Hide Login/Register after user logins

I want my website to hide login/Register text after a user successfully logins, I have no idea how to do that. which code do i need to add in my index.php or login.php for this to work.Here is my login.php`<?php include('server.php') ?>

Registration system PHP and MySQL
<div class="header">
	<h2>Login</h2>
</div>

<form method="post" action="login.php">

	<?php include('errors.php'); ?>

	<div class="input-group">
		<label>Username</label>
		<input type="text" name="username" >
	</div>
	<div class="input-group">
		<label>Password</label>
		<input type="password" name="password">
	</div>
	<div class="input-group">
		<button type="submit" class="btn" name="login_user">Login</button>
	</div>
	<p>
		Not yet a member? <a href="register.php">Sign up</a>
	</p>
</form>
`

You need to surround the whole form with an if() clause to see whether it should be displayed. At this point in the code, how do you know whether the user is logged in order not, is it a session variable? If it is, just check it exists and that it is set to the value you expect for a logged-in user. If it is not, display the form.

when a user logs in its displays the username and logout. What i want is the login register text to be hidden but other text to remain displayed.

Yes it is a session variable!

OK, before the start of the form code, put something like

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "Y") { 
  // here, the code you have to "display the username and logout"
}
else {

and then your login form code, and not forgetting a closing } after the form.

You’ll obviously have to edit the opening if to match however you’re storing the session information.

that did nothing! but <div class="divname" <?php if(isset($_SESSION['success'])) {echo " style='display: none'"; } ?>> </div> did hide the login register text but didnt show logged in user and logout.

Show us the code you used, where you put it, how your session variables show that the user is logged in, and how you adapted my example code to suit that.

here is my server side php code. `<?php
session_start();

// variable declaration
$username = "";
$email    = "";
$errors = array(); 
$_SESSION['success'] = "";

// connect to database
$db = mysqli_connect('localhost', 'xxxxx', 'xxxxx', 'djboziah_database');

// REGISTER USER
if (isset($_POST['reg_user'])) {
	// receive all input values from the form
	$username = mysqli_real_escape_string($db, $_POST['username']);
	$email = mysqli_real_escape_string($db, $_POST['email']);
	$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
	$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

	// form validation: ensure that the form is correctly filled
	if (empty($username)) { array_push($errors, "Username is required"); }
	if (empty($email)) { array_push($errors, "Email is required"); }
	if (empty($password_1)) { array_push($errors, "Password is required"); }

	if ($password_1 != $password_2) {
		array_push($errors, "The two passwords do not match");
	}

	// register user if there are no errors in the form
	if (count($errors) == 0) {
		$password = md5($password_1);//encrypt the password before saving in the database
		$query = "INSERT INTO users (username, email, password) 
				  VALUES('$username', '$email', '$password')";
		mysqli_query($db, $query);

		$_SESSION['username'] = $username;
		$_SESSION['success'] = "You are now logged in";
		header('location:index.php');
	}

}

// ... 

// LOGIN USER
if (isset($_POST['login_user'])) {
	$username = mysqli_real_escape_string($db, $_POST['username']);
	$password = mysqli_real_escape_string($db, $_POST['password']);

	if (empty($username)) {
		array_push($errors, "Username is required");
	}
	if (empty($password)) {
		array_push($errors, "Password is required");
	}

	if (count($errors) == 0) {
		$password = md5($password);
		$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
		$results = mysqli_query($db, $query);

		if (mysqli_num_rows($results) == 1) {
			$_SESSION['username'] = $username;
			$_SESSION['success'] = "You are now logged in";
			header('location:index.php');
			echo $_SESSION['username'];
			
			
		}else {
			array_push($errors, "Wrong username/password combination");
		}
	}
}

?>`

i included the above server side php on all pages. Here is the login.php`<?php include('server.php') ?>

Login to Play Kenyan Music
<div class="header">
	<h2>Login</h2>
</div>
if (isset($_SESSION['success']) && $_SESSION['success'] == "Y") { 

// here, the code you have to “display the username and logout”
}
else {

	<?php include('errors.php'); ?>

	<div class="input-group">
		<label>Username</label>
		<input type="text" name="username" >
	</div>
	<div class="input-group">
		<label>Password</label>
		<input type="password" name="password">
	</div>
	<div class="input-group">
		<button type="submit" class="btn" name="login_user">Login</button>
	</div>
	<p>
		Not yet a member? <a href="register.php">Sign up</a>
	</p>
</form>
`

Your registration code has a serious security flaw. You should NOT automatically log in the user inside the registration code. You are unconditionally storing the submitted username in the session variable that indicates who is logged in. Anyone can submit an existing username, such as the username for an administrator to your site, and automatically be logged in as that user. Your code must enforce unique usernames (define the username column in your database table as a unique index, then test for a duplicate key error from the insert query) and you should require the visitor to go through the log in process in order to become logged in. You are also using md5() hashing. This was never intended to be used any security purposes. Use php’s password_hash() and password_verify().

Do you see a difference between my example code:

if (isset($_SESSION['success']) && $_SESSION['success'] == "Y") { 

and your session code when someone logs in:

$_SESSION['success'] = "You are now logged in";

That variable will never be set to “Y”, so it’s no wonder it doesn’t do what you want.

You also don’t seem to have inserted any code to display the currently logged-in username. You said you have that code somewhere.

@mabismad i am a beginner in php, can you point to where the user is logged in automatically? i changed the hashing to password_hash

This has been resolved.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.