sessions problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
superman
Forum Commoner
Posts: 29
Joined: Tue Jul 08, 2003 2:54 am

sessions problem

Post by superman »

i use this code to verify the username & password, but how to pass the username in every pages such as 'welcome andy' if andy login and 'welcome jack' if jack login.
this script is unsecure, what script should i include in every pages so when i enter http://localhost/payroll.php it will ask me to login first.


<?
session_start();
if ($username && $password)
{
$Connect = mysql_connect("localhost", "root", "");
mysql_select_db("mw");
$result = mysql_query("select * from account where username='$username' and password='$password'");

if (mysql_num_rows($result) > 0)
{
$valid_user = $username;
session_register("valid_user");
}
}
?>


<?
if (session_is_registered("valid_user"))
{

$_SESSION['valid_user'] = $_POST['username'];
echo "<center><br><br>You are logged in as: $valid_user <br><br>";
echo "<center><a href=\"logout.php\">Log out</a><br>";
}
else
{
if (isset($username))
{
echo "<center>Could not log you in";
}
else
{
echo "<center>You are not logged in.<br>";
}
echo "<form method=post action=\"login.php\">";
echo "<center><table>";
echo "<tr><td>Username:</td>";
echo "<td><input type=text name=username></td></tr>";
echo "<tr><td>Password:</td>";
echo "<td><input type=password name=password></td></tr>";
echo "<tr><td colspan=2 align=center>";
echo "<input type=submit value=\"Log In\"></td></tr>";
echo "</table></form>";
}
?>
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

well, make a new file for the session checking, e.g.

Code: Select all

<?php
//session.php
session_start();
if(empty($_SESSION&#1111;username]))
&#123;
//login login code here
die();
&#125;
?>
then include it into all your files, just make sure $_SESSION[username] is set when a user logs in. this will save you from all that IF and ELSE too.
Post Reply