Problem in login session

Good day!

I created a webpage and it has a login page…I want that if the user was already login and she accidentally press the back button if the login page was view again she could not login again because she was already login…

I try to use session but i think it does not work. I have no idea on what code should i need to fix my problem.

here is my code:


<?php  
session_start(); 
//require_once 'conn.php';  
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Engineering') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Finishing_Goods') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='HRAD') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='MIS') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Packaging_and_Design') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Production') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Purchasing_Logistic') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='QA_and_Technical') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Supply_Chain') { 
                header('location:Company.php'); 
            } 
            else {
				header('location:index.php');
				echo"Incorrect Username or Department"; 
				
	        	}  
	}
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>DSPI LOGIN</title>
<script> 
        function searchKeyPress(e) 
        { 
                // look for window.event in case event isn't passed in 
                if (window.event) { e = window.event; } 
                if (e.keyCode == 13) 
                { 
                        document.getElementById('submit').focus(); 
                } 
        } 
        </script>
<style type="text/css"> 
<!--
BODY { 
background-image: url(layout_image/bgroundv09.png);
background-attachment: fixed; 
} 
#Dept_Frame {
	position:absolute;
	width:229px;
	height:49px;
	z-index:1;
	left: 441px;
	top: 262px;
}
#Department_Option {
	position:absolute;
	width:186px;
	height:32px;
	z-index:2;
	left: 453px;
	top: 275px;
}
#Submit_Frame {
	position:absolute;
	width:82px;
	height:35px;
	z-index:3;
	left: 516px;
	top: 320px;
}
#Submit_Button {
	position:absolute;
	width:60px;
	height:29px;
	z-index:4;
	left: 524px;
	top: 328px;
}
#Username_ImageText {
	position:absolute;
	width:130px;
	height:55px;
	z-index:5;
	left: 319px;
	top: 208px;
}
#User_Frame {
	position:absolute;
	width:230px;
	height:46px;
	z-index:6;
	left: 441px;
	top: 216px;
}
#Username_Textbox {
	position:absolute;
	width:182px;
	height:23px;
	z-index:7;
	left: 455px;
	top: 228px;
}
--> 
</style>  
</head>
<body>
<form id="form1" name="form1" method="post" action="">
  <div id="Department_Option">
    <select name="department" onkeypress="searchKeyPress(event);">
      <option>Choose your Department. . . . . . </option>
      <option value="Accounting" <?php if($_POST['department'] == 'Accounting') echo "selected='selected'"; ?>>Accounting</option>
      <option value="Engineering" <?php if($_POST['department'] == 'Engineering') echo "selected='selected'"; ?>>Engineering</option>
      <option value="Finishing_Goods" <?php if($_POST['department'] == 'Finishing_Goods') echo "selected='selected'"; ?>>Finishing Goods</option>
      <option value="HRAD" <?php if($_POST['department'] == 'HRAD') echo "selected='selected'"; ?>>HRAD</option>
      <option value="MIS" <?php if($_POST['department'] == 'MIS') echo "selected='selected'"; ?>>MIS</option>
      <option value="Packaging_and_Design" <?php if($_POST['department'] == 'Packaging_and_Design') echo "selected='selected'"; ?>>Packaging and Design</option>
      <option value="Production" <?php if($_POST['department'] == 'Production') echo "selected='selected'"; ?>>Production</option>
      <option value="Purchasing_Logistic" <?php if($_POST['department'] == 'Purchasing_Logistic') echo "selected='selected'"; ?>>Purchasing and Logistics</option>
      <option value="QA_and_Technical" <?php if($_POST['department'] == 'QA_and_Technical') echo "selected='selected'"; ?>>QA and Technical</option>
      <option value="Supply_Chain" <?php if($_POST['department'] == 'Supply_Chain') echo "selected='selected'"; ?>>Supply Chain</option>
    </select>
  </div>
  <div id="Submit_Button">
    <input type="Submit" name="submit" value="Submit" id="submit" onclick="doSomething();"/>
  </div>
  <div id="Dept_Frame"><img src="layout_image/subframev02.png" width="229" height="50" /></div>
  <div id="Submit_Frame"><img src="layout_image/subframev02.png" width="80" height="46" /></div>

<div id="Username_ImageText"><img src="layout_image/userv01.png" width="131" height="62" /></div>
<div id="User_Frame"><img src="layout_image/subframev02.png" width="229" height="50" /></div>
<div id="Username_Textbox">
  <input name="username" type="text" size="30" />
</div>
</form>
</body>
</html>

No, cause i don’t know what should i put on my company page.

All I added to this script was


if (mysql_num_rows($r)>0) {
  $_SESSION['username'] = $username;
  $_SESSION['department'] = $department;
}

and it surely doesn’t cause the blank page :slight_smile:

Did you change the Company.php script as well?

You put it in the wrong place :slight_smile:
Try this


<?php  
session_start(); 

//require_once 'conn.php';  
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1) { 
            $row = mysql_fetch_assoc($sql);  


            if (mysql_num_rows($r)>0) { 
              $_SESSION['username'] = $username; 
              $_SESSION['department'] = $department;
            }

            if($row['Department']=='Accounting') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Engineering') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Finishing_Goods') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='HRAD') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='MIS') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Packaging_and_Design') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Production') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Purchasing_Logistic') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='QA_and_Technical') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Supply_Chain') { 
                header('location:Company.php'); 
            } 
            else {
                header('location:index.php');
                echo"Incorrect Username or Department"; 
              
                }  
    }
?>

Instead of a session variable with value 1, I created 2 with username and department. That way in the Company.php script you’ll be able to tell what user and department you’re working with.

Good day!

I try to code you suggested, i put the code on the top of my webpage like this:


<?php  
session_start(); 

if(mysql_num_rows($r)>0) 
{ 
session_start(); 
$_SESSION['auth']=1; 
}

//require_once 'conn.php';  
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Engineering') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Finishing_Goods') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='HRAD') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='MIS') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Packaging_and_Design') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Production') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Purchasing_Logistic') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='QA_and_Technical') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Supply_Chain') { 
                header('location:Company.php'); 
            } 
            else {
				header('location:index.php');
				echo"Incorrect Username or Department"; 
				
	        	}  
	}
?> 

and i encountered error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\xampp\htdocs\DSPI Intranet\index.php on line 3

i think the error was appear because i use the mysql_num_rows before i connect to the sql…?I am right???

How can i resolve this error?

Is it possible to manipulate the session value in order to bypass such restriction?

When the user logs in, set a session variable to some value.

On the login page, check for the existence and value of the session variable. If the session variable exists and has the correct value that means the user is already logged in and you can then disable the “login” button or hide the whole login form.

Thank you for the suggested code. I try the code and the output is a blank webpage.

Where in this code do you check if the user is already logged in?

One thing i noticed in your code that can be A LOT shorter is your if statement, this can be done with a simple array…

if ($ct == 1){
    $row = mysql_fetch_assoc($sql);  
    
    $Departments = array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain');
    
    if (in_array($row['Department'], $Departments)){
        header('Location: Company.php');
    } else {
        header('Location: index.php');
        echo "Incorrect Username or Department";
    }
}

Set a variable in login_check page.


if(mysql_num_rows($r)>0)
{
session_start();
$_SESSION['auth']=1;
}

Now on top of home page


session_start();
if($_SESSION['auth']!=1){header("Location:login.php");exit();}

That is the check when a user logs in. But if you don’t want them to login twice, on top of that script (after session_start) you have to check if the user is already logged in, and act accordingly if he is.
Read Kalon’s response, he describes how you should do that.

if the Username is equal to $username and the Department=$department they are successfully login

Try to understand the logic of it all. The ‘login check’, or ‘login page’ is the page where the user logs in: in your case it is your index page.
In all the other pages you’ll have to check if the user is logged in.

I have no login check and homepage, i only have index page which is the login form include and the after the user logs she go to the page which is the company page, so i don’t know where i can add the could you suggested…
Thank you