SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Zealot
    Join Date
    May 2008
    Posts
    125
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    help needed with php login session

    Hi there,

    i have created a login page as part of my system, the login works by checking the given input username and password against the table username and password . this all works fine.

    i would like to introduce into my system php session stuff (im not familer with the session stuff). i have tried some code
    in my login page i have at the start of the page:

    session_start();

    i have the:
    $_SESSION['staff_ID'] =$row['staff_ID'];

    then at the start of every html page that is apart of my system i have:

    session_start();

    if(!session_is_registered('staff_ID'))
    {
    include("http://localhost/login.html");
    }
    ?>

    how do i test if this is working i cant login to the system if i dont input an existing staff username and password and when i am logged in how can i keep track of the logged in user how do i test for flaws in this situation.

    I am using Apache as my server.


    all help is appreciated

  2. #2
    SitePoint Zealot
    Join Date
    Mar 2008
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this...

    Have this following form on your login page called login.php

    <form action="checkLogin.php" method="POST">
    Username: <input type="text" id="user" name="user" /><br />
    Password: <input type="pass" id="pass" name="pass" /><br />
    <input type="submit" value="Login" />
    </form>

    Now have a another php file called checkLogin with the following code

    <?php
    session_start();
    include('db.php'); // include your database and table connection in this file

    if(isset($_POST['submit'])) :
    // Username and password sent from signup form
    // First we remove all HTML-tags and PHP-tags, then we create a sha1-hash
    $user = strip_tags($_POST['user']);
    $pass = sha1(strip_tags($_POST['pass']));
    // Make the query a wee-bit safer
    $query = sprintf("SELECT tableID FROM table WHERE username = '$user' AND password = '$pass' LIMIT 1;", mysql_real_escape_string($user), mysql_real_escape_string($pass));
    $result = mysql_query($query);
    if(1 != mysql_num_rows($result)) :
    // MySQL returned zero rows (or there's something wrong with the query)
    header('Location: index.php?msg=login_failed'); // return to this page if it doesn't find a match in the database
    else :
    // We found the row that we were looking for
    $row = mysql_fetch_assoc($result);
    // Register the user ID for further use
    $_SESSION['sessionID'] = $row['staffID']; // registers session with staffID

    header('Location: sessionOnly.php'); // goes to this page if match is found
    endif;
    endif;
    ?>

    Now add this to the top of every page where users can only access if logged in

    session_start();
    include 'db.php'; // again this is the connection to the database file
    if(!session_is_registered('staffID')) :
    header('Location: login.php?msg=requires_login'); // goes to this page if not logged in
    endif;

    Hope this helps


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •