I'm learning PHP through the book 'PHP and MySQL Web Development' and im a bit stuck with a basic log in system. the url is here...http://www.eslgroups.com/authmain.php
The system works like this:
The user enters a password (which is a set password and username), once this is entered correctly the user is then presented with options, 1. to log out, 2. to go to a 'members page'.
This is where my problems start.
If i click on the 'log out' button (after i've logged in) i'm told that I wasn't logged in. Also after I've logged in and click on the 'members only page ' again, I'm told I cant see the members page because I'm not logged in.
I have a feeling its something to do with the session, but im new to PHP and MySQL so not to sure.
I have posted the code below.
This is the code for the 'home page' (authmain.php).
Code: Select all
<?php
session_start();
if (isset($_POST['userid']) && isset($_POST['password'])) {
//if the user has just tried to log in
$userid = $_POST['userid'];
$password = $_POST['password'];
$db_conn = new mysqli ('myserver.com', 'username', 'password', 'databasename');
if (mysqli_connect_errno()) {
echo 'connection to database failed: '.mysqli_connect_error();
exit();
}
$query = 'select * from authorised_users '
."where name = '$userid' "
." and password=sha1('$password')";
$result = $db_conn->query($query);
if ($result ->num_rows) {
//if they are in the database register the user id;
$_SESSION['valid_user'] = $userid;
}
$db_conn -> close();
}
?>
<html>
<body>
<h1> Home Page</h1>
<?php
if (isset($_SESSION['valid_user'])) {
echo 'you are logged in as: '.$_SESSION['valid_user'].'<br />';
echo '<a href="logout.php">Log Out</a><br />';
} else {
if (isset($userid)) {
//if they've tried to log in and failed;
echo 'Could not log you in. <br />';
}else{
//they have not tried to log in yet or have logged out;
echo 'You are not loggin in.<br />';
}
//provide form to log in;
echo '<form method = "post" action ="authmain.php">';
echo '<table>';
echo '<tr><td>userid:</td>';
echo '<td><input type="text" name="userid"></td></tr>';
echo '<tr><td>Password:</td>';
echo '<td><input type="password" name="password"></td></tr>';
echo '<tr><td colspan="2" align="center">';
echo '<input type="submit" value="Log in"></td></tr>';
echo '</table></form>';
}
?>
<br />
<a href="members_only.php">Members section</a>
</body>
</html>
</body>
</html>
This is the log out code
Code: Select all
<?php
session_start();
//store to test if they *were* logged in
$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']);
session_destroy();
?>
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_user)) {
echo 'logged out. <br />';
} else {
//if they weren't logged in but came to this page somehow
echo 'You were not logged in so you were not logged out. <br />';
}
?>
<a href="authmain.php">back to main pages</a>
</body>
</html>
Code: Select all
<?php
session_start();
echo '<h1>Members Only</h1>';
//check session variables;
if (isset($_SESSION['valid_user'])) {
echo 'You are logged in as '.$_SESSION['valid_user'].'</p>';
echo 'Members only content goes here </p>';
} else {
echo 'You are not logged in.</p>';
echo '<p>Only logged in members may see this page</p>';
}
echo '<a href="authmain.php">Back to main pages </a>';
?>
Thanks for any help..
Ben.