Make function to check login status using session in php

PHP
1

i want to make toefl test. so there will be a login button. when someone login in, then the login button will be logout button. but when i login in, the login button was not changed. please help me

function to check login status (i save this function in lib_function.php):

    <?php session_start(); ?>

    <?php 
     function check_login(){
        $hasil = 0;

        if (isset($_SESSION['email'])) {
        $mail = $_SESSION['email'];
        }
        if (isset($_SESSION['pass'])) {
        $pass = $_SESSION['pass'];
        }

        if (!empty($mail) and !empty($pass)){
            $hasil = 1;
        }

        return $hasil;
      }
     ?>

index.php

    <?php session_start();
    require_once("connection.php");
    ?>
    <?php include("lib_function.php"); ?>

    <--header-->

       <?php 
                $check = check_login();

                if ($check == 1){
                  echo "<a href=\"login.php\">Login</a> <strong class=\"hover\">";
                }else{
                  echo "<a href=\"logout.php\">Logout</a> <strong class=\"hover\">";
                }
              ?>

this is my login process:

    <?php 
    session_start();

        require_once("connection.php");

        $email = $_POST['email'];
        $password = $_POST['password'];

        $cekuser = mysql_query("SELECT * FROM user WHERE email = '$email'");
        $jumlah = mysql_num_rows($cekuser);
        $hasil = mysql_fetch_array($cekuser);

        if($jumlah == 0) {
            echo "<script>alert('Email has registered!'); window.location = 'index.php'</script>";
        } else {
            if($pass > $hasil['password']) {
            echo "<script>alert('Wrong password!'); window.location = 'index.php'</script>";
            } else {
            $_SESSION['email'] = $hasil['email'];
            header('location:index.php');
            }
        }
    ?>
2

Hi there @endone Have you searched Google for login scripts? There are plenty out there and could save you reinventing the wheel.

In any even, you should not be using the mysql_ extensions as they do not exist in the latest version of PHP. You need to be using mysqli_ or better still PDO.

3

Your check_login() function looks to see if the session variables called email and pass are set, but your login script only sets email and doesn’t set pass. I wouldn’t think it was a good idea to store the user password in your session variables, but that’s another issue - presumably before you allow the logged in users to do anything serious you also check that the email and password in the session variables are correct, not just assume that because they’re in $_SESSION they must have come from your login code.

Your code also has an interesting way of checking whether the password is invalid:

if($pass > $hasil['password']) {

which seems to suggest that if the user enters a password that is alphabetically lower than, or equal to the one stored, it will log them in. I suspect it only allows you to login because when you get the data from the $_POST array, you assign the password to $password, but then use $pass in the comparison and as that variable doesn’t exist, it will always be “lower” than the value in the database.

$password = $_POST['password'];

And, as @Gandalf said above, you need to look at switching to mysqli or PDO functions to access the database, gradually converting if this is a large existing codebase, or before you spend any more time on it if it’s new code.

4

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.