I have a login form, when the user input his correct username and password he will go to the machine1 and in the machine1 theres a logout hyperlink. My problem is when the user already logout and he type in the url http://localhost/machine1/machine1.php he can view the machine1 which is wrong because he is already logout. I want is if the user did not login he cannot view the machine1.
All I mean is when the user tried to go in machine1 even he is not already login, instead of locating him in machine1 he will locate to the index.php which is the login form. and when the user is already login he cannot go back to the index.php because he is already login.
I have no idea regarding the code to solve this kind of problem.
here is my index.php or login form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 h2 strong {
color: #06F;
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
#form1 p label {
color: #009;
}
</style>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<h2><strong> LOGIN FORM</strong></h2>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string(sha1($password));
mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
and here is my code for machine1
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<form name="machine1" action="machine1.php" method="post">
<p>
<?php
session_start();
$sort = "ASC";
$data_sort = "Emp_ID";
if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "DESC";
}
else{
$sort = "ASC";
}
}
if (isset($_GET['field_name'])) {
if($_GET['field_name'] == 'Emp_ID'){
$data_sort = "Emp_ID";
}
elseif($_GET['field_name'] == 'Last_Name'){
$data_sort = "Last_Name";
}
elseif($_GET['field_name'] == 'First_Name'){
$data_sort = "First_Name";
}
elseif($_GET['field_name'] == 'Birthday'){
$data_sort = "Birthday";
}
}
?>
<a href="logout.php">Log out</a> </p>
<table border="1">
<tr>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Emp_ID">Emp ID</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Last_Name">Last Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=First_Name">First Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Birthday">Birthday</a></td>
<td>Option</td>
</tr>
<?php
include 'connection.php';
if (isset($_GET['pageno'])) {
$pageno = $_GET['pageno'];
} else {
$pageno = 1;
}
$query = "SELECT count(*) FROM tbl_machine1";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
$query_data = mysql_fetch_row($result);
$numrows = $query_data[0];
$rows_per_page = 5;
$lastpage = ceil($numrows/$rows_per_page);
$pageno = (int)$pageno;
if ($pageno > $lastpage) {
$pageno = $lastpage;
}
if ($pageno < 1) {
$pageno = 1;
}
$limit = 'LIMIT ' .($pageno - 1) * $rows_per_page .',' .$rows_per_page;
$query = "SELECT * FROM tbl_machine1 ORDER BY $data_sort $sort $limit";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
while($info = mysql_fetch_array( $result ))
{
$emp_id = $info['Emp_ID'];
$lname = $info['Last_Name'];
$fname = $info['First_Name'];
$bday = $info['Birthday'];
$date = date('d-m-Y', strtotime($bday));
?>
<tr>
<td><?php echo $emp_id;?> </td>
<td><?php echo $lname;?> </td>
<td><?php echo $fname;?> </td>
<td><?php echo $date;?> </td>
<td><a href = 'edit.php?id=<?php echo $emp_id; ?>'>Edit</a> <a href='delete.php?id=<?php echo $emp_id; ?>' onClick="return confirm('Are you sure you want to delete?')">Delete</a></td>
</tr>
<?php
}
?>
</table>
<A HREF="javascript:void(0)" onClick="window.open('add.php','welcome','width=300,height=200')">
<input type="button" name="add" value="ADD"> </A>
<?php
if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "ASC";
}
else{
$sort = "DESC";
}
}
if ($pageno == 1) {
echo " FIRST PREV ";
} else {
?>
<a href="machine1.php?pageno=1&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">FIRST</a>
<?php
$prevpage = $pageno-1;
?>
<a href="machine1.php?pageno=<?php echo $prevpage;?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">PREV</a>
<?php
}
echo " ( Page $pageno of $lastpage ) ";
if ($pageno == $lastpage) {
echo " NEXT LAST ";
} else {
$nextpage = $pageno+1;
?>
<a href="machine1.php?pageno=<?php echo $nextpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">NEXT</a>
<a href="machine1.php?pageno=<?php echo $lastpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">LAST</a>
<?php
}
?>
</body>
</html>
and this my code for my logout:
<?php
session_start();
session_destroy();
header ("Location: index.php");
?>
I really need to solved it and I hope somebody can help me.
Don’t you get an error on that header in index.php?
And you should create a session variable in index.php that indicates the user is logged in, and you should check for that session variable in machine1.php, and redirect to index.php if the user isn’t logged in.
In your login page:
if($count==1){
$_SESSION['logged_in'] = true;
header("location:machine1.php");
}
In your machine1, at the very top of the page:
<?php
session_start(); // remove this from later in the page
if(empty($_SESSION['logged_in'])) {
header('Location: http://yourwebsite/index.php');
die();
}
?>
<!DOCTYPE HTML>
<html>
<!-- rest of page -->
I tried the code that you suggested so my code goes like this:
index.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 h2 strong {
color: #06F;
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
#form1 p label {
color: #009;
}
</style>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<h2><strong> LOGIN FORM</strong></h2>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
include 'connection.php';
/*if($numofrows==1){
session_register("username");
header("location:machine1.php");
}*/
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string(sha1($password));
mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION['logged_in'] = true;
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
and my mahine1.php
<?php
session_start(); // remove this from later in the page
if(empty($_SESSION['logged_in'])) {
header('Location:index.php');
die();
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<form name="machine1" action="machine1.php" method="post">
<p>
<?php
/*if(!isset($_SESSION['username'])){
header("location:index.php");
}
else{*/
$sort = "ASC";
$data_sort = "Emp_ID";
if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "DESC";
}
else{
$sort = "ASC";
}
}
if (isset($_GET['field_name'])) {
if($_GET['field_name'] == 'Emp_ID'){
$data_sort = "Emp_ID";
}
elseif($_GET['field_name'] == 'Last_Name'){
$data_sort = "Last_Name";
}
elseif($_GET['field_name'] == 'First_Name'){
$data_sort = "First_Name";
}
elseif($_GET['field_name'] == 'Birthday'){
$data_sort = "Birthday";
}
}
?>
<a href="logout.php">Log out</a> </p>
<table border="1">
<tr>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Emp_ID">Emp ID</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Last_Name">Last Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=First_Name">First Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Birthday">Birthday</a></td>
<td>Option</td>
</tr>
<?php
include 'connection.php';
if (isset($_GET['pageno'])) {
$pageno = $_GET['pageno'];
} else {
$pageno = 1;
}
$query = "SELECT count(*) FROM tbl_machine1";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
$query_data = mysql_fetch_row($result);
$numrows = $query_data[0];
$rows_per_page = 5;
$lastpage = ceil($numrows/$rows_per_page);
$pageno = (int)$pageno;
if ($pageno > $lastpage) {
$pageno = $lastpage;
}
if ($pageno < 1) {
$pageno = 1;
}
$limit = 'LIMIT ' .($pageno - 1) * $rows_per_page .',' .$rows_per_page;
$query = "SELECT * FROM tbl_machine1 ORDER BY $data_sort $sort $limit";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
while($info = mysql_fetch_array( $result ))
{
$emp_id = $info['Emp_ID'];
$lname = $info['Last_Name'];
$fname = $info['First_Name'];
$bday = $info['Birthday'];
$date = date('d-m-Y', strtotime($bday));
?>
<tr>
<td><?php echo $emp_id;?> </td>
<td><?php echo $lname;?> </td>
<td><?php echo $fname;?> </td>
<td><?php echo $date;?> </td>
<td><a href = 'edit.php?id=<?php echo $emp_id; ?>'>Edit</a> <a href='delete.php?id=<?php echo $emp_id; ?>' onClick="return confirm('Are you sure you want to delete?')">Delete</a></td>
</tr>
<?php
}
?>
</table>
<A HREF="javascript:void(0)" onClick="window.open('add.php','welcome','width=300,height=200')">
<input type="button" name="add" value="ADD"> </A>
<?php
if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "ASC";
}
else{
$sort = "DESC";
}
}
if ($pageno == 1) {
echo " FIRST PREV ";
} else {
?>
<a href="machine1.php?pageno=1&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">FIRST</a>
<?php
$prevpage = $pageno-1;
?>
<a href="machine1.php?pageno=<?php echo $prevpage;?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">PREV</a>
<?php
}
echo " ( Page $pageno of $lastpage ) ";
if ($pageno == $lastpage) {
echo " NEXT LAST ";
} else {
$nextpage = $pageno+1;
?>
<a href="machine1.php?pageno=<?php echo $nextpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">NEXT</a>
<a href="machine1.php?pageno=<?php echo $lastpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">LAST</a>
<?php
}
//}
?>
</body>
</html>
and when I run my index.php and I try to login I cannot login nothing happened.
If you study a little bit how Immerse’s solution works, you can implement it the other way around as well
I resolved it by adding session_start();
if($count==1){
session_start();
$_SESSION['logged_in'] = true;
header("location:machine1.php");
}
my problem now is when I login, so I am in machine.php and when I change my url from http://localhost/machine1.php to http://localhost/index.php I go back to index.php which is wrong because I already login I can only go back to index.php if I click the logout.
Thank you
is it like this???
<?php
session_start(); // remove this from later in the page
if(empty($_SESSION['logged_in'])) {
header('Location: http://yourwebsite/index.php');
die();
}
else{
header('Location:http://localhost/machine1.php')
}
?>
or I should put at the last page of my code a
rhodarose:
is it like this???
No, not quite.
You’ll have to add some code to the top of index.php (similar to the code you added to machine1.php) :
<?php
session_start(); // remove this from later in the page
if ($_SESSION['logged_in']) {
header('Location: http://yourwebsite/machine1.php');
die();
}
?>
This will redirect the user to machine1.php if he’s already logged in.
guido2004:
No, not quite.
You’ll have to add some code to the top of index.php (similar to the code you added to machine1.php) :
<?php
session_start(); // remove this from later in the page
if ($_SESSION['logged_in']) {
header('Location: http://yourwebsite/machine1.php');
die();
}
?>
This will redirect the user to machine1.php if he’s already logged in.
I tried this code as you said i put the code you told at the top of my index.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 h2 strong {
color: #06F;
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
#form1 p label {
color: #009;
}
</style>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<h2><strong> LOGIN FORM</strong></h2>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<?php
session_start(); // remove this from later in the page
if ($_SESSION['logged_in']) {
header('Location:machine1.php');
die();
}
include 'connection.php';
/*if($numofrows==1){
session_register("username");
header("location:machine1.php");
}*/
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string(sha1($password));
mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");
$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
//session_start();
$_SESSION['logged_in'] = true;
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
</form>
</body>
</html>
I got this notice:
First of all, that is not ‘at the top’, that is ‘in the middle’…
And I forgot the isset():
if (isset($_SESSION['logged_in'])) {
This way it checks if the session variable exists. If it exists, the user is logged in, and must be redirected.
As Guido says, session_start() has to be at the very top of the page, before anything else:
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
...
