Hi,
My below code is for logging a user in. Do you see any issues with it? How can it be improved or made more efficient?
Or is it correct? Thanks and appreciate any feedback!!!
Code at the top of php page…
<?php
session_start();
/***********************
declare variables
***********************/
$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['submit'];
// declare an empty error array
$error_message = array();
// if form submitted
if(isset($submit))
{
/*************************
Form Error Checking
*************************/
if(!$username || $username == "")
{
$error_message['username'] = 'Please Enter Username';
}
if(!$password || $password == "")
{
$error_message['password'] = 'Please Enter Password';
}
/*************************
End Form Checking
*************************/
/*********************************
If No Form Errors
*********************************/
if(count($error_message) == 0)
{
// include database connection
include('includes/db_connect.php');
// perform query
$query = "SELECT * FROM ".
"tnlname ".
"WHERE username= '$username' ".
"AND password= '$password'";
$result = mysql_query($query) or die(mysql_error());
$num_results = mysql_num_rows($result);
if ($num_results > 0)
{
// if they are in the database register the user
$HTTP_SESSION_VARS['valid_user'] = $username;
}// end if
} // end if count
}// end isset $submit
?>
And in the body…
<?php
if ((isset($submit)) && (count($error_message) == 0))
{
// check if session variable registered
if (isset($HTTP_SESSION_VARS['valid_user']))
{
$HTTP_SESSION_VARS['valid_user'] = $username;
echo '<p>You are logged in as: '.$HTTP_SESSION_VARS['valid_user'].'</p>';
session_register('valid_user');
echo '<br /><ul>'.
'<li><a href="fileupload.php">Upload File</a></li> '.
'</ul>';
echo '<a href="index.php">Return to Login Page</a></p>';
}
}
else {
echo '<p>Incorrect Username/Password<br />';
echo '<a href="index.php">Go Back</a></p>';
}
}
else
{
session_destroy();
?>
<form action="index.php" name="frm_login" id="frm_login" method="post">
<fieldset>
<legend>Login Form - Members Area</legend>
<p>
<?php if(isset($error_message['username'])) { echo $error_message['username']; }?>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if(isset($username)) { echo $username; } ?>" /></p>
<p>
<?php if(isset($error_message['password'])) { echo $error_message['password']; }?>
<label for="password">Password:</label>
<input type="password" name="password" id="password" value="<?php if(isset($password)) { echo $password; } ?>" /></p>
<p><input type="submit" name="submit" id="submit" class="btn" value="Login" /></p>
</fieldset>
</form>
<?php
}// end else
?>
</div>
Also in a subsequent page I am testing, on hitting the IE browser back button I get “Webpage has expired error”. Any ideas how to fix this?
// this code at top of page...
<?php
session_start();
?>
// this code in body...
<?php
// check if session variable registered
if (isset($HTTP_SESSION_VARS['valid_user']))
{
$username=$HTTP_SESSION_VARS['valid_user'];
echo '<p>You are logged in as: '.$HTTP_SESSION_VARS['valid_user'].'</p>';
session_register('valid_user');
echo '<p>Welcome</p>';
}
?>