problems with sessions and login system.
Posted: Thu Jun 11, 2009 6:55 pm
Hi,
I'm learning PHP through the book 'PHP and MySQL Web Development' and im a bit stuck with a basic log in system. the url is here...http://www.eslgroups.com/authmain.php
The system works like this:
The user enters a password (which is a set password and username), once this is entered correctly the user is then presented with options, 1. to log out, 2. to go to a 'members page'.
This is where my problems start.
If i click on the 'log out' button (after i've logged in) i'm told that I wasn't logged in. Also after I've logged in and click on the 'members only page ' again, I'm told I cant see the members page because I'm not logged in.
I have a feeling its something to do with the session, but im new to PHP and MySQL so not to sure.
I have posted the code below.
This is the code for the 'home page' (authmain.php).
This is the log out code
and finally..this is the 'mambers only page'
The userid and password is userid: testuser password: password
Thanks for any help..
Ben.
I'm learning PHP through the book 'PHP and MySQL Web Development' and im a bit stuck with a basic log in system. the url is here...http://www.eslgroups.com/authmain.php
The system works like this:
The user enters a password (which is a set password and username), once this is entered correctly the user is then presented with options, 1. to log out, 2. to go to a 'members page'.
This is where my problems start.
If i click on the 'log out' button (after i've logged in) i'm told that I wasn't logged in. Also after I've logged in and click on the 'members only page ' again, I'm told I cant see the members page because I'm not logged in.
I have a feeling its something to do with the session, but im new to PHP and MySQL so not to sure.
I have posted the code below.
This is the code for the 'home page' (authmain.php).
Code: Select all
<?php
session_start();
if (isset($_POST['userid']) && isset($_POST['password'])) {
//if the user has just tried to log in
$userid = $_POST['userid'];
$password = $_POST['password'];
$db_conn = new mysqli ('myserver.com', 'username', 'password', 'databasename');
if (mysqli_connect_errno()) {
echo 'connection to database failed: '.mysqli_connect_error();
exit();
}
$query = 'select * from authorised_users '
."where name = '$userid' "
." and password=sha1('$password')";
$result = $db_conn->query($query);
if ($result ->num_rows) {
//if they are in the database register the user id;
$_SESSION['valid_user'] = $userid;
}
$db_conn -> close();
}
?>
<html>
<body>
<h1> Home Page</h1>
<?php
if (isset($_SESSION['valid_user'])) {
echo 'you are logged in as: '.$_SESSION['valid_user'].'<br />';
echo '<a href="logout.php">Log Out</a><br />';
} else {
if (isset($userid)) {
//if they've tried to log in and failed;
echo 'Could not log you in. <br />';
}else{
//they have not tried to log in yet or have logged out;
echo 'You are not loggin in.<br />';
}
//provide form to log in;
echo '<form method = "post" action ="authmain.php">';
echo '<table>';
echo '<tr><td>userid:</td>';
echo '<td><input type="text" name="userid"></td></tr>';
echo '<tr><td>Password:</td>';
echo '<td><input type="password" name="password"></td></tr>';
echo '<tr><td colspan="2" align="center">';
echo '<input type="submit" value="Log in"></td></tr>';
echo '</table></form>';
}
?>
<br />
<a href="members_only.php">Members section</a>
</body>
</html>
</body>
</html>
This is the log out code
Code: Select all
<?php
session_start();
//store to test if they *were* logged in
$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']);
session_destroy();
?>
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_user)) {
echo 'logged out. <br />';
} else {
//if they weren't logged in but came to this page somehow
echo 'You were not logged in so you were not logged out. <br />';
}
?>
<a href="authmain.php">back to main pages</a>
</body>
</html>
Code: Select all
<?php
session_start();
echo '<h1>Members Only</h1>';
//check session variables;
if (isset($_SESSION['valid_user'])) {
echo 'You are logged in as '.$_SESSION['valid_user'].'</p>';
echo 'Members only content goes here </p>';
} else {
echo 'You are not logged in.</p>';
echo '<p>Only logged in members may see this page</p>';
}
echo '<a href="authmain.php">Back to main pages </a>';
?>
Thanks for any help..
Ben.