problems with sessions and login system.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Benjipie
Forum Newbie
Posts: 11
Joined: Sun Dec 07, 2008 7:04 am

problems with sessions and login system.

Post by Benjipie »

Hi,
I'm learning PHP through the book 'PHP and MySQL Web Development' and im a bit stuck with a basic log in system. the url is here...http://www.eslgroups.com/authmain.php

The system works like this:
The user enters a password (which is a set password and username), once this is entered correctly the user is then presented with options, 1. to log out, 2. to go to a 'members page'.

This is where my problems start.
If i click on the 'log out' button (after i've logged in) i'm told that I wasn't logged in. Also after I've logged in and click on the 'members only page ' again, I'm told I cant see the members page because I'm not logged in.

I have a feeling its something to do with the session, but im new to PHP and MySQL so not to sure.

I have posted the code below.

This is the code for the 'home page' (authmain.php).

Code: Select all

 
<?php
session_start();
 
if (isset($_POST['userid']) && isset($_POST['password'])) {
    //if the user has just tried to log in
    $userid = $_POST['userid'];
    $password = $_POST['password'];
    
    $db_conn = new mysqli ('myserver.com', 'username', 'password', 'databasename');
    
    if (mysqli_connect_errno()) {
        echo 'connection to database failed: '.mysqli_connect_error();
        exit();
    }
    
    $query = 'select * from authorised_users '
              ."where name = '$userid' "
              ." and password=sha1('$password')";
    
    $result  = $db_conn->query($query);
    if ($result ->num_rows) {
        //if they are in the database register the user id;
        $_SESSION['valid_user'] = $userid;
    }
    $db_conn -> close();
}   
        
?>
 
<html>
<body>
<h1> Home Page</h1>
<?php
if (isset($_SESSION['valid_user'])) {
    echo 'you are logged in as: '.$_SESSION['valid_user'].'<br />';
    echo '<a href="logout.php">Log Out</a><br />';
} else {
    if (isset($userid)) {
        //if they've tried to log in and failed;
        echo 'Could not log you in. <br />';
    }else{
        //they have not tried to log in yet or have logged out;
        echo 'You are not loggin in.<br />';
    }
    
    //provide form to log in;
    echo '<form method = "post" action ="authmain.php">';
    echo '<table>';
    echo '<tr><td>userid:</td>';
    echo '<td><input type="text" name="userid"></td></tr>';
    echo '<tr><td>Password:</td>';
    echo '<td><input type="password" name="password"></td></tr>';
    echo '<tr><td colspan="2" align="center">';
    echo '<input type="submit" value="Log in"></td></tr>';
    echo '</table></form>';
}
?>
<br />
<a href="members_only.php">Members section</a>
</body>
</html>
    
 
</body>
</html>
 

This is the log out code

Code: Select all

 
<?php
session_start();
 
//store to test if they *were* logged in
 
$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']);
session_destroy();
?>
 
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_user)) {
    echo 'logged out. <br />';
} else {
    //if they weren't logged in but came to this page somehow
    echo 'You were not logged in so you were not logged out. <br />';
}
?>
<a href="authmain.php">back to main pages</a>
</body>
</html>
 
and finally..this is the 'mambers only page'

Code: Select all

 
<?php
session_start();
echo '<h1>Members Only</h1>';
 
//check session variables;
if (isset($_SESSION['valid_user'])) {
    echo 'You are logged in as '.$_SESSION['valid_user'].'</p>';
    echo 'Members only content goes here </p>';
} else {
    echo 'You are not logged in.</p>';
    echo '<p>Only logged in members may see this page</p>';
}
echo '<a href="authmain.php">Back to main pages </a>';
 
?>
 
The userid and password is userid: testuser password: password
Thanks for any help..
Ben.
Last edited by Benjamin on Thu Jun 11, 2009 7:23 pm, edited 1 time in total.
Reason: Changed code type from text to php.
invisibled
Forum Contributor
Posts: 112
Joined: Sun Apr 29, 2007 3:35 pm
Location: New Westminster

Re: problems with sessions and login system.

Post by invisibled »

i belive this if argument isnt correct, and so your session isnt getting set.

Code: Select all

 
 if ($result ->num_rows) {
         //if they are in the database register the user id;
         $_SESSION['valid_user'] = $userid;
    }
 
num_rows is a function so you need to give it somthing. This says "if the query returned 1 result" then return true.

Code: Select all

 
 if (mysql_num_rows($query) == 1) {
         //if they are in the database register the user id;
         $_SESSION['valid_user'] = $userid;
    }
 
Post Reply