Staying logged in with PHP login

Hi, I’m currently working on an image hosting site. I want users to be able to be logged in to enhance certain things. I’m a little new to writing PHP, and I’m having a problem.

http://trollin.info/ - if you try to make an account, you’ll find that it all works but when you log in and refresh the page you’re logged out again.

Here’s the code for my login on index.php:

<?
/*Use of Sessions*/
if(!session_id())
session_start();

header("Cache-control: private"); //avoid an IE6 bug (keep this line on top of the page)

$login='<form method="post" action="index.php" >
Login:<br />
<input type="text" name="login" /><br />
Password:<br />
<input type="password" name="pass" /><br />
<input type="submit" value="Sign in" /><br />
</form>
<a href="signup.html">Sign up</a>';

/*simple checking of the data*/
if(isset($_POST['login']) && isset($_POST['pass']))
{

/*Connection to database logindb using your login name and password*/
$db=mysql_connect('localhost','loginuser','loginpass') or die(mysql_error());
mysql_select_db('logindb');

/*additional data checking and striping*/
$_POST['login']=mysql_real_escape_string(strip_tags(trim($_POST['login'])));
$_POST['pass']=mysql_real_escape_string(strip_tags(trim($_POST['pass'])));

$q=mysql_query("SELECT * FROM login WHERE login='{$_POST['login']}' AND pass='{$_POST['pass']}'",$db) or die(mysql_error());

/*If there is a matching row*/
if(mysql_num_rows($q) > 0)
{
    $_SESSION['login'] = $_POST['login'];
    $login='Welcome back '.$_SESSION['login'];
}
else
{
    $login= 'Incorrect username or password';
}

mysql_close($db);

}

//you may echo the data anywhere in the file
echo $login;

?>

I did use a tutorial for it. I need help with two things:

  1. Staying online after a refresh.

  2. A logout button.

Thanks!

you cant use “session_id()” to validate a user, since it is about the actual session instance, not the values within the session.

Its only used to identify the client on the server.

You need to look at the values stored in your session variables.

Try this on a new .php page, where you want the user to be logged in to see the contents.


session_start();
if(!isset($_SESSION['login']))
{
   header('location: login.php');
}

echo "you're logged in, and have access to this";

the logout part could be done like this:
have a form with a submit button:


<form method="post" action="logout.php">
<input type="submit" name="logout" value="logout">
</form>

the logout page have this code:


session_start();
if(isset($_POST['logout']))
{
   session_destroy();
   header('location:index.php');
}

an alternative could be to use querystring instead:
or have a simple link:


<a href="logout.php?logout=true">Logout</a>

the logout page have this code:


session_start();
if(isset($_GET['logout']))
{
   session_destroy();
   header('location:index.php');
}

session_destroy() removes everything from the session.

I am already using the following:

if(!session_id())
session_start();

I read the linked article, but it didn’t tell me what I need to change to make it work. :shifty:

I managed to manipulate your code, zalucius, and got it working perfect. Cheers!

Its all about the Sessions…