I want my website to hide login/Register text after a user successfully logins, I have no idea how to do that. which code do i need to add in my index.php or login.php for this to work.Here is my login.php`<?php include('server.php') ?>
You need to surround the whole form with an if() clause to see whether it should be displayed. At this point in the code, how do you know whether the user is logged in order not, is it a session variable? If it is, just check it exists and that it is set to the value you expect for a logged-in user. If it is not, display the form.
that did nothing! but <div class="divname" <?php if(isset($_SESSION['success'])) {echo " style='display: none'"; } ?>> </div> did hide the login register text but didnt show logged in user and logout.
Show us the code you used, where you put it, how your session variables show that the user is logged in, and how you adapted my example code to suit that.
here is my server side php code. `<?php
session_start();
// variable declaration
$username = "";
$email = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'xxxxx', 'xxxxx', 'djboziah_database');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location:index.php');
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location:index.php');
echo $_SESSION['username'];
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
Your registration code has a serious security flaw. You should NOT automatically log in the user inside the registration code. You are unconditionally storing the submitted username in the session variable that indicates who is logged in. Anyone can submit an existing username, such as the username for an administrator to your site, and automatically be logged in as that user. Your code must enforce unique usernames (define the username column in your database table as a unique index, then test for a duplicate key error from the insert query) and you should require the visitor to go through the log in process in order to become logged in. You are also using md5() hashing. This was never intended to be used any security purposes. Use php’s password_hash() and password_verify().