PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hi i've written a login page with the help of an online tutorial here (http://www.howtodothings.com/computers- ... ur-website), but im having a hard time to get it to work i created 2 pages one where the user submits the data using a form and another file containig php script to do the actual login
i just changed if($_GET['JMSLogin'] == "failed") to if($_GET['login'] == "failed") on the first page the one with the form on and didnt do anything shud i change all of the "JMSLogin"s to login then?
I've noticed you call session_start() and session_destroy() right after each other... That's probably causing problems of its own. Try removing session_destroy() and see what happens
I don't think you need the exit; lines in log.php either...
hmm that didnt seem to do anything either, i just tried doing everything the same as that tutorial right down to maiking a table with the variables he uses and that didnt work either, do you know of any other place where i can find help about creating a login page?
A lot of the ones I found when I started out learning to write login systems were quite basic and badly written... Using cookies to store usernames and passwords *shudders*.
I don't know of any really good login system tutorials without doing a bit of Googling myself but I would advise you to look for a tutorial that does logins based on PHP sessions (which you seem to have found here but it hasn't really worked out for you ^_^).
Just keep trying, bud, you'll get it in the end! If you need to, take a little break from it and come back with a fresh mind
<?php
// this line start the session if it has not already been done by PHP or before
if(!isset($_SESSION))session_start();
// register the session has having the name JMSLogin
session_name("JMSLogin");
// if the employee is not logged then we show the form
if(!isset($_SESSION['login'])){
// if the form has been POSTED then we use the data received
if(isset($_POST['user']) && isset($_POST['password'])) {// we use $_POST because the form uses method="post"
// we register the $_POST variables in normal variable, not really required, just to show it
$employeeId=$_POST['user'];
$employeePassword=$_POST['password'];
// its preferable to use long variable name to understand more easily what happens
$connection = mysql_connect("localhost","user","password");
$databaseName = mysql_select_db("JMSystemDB");
// we are verifying that there is someone in the database with this Id and password
// it is not a good idea in term of security to display to the user if it the wrong login comes
// from the password or from the login
$query = mysql_query('
SELECT
*
FROM
Employee
WHERE
EmployeeID="'.mysql_real_escape_string($employeeId).'"
AND
SystemPassword="'.mysql_real_escape_string($employeePassword).'"
');
// we have a results, it means that an employee has this id and password
if(mysql_num_rows($query)) {
// we register the login in a session variable, session_register is deprecated
$_SESSION['login']=true;// you could actually register the employeeId if you want
header("Location: Jobs.php");
exit;
// otherwise it has failed so we just fill the error variable instead of redirecting to another page
} else {
$error='bad login or password';
}
}
// we display the form, it is shown only when there was an error or if the person is not logged
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
Login: <input type="text" name="user"><BR>
Password: <input type="password" name="password"><BR>
<input type="submit">
</form>
<?php
// if there is an error we show it
if(isset($error))
echo $error;
}
?>
Everything goes in 1 file, so you can use require(); with this file one every pages you want to be password protected