Good evening all!
Hope is all well and that someone can help me out here. I am writing a login script for a website of mine here, and I am new to the whole PDO thing along with sessions. This being said, I have successfully tested this code, and it is not throwing any errors, and executes the way I want to. Thing is, I don’t know how to carry over the session from page to page. I have
[CODE]session_start();
at each page but I know I am doing something wrong, and I am nearly 99.99% sure I am setting the session incorrectly or not at all.
Here is the login script:
[code=php]
<?php
session_start();
//pull variables
$User = $_POST[‘user_name’];
$Pass = $_POST[‘password’];
$ENC = sha1($Pass);
$ERRmsg = “”;
//Checks to see if login button was pressed
if(isset($_POST[‘Login’]))
{
//Checks to see if user actually put in data
if(empty($User)) $ERRmsg .= ‘<p>You did not enter a user name, please go back and enter your user-name. </p>’;
if(empty($Pass)) $ERRmsg .= ‘<p>You did not enter a password, please go back and enter your password. </p>’;
//Checks to see if error message is empty, if true, then proceeds with rest of code
if(empty($ERRmsg))
{
//Uses the input from the from to match the username and password and checks it against the ‘Users’ table
//Opens the connection to MySQL
try {
$LGC = new PDO(‘mysql:host=localhost; dbname=******’, ‘**********’, ‘*********’);
$LGC->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//Prepares the SQL Statement
$SLU = $LGC->prepare(
“SELECT
Username,
Password,
Active,
UID
FROM
Users
WHERE
Username = :Uname
AND
Password = :DbPass
“);
//Binds the variables for security
$SLU->bindParam(‘:Uname’, $User);
$SLU->bindParam(‘:DbPass’, $ENC);
//Executes the SQL Statement matching the information given
$SLU->execute();
//Sets the results into an array
$result = $SLU->fetch(PDO::FETCH_ASSOC);
$Uname = $result[‘Username’];
$Active = $result[‘Active’];
$UID = $result[‘UID’];
}
catch (PDOException $ex) {
$msg = $ex->errorInfo;
error_log(var_export($msg, true));
die(“<h1 style=’color:red’>Error LG_01, Please contact the administrator!</h1>”);
}
//Checks if account is a valid account
if($Active == 0) $ERRmsg .=”You Need to confirm you account first before you log-in”;
if($Active == 3) $ERRmsg .=”Your account has been disabled for security reasons, contact the administrator for more information”;
//Checks to see if error message is empty
if(empty($ERRmsg))
{
$_SESSION[‘Username’] = true;
$_SESSION[‘Password’] = true;
echo ‘Successfully logged-in’;
}
//Shows you error message
else
{
echo $ERRmsg;
die;
}
}
else
{
echo(“<div id=posts>”. $ERRmsg.”</div>”);
}
}
else
{
echo(“You cant do that!”);
}
?>
and here is the page where the first session should come into play if you are logged in, but the session doesn’t carry over to the page. Can anyone help me out?
[code=php]
<?php
session_start();
?>
<body>
<?
//if the user is logged in show the downloads page
if( isset($_SESSION[‘true’]) ) {?>
<p>Thank you for logging in</p>
<?
}else{
?>
<div id=”bg-cyan”>
<div id=”body body-s”>
<form method=”post” action=”loginscript.php” id=”register-form” class=”sky-form”>
<h1>Please Login</h1>
<fieldset>
<section>
<label class=”input”>
<i class=”icon-append fa fa-user”></i>
<input type=”text” name=”user_name” id=”user_name” placeholder=”User Name”>
<b class=”tooltip tooltip-bottom-right”>Please enter your User Name”</b>
</label>
</section>
<section>
<label class=”input”>
<i class=”icon-append fa fa-lock”></i>
<input type=”password” name=”password” id=”password” placeholder=”Password”>
<b class=”tooltip tooltip-bottom-right”>Please enter your password</b>
</label>
</section>
</fieldset>
<button type=”submit” class=”button” name=”Login”>Submit</button>
</form>
<p>If you are not registered, please <a href=”http://www.wartachicago.org/test/ssignup.php”>register</a> here.</p>
</div>
<? } ?>
</div>
</body>
</html>
Thanks!