Login Script Help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Magicman0022
Forum Newbie
Posts: 11
Joined: Thu Jul 28, 2005 8:38 am

Login Script Help

Post by Magicman0022 »

I am very new too php and am just experimentting with a very simple php login script.

The code is below.

I dont understand what code to put at the top of each secure webpage to make sure that the session is still logged in.

I'm pretty sure that this should be very simple. With my code below could anyone please write out the short code I need to place on the top of each of my secure pages.





<?php

import_request_variables ("PCG");

if (empty($Surname) || empty($Password))
{
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr.html");
}
else
{

//open database connection
$connection = mysql_connect("xxxxxxxxxxxxx,xxxxxxxxx,xxxxxxx") or die ("Error Connecting
to the database.");

//select the database
mysql_select_db("ar1?db", $connection) or die ("Failed!");

$result = mysql_query("select * from Student where Surname='$Surname' AND Password='$Password'",$connection);




//check that at least one row has been returned.
$Checkrow = mysql_num_rows($result);
if($Checkrow > 0)
{
while($row = mysql_fetch_array($result))
{
//start session
session_start();
session_register('Surname');

header("Location: http://project.cs.cf.ac.uk/A.Rabindran/Form1.php");
}
}
else
{
//Invalid Password or User ID: Return to Login Page
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr.html");
}


}

php?>




I hope this is enough infomation.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

use [ php ] tags when posting code in the forum.

you just need to include your session() information at the top of every page that you want to include the session variables in.

**Note: this does not mean that you are "securing" the information.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Couple things: First, you are declaring a session variable, but not assigning it a value. That will be somewhat easy to spoof unless you have a value that you have to double check, in there.

Also, you are using an old (though still valid) way of assigning stuff to sessions. Another, easier, way is:

Code: Select all

session_start();
$_SESSION['Surname'] = '';
Finally, to answer the question you actually asked :wink: , put some code at the top of your page that checkss the session variables. All you're currently doing is creating a session variable 'Surname', so to check for that:

Code: Select all

session_start();
if(isset($_SESSION['Surname']))
{
  $session_active = true;
}
else
{
  $session_active = false;
}
// or a leaner version...
$session_active = (isset($_SESSION['Surname'])) ? true : false;
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Magicman0022
Forum Newbie
Posts: 11
Joined: Thu Jul 28, 2005 8:38 am

Tried to implement what you said but it didn't work... Help

Post by Magicman0022 »

Thanx for the pointers,

I took on your advice and constructed this set of code. Unfortunatly It stilldoesn't work. When the page executes the session is not recognised and gets forced to my StudentErr1 page.

I cant seem to pass over the session correctly because if I register the session in the code below it all works hunky dory.

I guess this is all trivial stuff to you guys... but if you could help me to get this to work it would be most appreciated

Code: Select all

<?php 
//start the session 
session_start(); 
//session_register('Surname'); 

//check to make sure that session variable is registered 
if(isset($_SESSION['Surname'])) 
{ 
$session_active = true; 
} 
else 
{ 
//session variable is not registered therfore send them back to the login page. 
$session_active = false; 
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr1.html"); 
} 
php?>
Please help
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

to be totally honest, I don't use session_register rather I just set my session vars (not sure the difference actually, they both seem "global" to me).

Code: Select all

$_SESSION['Surname'] = $row['Surname'];
you could try printing out the array to see what is being set on your login page:

Code: Select all

print_r($_SESSION);
Post Reply