Login Problem

@rhodaroseSep 03.2010

I have a login page, and i have a problem in my page because when the user is already login and she accidentally press the back button and when she try to login she can login..i want that when she already login she could not login again..

here is my code:

[code] <?php session_start();

//require_once ‘conn.php’; $db_name=”dspi”;

mysql_connect(“localhost”, “root”, “”) or die(“Cannot connect to server”); mysql_select_db(“$db_name”)or die(“Cannot select DB”);

$department = mysql_real_escape_string($_POST[‘department’]); $username = mysql_real_escape_string($_POST[‘username’]);

$sql=mysql_query(“SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = ‘{$department}’ AND Username = ‘{$username}'”) or die(mysql_error()); $ct = mysql_num_rows($sql);

if($ct == 1) { $row = mysql_fetch_assoc($sql);

if($row[‘Department’]==’Accounting’) { header(‘location: Company.php’); } elseif($row[‘Department’]==’Engineering’) { header(‘location: Company.php’); } elseif($row[‘Department’]==’Finishing_Goods’) { header(‘location: Company.php’); } elseif($row[‘Department’]==’HRAD’) { header(‘location: Company.php’); } elseif($row[‘Department’]==’MIS’) { header(‘location:Company.php’); } elseif($row[‘Department’]==’Packaging_and_Design’) { header(‘location:Company.php’); } elseif($row[‘Department’]==’Production’) { header(‘location:Company.php’); } elseif($row[‘Department’]==’Purchasing_Logistic’) { header(‘location:Company.php’); } elseif($row[‘Department’]==’QA_and_Technical’) { header(‘location:Company.php’); } elseif($row[‘Department’]==’Supply_Chain’) { header(‘location:Company.php’); } else { header(‘location:index.php’); echo”Incorrect Username or Department”;

} } ?>

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″ /> <title>DSPI LOGIN</title> <script type=”text/javascript”> function handleEnter (field, event) { var keyCode = event.keyCode ? event.keyCode : event.which ? event.which : event.charCode; if (keyCode == 13) { var i; for (i = 0; i < field.form.elements.length; i++) if (field == field.form.elements[i]) break; i = (i + 1) % field.form.elements.length; field.form.elements[i].focus(); return false; } else return true; }

</script> <style type=”text/css”> <!– BODY { background-image: url(layout_image/bgroundv09.png); background-attachment: fixed; } #Dept_Frame { position:absolute; width:229px; height:49px; z-index:1; left: 441px; top: 262px; } #Department_Option { position:absolute; width:186px; height:32px; z-index:2; left: 453px; top: 275px; } #Submit_Frame { position:absolute; width:82px; height:35px; z-index:3; left: 516px; top: 320px; } #Submit_Button { position:absolute; width:60px; height:29px; z-index:4; left: 524px; top: 328px; } #Username_ImageText { position:absolute; width:130px; height:55px; z-index:5; left: 319px; top: 208px; } #User_Frame { position:absolute; width:230px; height:46px; z-index:6; left: 441px; top: 216px; } #Username_Textbox { position:absolute; width:182px; height:23px; z-index:7; left: 455px; top: 228px; } –> </style> </head> <body onload=”document.form1.username.focus();”> <form id=”form1″ name=”form1″ method=”post” action=””> <div id=”Department_Option”> <select name=”department” onkeypress=”return handleEnter(this, event)”> <option>Choose your Department. . . . . . </option> <option value=”Accounting” <?php if($_POST[‘department’] == ‘Accounting’) echo “selected=’selected'”; ?>>Accounting</option> <option value=”Engineering” <?php if($_POST[‘department’] == ‘Engineering’) echo “selected=’selected'”; ?>>Engineering</option> <option value=”Finishing_Goods” <?php if($_POST[‘department’] == ‘Finishing_Goods’) echo “selected=’selected'”; ?>>Finishing Goods</option> <option value=”HRAD” <?php if($_POST[‘department’] == ‘HRAD’) echo “selected=’selected'”; ?>>HRAD</option> <option value=”MIS” <?php if($_POST[‘department’] == ‘MIS’) echo “selected=’selected'”; ?>>MIS</option> <option value=”Packaging_and_Design” <?php if($_POST[‘department’] == ‘Packaging_and_Design’) echo “selected=’selected'”; ?>>Packaging and Design</option> <option value=”Production” <?php if($_POST[‘department’] == ‘Production’) echo “selected=’selected'”; ?>>Production</option> <option value=”Purchasing_Logistic” <?php if($_POST[‘department’] == ‘Purchasing_Logistic’) echo “selected=’selected'”; ?>>Purchasing and Logistics</option> <option value=”QA_and_Technical” <?php if($_POST[‘department’] == ‘QA_and_Technical’) echo “selected=’selected'”; ?>>QA and Technical</option> <option value=”Supply_Chain” <?php if($_POST[‘department’] == ‘Supply_Chain’) echo “selected=’selected'”; ?>>Supply Chain</option> </select> </div> <div id=”Submit_Button”> <input type=”Submit” name=”submit” value=”Submit” id=”submit” onclick=”doSomething();”/> </div> <div id=”Dept_Frame”><img src=”layout_image/subframev02.png” width=”229″ height=”50″ /></div> <div id=”Submit_Frame”><img src=”layout_image/subframev02.png” width=”80″ height=”46″ /></div>

<div id=”Username_ImageText”><img src=”layout_image/userv01.png” width=”131″ height=”62″ /></div> <div id=”User_Frame”><img src=”layout_image/subframev02.png” width=”229″ height=”50″ /></div> <div id=”Username_Textbox”> <input name=”username” type=”text” size=”30″ onkeypress=”return handleEnter(this, event)”/> </div> </form> </body> </html> [/code]

to post a comment

PHP

21 Comments(s) _↴

@DexterMorganSep 04.2010 — #I use sessions to do this.

BTW on company.php do you check whether the user is logged in? is there anything stopping any randomer from just going to the url/company.php?

@rhodaroseauthorSep 06.2010 — #I use sessions to do this.

BTW on company.php do you check whether the user is logged in? is there anything stopping any randomer from just going to the url/company.php?[/QUOTE]

i have no code to check if the user is logged in and also theres no code for stopping any randomer from going to company.php

@kingdmSep 06.2010 — #Agree with Dexter.

@Please use the PHP code wrap to post your php code so that its much more readable ?

@DexterMorganSep 06.2010 — #Alright well this login script has a few holes in it lol.

So lets start off, if you have never used sessions before they are more or less variables that can be used on all pages. Similar to cookies but the information is not stored on the client.

At the start of all the scripts you want to use sessions you must write this:

[code=php]session_start(); //starts the session lol
 session_regenerate_id(); //for security purposes.
 [/code]

Information on sessions: http://www.w3schools.com/PHP/php_sessions.asp

A really simple way of doing this script is to have a 'loggedin' session that holds a true or false value.

so during the login process if everything is fine, just before the redirect you would put [code=php]$_SESSION['loggedin'] = true;[/code]

Then on all of the pages where the user must be logged in you would put:

[code=php]if(!$_SESSION['loggedin']){ 
 //whatever you want to do with this randomer, redirect or something.
 }[/code]

to prevent people from logging in again the above code can be modified to fit on the login page.

Not sure how well i have described all of this as i woke up around 5 minutes ago, let me know if you need any help with anything.

@rhodaroseauthorSep 09.2010 — #Good day

I try the code that you suggested i put on hte top og my index page or login page

Here is the code

[code=php]
 <?php 

 session_start(); 
 session_regenerate_id(); 
 
 $_SESSION['loggedin'] = true; 
 if(!$_SESSION['loggedin']){ 
 //whatever you want to do with this randomer, redirect or something. 
 header('Location:index.php');
 } 
 
 
 //require_once 'conn.php'; 

 $db_name="dspi"; 
 
 mysql_connect("localhost", "root", "") or die("Cannot connect to server");
 mysql_select_db("$db_name")or die("Cannot select DB"); 
 
 
   $department = mysql_real_escape_string($_POST['department']); 
   $username = mysql_real_escape_string($_POST['username']); 
 
   $sql=mysql_query("SELECT Department, Username FROM tbllogin WHERE Department = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
   $ct = mysql_num_rows($sql); 
 
   if($ct == 1) { 
   $row = mysql_fetch_assoc($sql); 
 
   if($row['Department']=='Accounting') { 
   header('location: Company.php'); 
   } elseif($row['Department']=='Engineering') { 
   header('location: Company.php'); 
   } elseif($row['Department']=='Finishing_Goods') { 
   header('location: Company.php'); 
   } elseif($row['Department']=='HRAD') { 
   header('location: Company.php'); 
   } elseif($row['Department']=='MIS') { 
   header('location:Company.php'); 
   } elseif($row['Department']=='Packaging_and_Design') { 
   header('location:Company.php'); 
   } elseif($row['Department']=='Production') { 
   header('location:Company.php'); 
   } elseif($row['Department']=='Purchasing_Logistic') { 
   header('location:Company.php'); 
   } elseif($row['Department']=='QA_and_Technical') { 
   header('location:Company.php'); 
   } elseif($row['Department']=='Supply_Chain') { 
   header('location:Company.php'); 
   } 
   else {
   header('location:index.php');
   echo"Incorrect Username or Department"; 
 
   } 
  }
 ?> 
 [/code]

And when i login successfully and i try to login i could login again.

@DexterMorganSep 09.2010 — #Alright, the code I give you was a sort of guideline.

Try this:

[code=php]<?php
 session_start();
 session_regenerate_id();
 
 if($_SESSION['loggedin']){
 //the user is already logged in, lets redirect them to the other page
 header('Location:index.php');
 }
 
 
 //require_once 'conn.php'; 

 $db_name="dspi";
 
 mysql_connect("localhost", "root", "") or die("Cannot connect to server");
 mysql_select_db("$db_name")or die("Cannot select DB"); 
 
 
   $department = mysql_real_escape_string($_POST['department']); 
   $username = mysql_real_escape_string($_POST['username']);
 
   $sql=mysql_query("SELECT Department, Username FROM tbllogin WHERE Department = '{$department}' AND Username = '{$username}'") or die(mysql_error());
   $ct = mysql_num_rows($sql);
 
   if($ct == 1) {
 // im guessing this means that the user is valid.
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
 $row = mysql_fetch_assoc($sql); 
 
   if($row['Department']=='Accounting') {
   header('location: Company.php');
   } elseif($row['Department']=='Engineering') {
   header('location: Company.php');
   } elseif($row['Department']=='Finishing_Goods') {
   header('location: Company.php');
   } elseif($row['Department']=='HRAD') {
   header('location: Company.php');
   } elseif($row['Department']=='MIS') {
   header('location:Company.php');
   } elseif($row['Department']=='Packaging_and_Design') {
   header('location:Company.php');
   } elseif($row['Department']=='Production') {
   header('location:Company.php');
   } elseif($row['Department']=='Purchasing_Logistic') {
   header('location:Company.php');
   } elseif($row['Department']=='QA_and_Technical') {
   header('location:Company.php');
   } elseif($row['Department']=='Supply_Chain') {
   header('location:Company.php');
   }
   else {
   header('location:index.php');
   echo"Incorrect Username or Department";
 
   } 
  }
 ?> [/code]

alright now on the company.php

[code=php]
 if(!$_SESSION['loggedin']){
 //the user is not logged in, move them away from here
 header('Location:index.php');
 }
 [/code]

Hopefully I have been able to help.

@rhodaroseauthorSep 13.2010 — #Alright, the code I give you was a sort of guideline.

Try this:

[code=php]<?php
 session_start();
 session_regenerate_id();
 
 if($_SESSION['loggedin']){
 //the user is already logged in, lets redirect them to the other page
 header('Location:index.php');
 }
 
 
 //require_once 'conn.php'; 

 $db_name="dspi";
 
 mysql_connect("localhost", "root", "") or die("Cannot connect to server");
 mysql_select_db("$db_name")or die("Cannot select DB"); 
 
 
   $department = mysql_real_escape_string($_POST['department']); 
   $username = mysql_real_escape_string($_POST['username']);
 
   $sql=mysql_query("SELECT Department, Username FROM tbllogin WHERE Department = '{$department}' AND Username = '{$username}'") or die(mysql_error());
   $ct = mysql_num_rows($sql);
 
   if($ct == 1) {
 // im guessing this means that the user is valid.
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
 $row = mysql_fetch_assoc($sql); 
 
   if($row['Department']=='Accounting') {
   header('location: Company.php');
   } elseif($row['Department']=='Engineering') {
   header('location: Company.php');
   } elseif($row['Department']=='Finishing_Goods') {
   header('location: Company.php');
   } elseif($row['Department']=='HRAD') {
   header('location: Company.php');
   } elseif($row['Department']=='MIS') {
   header('location:Company.php');
   } elseif($row['Department']=='Packaging_and_Design') {
   header('location:Company.php');
   } elseif($row['Department']=='Production') {
   header('location:Company.php');
   } elseif($row['Department']=='Purchasing_Logistic') {
   header('location:Company.php');
   } elseif($row['Department']=='QA_and_Technical') {
   header('location:Company.php');
   } elseif($row['Department']=='Supply_Chain') {
   header('location:Company.php');
   }
   else {
   header('location:index.php');
   echo"Incorrect Username or Department";
 
   } 
  }
 ?> [/code]

alright now on the company.php

[code=php]
 if(!$_SESSION['loggedin']){
 //the user is not logged in, move them away from here
 header('Location:index.php');
 }
 [/code]

Hopefully I have been able to help.[/QUOTE]

Thank you for the codes and trying to helped me. i try the code you suggested, and the output is I cant view the index pae and when i try to view the company page the url appear is the url of index. I have no idea why it happened

@DexterMorganSep 13.2010 — #

[code=php]<?php
 session_start();
 session_regenerate_id();
 
 if($_SESSION['loggedin']){
 //the user is already logged in, lets redirect them to the other page
 header("Location:Company.php");
 }
 
 
 //require_once 'conn.php'; 

 $db_name="dspi";
 
 mysql_connect("localhost", "root", "") or die("Cannot connect to server");
 mysql_select_db("$db_name")or die("Cannot select DB"); 
 
 
   $department = mysql_real_escape_string($_POST['department']); 
   $username = mysql_real_escape_string($_POST['username']);
 
   $sql=mysql_query("SELECT Department, Username FROM tbllogin WHERE Department = '{$department}' AND Username = '{$username}'") or die(mysql_error());
   $ct = mysql_num_rows($sql);
 
   if($ct == 1) {
 // im guessing this means that the user is valid.
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
 $row = mysql_fetch_assoc($sql); 
 
   if($row['Department']=='Accounting') {
   header('location: Company.php');
   } elseif($row['Department']=='Engineering') {
   header('location: Company.php');
   } elseif($row['Department']=='Finishing_Goods') {
   header('location: Company.php');
   } elseif($row['Department']=='HRAD') {
   header('location: Company.php');
   } elseif($row['Department']=='MIS') {
   header('location:Company.php');
   } elseif($row['Department']=='Packaging_and_Design') {
   header('location:Company.php');
   } elseif($row['Department']=='Production') {
   header('location:Company.php');
   } elseif($row['Department']=='Purchasing_Logistic') {
   header('location:Company.php');
   } elseif($row['Department']=='QA_and_Technical') {
   header('location:Company.php');
   } elseif($row['Department']=='Supply_Chain') {
   header('location:Company.php');
   }
   else {
   header('location:index.php');
   echo"Incorrect Username or Department";
 
   } 
  }
 ?> [/code]

Messed up, try that lol

@rhodaroseauthorSep 14.2010 — #

[code=php]<?php
 session_start();
 session_regenerate_id();
 
 if($_SESSION['loggedin']){
 //the user is already logged in, lets redirect them to the other page
 header("Location:Company.php");
 }
 
 
 //require_once 'conn.php'; 

 $db_name="dspi";
 
 mysql_connect("localhost", "root", "") or die("Cannot connect to server");
 mysql_select_db("$db_name")or die("Cannot select DB"); 
 
 
   $department = mysql_real_escape_string($_POST['department']); 
   $username = mysql_real_escape_string($_POST['username']);
 
   $sql=mysql_query("SELECT Department, Username FROM tbllogin WHERE Department = '{$department}' AND Username = '{$username}'") or die(mysql_error());
   $ct = mysql_num_rows($sql);
 
   if($ct == 1) {
 // im guessing this means that the user is valid.
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
 $row = mysql_fetch_assoc($sql); 
 
   if($row['Department']=='Accounting') {
   header('location: Company.php');
   } elseif($row['Department']=='Engineering') {
   header('location: Company.php');
   } elseif($row['Department']=='Finishing_Goods') {
   header('location: Company.php');
   } elseif($row['Department']=='HRAD') {
   header('location: Company.php');
   } elseif($row['Department']=='MIS') {
   header('location:Company.php');
   } elseif($row['Department']=='Packaging_and_Design') {
   header('location:Company.php');
   } elseif($row['Department']=='Production') {
   header('location:Company.php');
   } elseif($row['Department']=='Purchasing_Logistic') {
   header('location:Company.php');
   } elseif($row['Department']=='QA_and_Technical') {
   header('location:Company.php');
   } elseif($row['Department']=='Supply_Chain') {
   header('location:Company.php');
   }
   else {
   header('location:index.php');
   echo"Incorrect Username or Department";
 
   } 
  }
 ?> [/code]

Messed up, try that lol[/QUOTE]

Thank you...It works

@DexterMorganSep 14.2010 — #

[code=php] 

 if($row['Department']=='Accounting') {
 header('location: Company.php');
 } elseif($row['Department']=='Engineering') {
 header('location: Company.php');
 } elseif($row['Department']=='Finishing_Goods') {
 header('location: Company.php');
 } elseif($row['Department']=='HRAD') {
 header('location: Company.php');
 } elseif($row['Department']=='MIS') {
 header('location:Company.php');
 } elseif($row['Department']=='Packaging_and_Design') {
 header('location:Company.php');
 } elseif($row['Department']=='Production') {
 header('location:Company.php');
 } elseif($row['Department']=='Purchasing_Logistic') {
 header('location:Company.php');
 } elseif($row['Department']=='QA_and_Technical') {
 header('location:Company.php');
 } elseif($row['Department']=='Supply_Chain') {
 header('location:Company.php');
 } [/code]

BTW is this necessary?

@rhodaroseauthorSep 15.2010 — #

[code=php] 

 if($row['Department']=='Accounting') {
 header('location: Company.php');
 } elseif($row['Department']=='Engineering') {
 header('location: Company.php');
 } elseif($row['Department']=='Finishing_Goods') {
 header('location: Company.php');
 } elseif($row['Department']=='HRAD') {
 header('location: Company.php');
 } elseif($row['Department']=='MIS') {
 header('location:Company.php');
 } elseif($row['Department']=='Packaging_and_Design') {
 header('location:Company.php');
 } elseif($row['Department']=='Production') {
 header('location:Company.php');
 } elseif($row['Department']=='Purchasing_Logistic') {
 header('location:Company.php');
 } elseif($row['Department']=='QA_and_Technical') {
 header('location:Company.php');
 } elseif($row['Department']=='Supply_Chain') {
 header('location:Company.php');
 } [/code]

BTW is this necessary?[/QUOTE]

Yes its needed or required...but my else condition

[code=php]
 else{
 Header ('Location:index.php');
 echo 'Wrong Username and Department';
 [/code]

did not work the echo.

and one thing i am concern is that is it possible that i put in session to store the username and department?and where i can put it? and also in all my other webpages i put session to know that user is login??

@rhodaroseauthorSep 15.2010 — #Thank you for helping me..and sorry if i have a lot of question regarding my problem because i am new in creating website and using php..I hope you understand me...

@DexterMorganSep 15.2010 — #yeah im not too sure about all the if else statements lol.
and one thing i am concern is that is it possible that i put in session to store the username and department?and where i can put it? and also in all my other webpages i put session to know that user is login?? [/QUOTE]

Yeah you can pretty much put anything in a session.

[code=php]$_SESSION['whatever_you_want'] = $whatever_variable[/code]

you can put the username and department in sessions

[code=php]$_SESSION['username'] = $row['username'];[/code]

As for the department

[code=php]$_SESSION['department'] = $row['department'];[/code]

you would put this code straight after:

[code=php]        if($ct == 1) {
 // im guessing this means that the user is valid.
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
 $row = mysql_fetch_assoc($sql);   [/code]

and for the last question, yeah you can just put the same code on all of the other pages to check if the user is logged in our out.

Not Logged In

[code=php]if(!$_SESSION['loggedin']){
 //the user is not logged in, move them away from here
 header('Location:index.php');
 } [/code]

logged in

[code=php]if($_SESSION['loggedin']){
 //user is logged in
 }[/code]

BTW have you made a log out script?

@rhodaroseauthorSep 15.2010 — #yeah im not too sure about all the if else statements lol.

Yeah you can pretty much put anything in a session.

[code=php]$_SESSION['whatever_you_want'] = $whatever_variable[/code]

you can put the username and department in sessions

[code=php]$_SESSION['username'] = $row['username'];[/code]

As for the department

[code=php]$_SESSION['department'] = $row['department'];[/code]

you would put this code straight after:

[code=php]        if($ct == 1) {
 // im guessing this means that the user is valid.
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
 $row = mysql_fetch_assoc($sql);   [/code]

and for the last question, yeah you can just put the same code on all of the other pages to check if the user is logged in our out.

Not Logged In

[code=php]if(!$_SESSION['loggedin']){
 //the user is not logged in, move them away from here
 header('Location:index.php');
 } [/code]

logged in

[code=php]if($_SESSION['loggedin']){
 //user is logged in
 }[/code]

BTW have you made a log out script?[/QUOTE]

I dont have log out yet..i try the code and i update you whta would be result..Thank you

@rhodaroseauthorSep 17.2010 — #yeah im not too sure about all the if else statements lol.

Yeah you can pretty much put anything in a session.

[code=php]$_SESSION['whatever_you_want'] = $whatever_variable[/code]

you can put the username and department in sessions

[code=php]$_SESSION['username'] = $row['username'];[/code]

As for the department

[code=php]$_SESSION['department'] = $row['department'];[/code]

you would put this code straight after:

[code=php]        if($ct == 1) {
 // im guessing this means that the user is valid.
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
 $row = mysql_fetch_assoc($sql);   [/code]

and for the last question, yeah you can just put the same code on all of the other pages to check if the user is logged in our out.

Not Logged In

[code=php]if(!$_SESSION['loggedin']){
 //the user is not logged in, move them away from here
 header('Location:index.php');
 } [/code]

logged in

[code=php]if($_SESSION['loggedin']){
 //user is logged in
 }[/code]

BTW have you made a log out script?[/QUOTE]

I have no logout..i try the code that you suggested. CAn you check if it correct

here is the code:

[code=php]
 <?php 
 session_start(); 
 session_regenerate_id(); 
 
 if($_SESSION['loggedin']){ 
 //the user is already logged in, lets redirect them to the other page 
 header("Location:company.php"); 
 } 
 
 //require_once 'conn.php'; 

 $db_name="dspi"; 
 
 mysql_connect("localhost", "root", "") or die("Cannot connect to server"); 
 mysql_select_db("$db_name")or die("Cannot select DB"); 
 
 
   $department = mysql_real_escape_string($_POST['department']); 
   $username = mysql_real_escape_string($_POST['username']); 
 
   $sql=mysql_query("SELECT Department, Username FROM tbllogin WHERE Department = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
   $ct = mysql_num_rows($sql); 
 
   if($ct == 1) { 
 // im guessing this means that the user is valid. 
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value. 
 $row = mysql_fetch_assoc($sql); 
 
   $_SESSION['username'] = $row['Username'] ;
   $_SESSION['department'] = $row['Department'];
 
   $Departments=array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain');
 
   if (in_array($row['Department'], $Departments)){
   header ('Location:company.php');
   }else{
   echo "Incorrect Username or Department";
   header ('Location:index.php');
   }
   }
 ?> 
 
 [/code]

@DexterMorganSep 17.2010 — #does that code work?

If so then yeah keep that its much better than all of the if else statements you had before.

I can help you with the logout if you need

@rhodaroseauthorSep 20.2010 — #does that code work?

If so then yeah keep that its much better than all of the if else statements you had before.

I can help you with the logout if you need[/QUOTE]

Do you have sample code for the logout???

Thank you for the code and help

@rhodaroseauthorSep 20.2010 — #i try to run my webpage in the server and i got the warning:

Warning:session_start():open(/tmpsess_b5b17bc740e40811c884215b47c6c468,O_RDWR)failed:No such file or directory(2) in C:Inetpubwwwrootintranet_webpageindex.php on line 2

Warning;session_start():Cannot send session cookie-headers already sent by (output started at C:Inetpubwwwrootintranet_webpageindex.php:2) in C:Inetpubwwwrootwebpage_intranetindex.php on line 2

Warning:session_start():Cannot send session cache limiter-headers already sent(output started at C:Inetpubwwwrootintranet_webpageindex.php:2) inC:Inetpubwwwrootwebpage_intranetindex.php on line 2

Warning:Unknown():Failed to write session data (files). Please verify that the current setting of session save_path is correct(/tmp) in unknown on line 0.

in the code login page:

[code=php]
 <?php 
 session_start(); 
 session_regenerate_id(); 
 
 if($_SESSION['loggedin']){ 
 //the user is already logged in, lets redirect them to the other page 
 header("Location:company.php"); 
 } 
 
 //require_once 'conn.php'; 

 $db_name="dspi"; 
 
 mysql_connect("localhost", "root", "") or die("Cannot connect to server"); 
 mysql_select_db("$db_name")or die("Cannot select DB"); 
 
 
   $department = mysql_real_escape_string($_POST['department']); 
   $username = mysql_real_escape_string($_POST['username']); 
 
   $sql=mysql_query("SELECT Department, Username FROM tbllogin WHERE Department = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
   $ct = mysql_num_rows($sql); 
 
   if($ct == 1) { 
 // im guessing this means that the user is valid. 
 $_SESSION['loggedin'] = true; // now that the user is valid we change the session value. 
 $row = mysql_fetch_assoc($sql); 
 
   $_SESSION['username'] = $row['Username'] ;
   $_SESSION['department'] = $row['Department'];
 
   $Departments=array('Accounting', 'Engineering', 'Finishing_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain');
 
   if (in_array($row['Department'], $Departments)){
   header ('Location:company.php');
   }else{
   echo "Incorrect Username or Department";
   header ('Location:index.php');
   }
   }
 ?> 
 [/code]

@DexterMorganSep 23.2010 — #thats odd, are you sure you are not outputting anything before the session_start() ?

The logout is very simple, you could either:
[code=php]$_SESSION['loggedin'] = false;[/code]

or research session_destroy()

@rhodaroseauthorSep 24.2010 — #The problem is i encountered that error when i put my website in intranet. I don't know why it happens when i put it in server..Anything i need to configure???

Thank you

@eval_BadCode_Sep 25.2010 — #I would like to point out that /tmp is readable to anyone with an account on your server (so if it's shared hosting, dont do that). Also, change the file permissions of the sessions/ folder, to 700. No one needs to see whos logged in accept for people with access (root and owner).

here's what I find useful to put into session:

[code=php]
 session_save_path('/path/from/root/www/login/sessions/');
 ini_set('session.name', 'cookie_name_and_session_name');
 ini_set('session.gc_probability', 1); #you have to do your own garbage collection me thinks
 ini_set('session.gc_maxlifetime', session_lifetime_in_sec); #24 minutes by default, notice how you have to keep relogging into webdeveloper.com ???? wish they would change this from 10 seconds to 60 minutes!
 ini_set('session.cookie_lifetime', cookie_lifetime_in_sec);
 ini_set('session.cache_expire', 720); #<- i forget why I used that lol
 session_start();
 [/code]

#session_regenerate_id(); <-- why, ppl wont be

sessions are the best way I know of to authenticate and keep people authenticated, but they have a lot of surprises.

phpinfo(); shows you your server's default settings for php. Including the session defaults.

Also in #PHP _↴

Remarks on Finding last week's day Login Script error reporting problem

Success!

Help @rhodarose spread the word by sharing this article on Twitter...

Tweet This

Login Problem

21 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Login Problem

21 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

21 Comments(s) _↴

Also in #PHP _↴