Logged in if session exists and/or $_Post exists problem!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cygnus X-1
Forum Newbie
Posts: 2
Joined: Sun Aug 16, 2009 6:30 am

Logged in if session exists and/or $_Post exists problem!

Post by Cygnus X-1 »

Hi!, this is my first PHP project!
I hope someone can show me a good way to conquer my problem!

I'm creating a members area and on the left hand side of my page there is a login box visible on every page.
When the user logs in that box turns in to a control panel that gives a simple greeting and displays
a few links for members only. The problem is that when the user logs in obviously a session is started and the POST
variables are posted to the page but the login box doesnt change to the control panel.
The rest of the page does change however (i.e to the members area). It is only when i refresh the page that the log in box finally changes to the control panel.

heres my code:

Code: Select all

<?php
if (isset ($_SESSION['user_logged']) && $_SESSION['user_logged'] != "") {
 
?>
    <div id="loginset">
    <img src="images/left-members-logged.png" />
    <h3>Hello <?php print $_SESSION['user_logged']; ?></h3>
    <p>You are logged in!
    <br />
    <a href="logout.php">Logout</a></p>
    </div> <!-- close loginset --->
 
<?php
} else { // No session, provide login
?>
        <div id="login">
        <img src="images/left-members.png" />
        <form action="members.php" method="post">
        <p><b>Username:</b><input type="text" name="username" size="15" /></p>
        <p><b>Password:</b><input type="password" name="password" size="15" /></p>
        <p><input type="submit" name="submit" value="Login" /></p>
        </form>
        </div> <!-- close login --->
<?php }
    //error check
    if (isset ($_POST['submit']) && $_POST['submit'] == "Login"){ // if submit is pressed
        if ($_POST['username'] != "" && // and username and password not empty run SQL
            $_POST['password'] != "")
            {
    $query = "SELECT username, password FROM user_info " .
    "WHERE username = '" . $_POST['username'] . "' " . 
    "AND password = (PASSWORD ('" . $_POST['password'] . "'))";
    $result = mysql_query($query) or die(mysql_error());
    
        if (mysql_num_rows($result) == 1 ){
        $_SESSION['user_logged'] = $_POST['username'];
        $_SESSION['user_password'] = $_POST['password'];
        
        } else { echo "<b>The username and/or password were not found, please try again.</b>"; } 
} else {
        echo "<b>Please input a valid username and password.</b>";
        }
}?>
Any suggestions?
Thanks guys
fizix
Forum Newbie
Posts: 10
Joined: Fri Aug 21, 2009 12:26 pm

Re: Logged in if session exists and/or $_Post exists problem!

Post by fizix »

Cygnus,

You need to set your session variable BEFORE you check if it's set. Try this:

Code: Select all

<?php
    //error check
    if (isset ($_POST['submit']) && $_POST['submit'] == "Login"){ // if submit is pressed
        if ($_POST['username'] != "" && // and username and password not empty run SQL
            $_POST['password'] != "")
            {
    $query = "SELECT username, password FROM user_info " .
    "WHERE username = '" . $_POST['username'] . "' " .
    "AND password = (PASSWORD ('" . $_POST['password'] . "'))";
    $result = mysql_query($query) or die(mysql_error());
   
        if (mysql_num_rows($result) == 1 ){
        $_SESSION['user_logged'] = $_POST['username'];
        $_SESSION['user_password'] = $_POST['password'];
       
        } else { echo "<b>The username and/or password were not found, please try again.</b>"; }
} else {
        echo "<b>Please input a valid username and password.</b>";
        }
}
if (isset ($_SESSION['user_logged']) && $_SESSION['user_logged'] != "") {
 
?>
    <div id="loginset">
    <img src="images/left-members-logged.png" />
    <h3>Hello <?php print $_SESSION['user_logged']; ?></h3>
    <p>You are logged in!
    <br />
    <a href="logout.php">Logout</a></p>
    </div> <!-- close loginset --->
 
<?php
} else { // No session, provide login
?>
        <div id="login">
        <img src="images/left-members.png" />
        <form action="members.php" method="post">
        <p><b>Username:</b><input type="text" name="username" size="15" /></p>
        <p><b>Password:</b><input type="password" name="password" size="15" /></p>
        <p><input type="submit" name="submit" value="Login" /></p>
        </form>
        </div> <!-- close login --->
<?php }
?>
By the way, you should never put user supplied data directly in to an SQL query. Read this:

http://www.tizag.com/mysqlTutorial/mysq ... ection.php
Cygnus X-1
Forum Newbie
Posts: 2
Joined: Sun Aug 16, 2009 6:30 am

Re: Logged in if session exists and/or $_Post exists problem!

Post by Cygnus X-1 »

Hi fizix,

that worked!! awesome, thanks!

thanks for the link, ill read up


mark
Post Reply