Page 1 of 1

Logged in if session exists and/or $_Post exists problem!

Posted: Fri Aug 21, 2009 1:34 pm
by Cygnus X-1
Hi!, this is my first PHP project!
I hope someone can show me a good way to conquer my problem!

I'm creating a members area and on the left hand side of my page there is a login box visible on every page.
When the user logs in that box turns in to a control panel that gives a simple greeting and displays
a few links for members only. The problem is that when the user logs in obviously a session is started and the POST
variables are posted to the page but the login box doesnt change to the control panel.
The rest of the page does change however (i.e to the members area). It is only when i refresh the page that the log in box finally changes to the control panel.

heres my code:

Code: Select all

<?php
if (isset ($_SESSION['user_logged']) && $_SESSION['user_logged'] != "") {
 
?>
    <div id="loginset">
    <img src="images/left-members-logged.png" />
    <h3>Hello <?php print $_SESSION['user_logged']; ?></h3>
    <p>You are logged in!
    <br />
    <a href="logout.php">Logout</a></p>
    </div> <!-- close loginset --->
 
<?php
} else { // No session, provide login
?>
        <div id="login">
        <img src="images/left-members.png" />
        <form action="members.php" method="post">
        <p><b>Username:</b><input type="text" name="username" size="15" /></p>
        <p><b>Password:</b><input type="password" name="password" size="15" /></p>
        <p><input type="submit" name="submit" value="Login" /></p>
        </form>
        </div> <!-- close login --->
<?php }
    //error check
    if (isset ($_POST['submit']) && $_POST['submit'] == "Login"){ // if submit is pressed
        if ($_POST['username'] != "" && // and username and password not empty run SQL
            $_POST['password'] != "")
            {
    $query = "SELECT username, password FROM user_info " .
    "WHERE username = '" . $_POST['username'] . "' " . 
    "AND password = (PASSWORD ('" . $_POST['password'] . "'))";
    $result = mysql_query($query) or die(mysql_error());
    
        if (mysql_num_rows($result) == 1 ){
        $_SESSION['user_logged'] = $_POST['username'];
        $_SESSION['user_password'] = $_POST['password'];
        
        } else { echo "<b>The username and/or password were not found, please try again.</b>"; } 
} else {
        echo "<b>Please input a valid username and password.</b>";
        }
}?>
Any suggestions?
Thanks guys

Re: Logged in if session exists and/or $_Post exists problem!

Posted: Fri Aug 21, 2009 1:44 pm
by fizix
Cygnus,

You need to set your session variable BEFORE you check if it's set. Try this:

Code: Select all

<?php
    //error check
    if (isset ($_POST['submit']) && $_POST['submit'] == "Login"){ // if submit is pressed
        if ($_POST['username'] != "" && // and username and password not empty run SQL
            $_POST['password'] != "")
            {
    $query = "SELECT username, password FROM user_info " .
    "WHERE username = '" . $_POST['username'] . "' " .
    "AND password = (PASSWORD ('" . $_POST['password'] . "'))";
    $result = mysql_query($query) or die(mysql_error());
   
        if (mysql_num_rows($result) == 1 ){
        $_SESSION['user_logged'] = $_POST['username'];
        $_SESSION['user_password'] = $_POST['password'];
       
        } else { echo "<b>The username and/or password were not found, please try again.</b>"; }
} else {
        echo "<b>Please input a valid username and password.</b>";
        }
}
if (isset ($_SESSION['user_logged']) && $_SESSION['user_logged'] != "") {
 
?>
    <div id="loginset">
    <img src="images/left-members-logged.png" />
    <h3>Hello <?php print $_SESSION['user_logged']; ?></h3>
    <p>You are logged in!
    <br />
    <a href="logout.php">Logout</a></p>
    </div> <!-- close loginset --->
 
<?php
} else { // No session, provide login
?>
        <div id="login">
        <img src="images/left-members.png" />
        <form action="members.php" method="post">
        <p><b>Username:</b><input type="text" name="username" size="15" /></p>
        <p><b>Password:</b><input type="password" name="password" size="15" /></p>
        <p><input type="submit" name="submit" value="Login" /></p>
        </form>
        </div> <!-- close login --->
<?php }
?>
By the way, you should never put user supplied data directly in to an SQL query. Read this:

http://www.tizag.com/mysqlTutorial/mysq ... ection.php

Re: Logged in if session exists and/or $_Post exists problem!

Posted: Fri Aug 21, 2009 3:22 pm
by Cygnus X-1
Hi fizix,

that worked!! awesome, thanks!

thanks for the link, ill read up


mark