U$A
    Posts
    258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sahajin
    what is the difference. you just did the samehting I did.
    you did this:

    if(mysql_num_rows($result){

    should be:

    if ( mysql_num_rows($result) == 1 ) {

    to ensure only 1 match was found.

    and you dont need to set the session variable if a record doesnt match. one extra process to do, when it's not needed.

    just trying to help

  14. #14
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how many username and passwords will be the same at the sametime?

    if you set it up so that each username is unique it will only return 1 anyway. and true I didn't need to set a session if false, just an example anyway.
    success is not by chance, it is by choice.

  15. #15
    SitePoint Addict moonchild's Avatar
    Join Date
    Nov 2003
    Location
    U$A
    Posts
    258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sahajin
    how many username and passwords will be the same at the sametime?

    if you set it up so that each username is unique it will only return 1 anyway. and true I didn't need to set a session if false, just an example anyway.
    i dont know, that's why i always use == 1 just in case i screw up in the database. i guess it all depends if you are checking that type of thing before users sign up or whatever, which i hope everyone is.

  16. #16
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by moonchild
    i dont know, that's why i always use == 1 just in case i screw up in the database. i guess it all depends if you are checking that type of thing before users sign up or whatever, which i hope everyone is.
    well I am about doing it... However, the more security the best isnt'it??? So I will aslo use the ==1 trick

  17. #17
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you guys. It's a helpful discussion for me anyways. It helped me understand the different approaches of the same question.

  18. #18
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hum...
    I get this error:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\phpdev\www\blog\php\login.php on line 20

    line 20 being:

    if ( mysql_num_rows($result) == 1 ) // mysql_num_rows() returns the record count from the query result. you want one (1) matching record to verify the login was successful.

    what is wrong?

    thank you very much for your time

  19. #19
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by duuudie
    I get this error:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\phpdev\www\blog\php\login.php on line 20
    That's maybe because the query fails. Add mysql_error() when using mysql_query() like this:
    PHP Code:
    $result mysql_query($sql) or die(mysql_error()); 
    Does that return anything?

    Quote Originally Posted by duuudie
    btw: do I have to write session_start on top of each page?
    On every page you want to do something with the session (read or write) you have to have session_start() at the top of the page

    Hope this helps.

    -Helge

  20. #20
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I will try that.

    thank you very much for your answer

  21. #21
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Did you use the query moonchild posted? Because that one should work, Sahajins one however is incorrect because he forgot the single quotes around the string values.

  22. #22
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just copied what was already there. I will fix it for future reference.
    success is not by chance, it is by choice.

  23. #23
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    first of all, let me thank you - all of you - for your great help. I know I have a hard time learning these basic stuffs so many thanks for your patience.

    Here are a few problems that I have.

    Here is my login page:

    Code:
    $sql = "SELECT username, password FROM huh WHERE username = '$username' AND password = '$password' LIMIT 0,1"; 
    $result = mysql_query($sql); 
    if ( mysql_num_rows($result) == 1 ) // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful. 
    { 
    	 $_SESSION['loggedin'] = 1; // Setting session var 'loggedin' to true 
    } 
    else 
    { 
    	 header("Location:index.php"); // Redirect to login page, as a matching record was not found in the table. 
    	 exit;  // always 'exit' 
    } 
    ?>
    here is what I have on top of the index page, just to make sure that the member has registered correctly (it0s just a little test):

    Code:
    <?php
    session_start(); 
    if ($_SESSION['loggedin'] = 1 )
    echo"Welcome back dear member";
    else
    echo"Welcome. It seems that it is your first visit here";
    ?>
    and here is the error message that I have:

    Warning: Cannot send session cookie - headers already sent by (output started at c:\phpdev\www\blog\php\index.php:13) in c:\phpdev\www\blog\php\index.php on line 14

    Warning: Cannot send session cache limiter - headers already sent (output started at c:\phpdev\www\blog\php\index.php:13) in c:\phpdev\www\blog\php\index.php on line 14
    Welcome back dear member
    if you can help me that would be lovely.

  24. #24
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The login page should have a session_start call at the top.
    PHP Code:
    // This ...
    if ($_SESSION['loggedin'] = )
    // ... should be
    if ($_SESSION['loggedin'] == )
    // ... or else it would be always true 
    Delete any whitespace before the PHP open code (<?php).

  25. #25
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    did it... still have the same problems:

    login.php doesn't redirect
    index.php has the error.

    Anyways I will try with moonchild code, the one linked in one of his above posts.

    However if you guys feel like spoting the error in the actual code, feel free to explain me what was wrong.



    take care.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •