/    Sign up×
Community /Pin to ProfileBookmark

PHP Login

Copy linkTweet thisAlerts:
Aug 16.2004

Hi, i know this is really basic and stuff.

But i dont quite understand how sessions work with a login script, i have always done it with cookies. but i have been told and from readin up session is much better although i have neva used them.

So i have my basic login ( its something i made so it got email init aswell coz its for security on something im doin

[code=php]
//calling required files
require_once(‘../common/easy_link.php’);
session_start();

//connect to db form db_connect.php
$conn = mysql_connect(“localhost”,”apccompunet”,”sepultura”) or die(mysql_error());

//connect to table
mysql_select_db(“apccompunet”,$conn) or die(mysql_error());

//create query to let users in
$adminsql = “SELECT FirstName, LastName, UserName, EmailAddress FROM members WHERE UserName = ‘$_POST[UserName]’ AND Password = password(‘$_POST[Password]’) AND EmailAddress = ‘$_POST[EmailAddress]'”;

//the result to the access query
$admin_res = mysql_query($adminsql, $conn) or die(mysql_error());

//get the number of rows in the result should be 1 due to primary key
if (mysql_num_rows($admin_res) ==1) {

//if there is 1 row (Authorised)
$FirstName = mysql_result($admin_res, 0,’FirstName’);
$LastName = mysql_result($admin_res, 0,’LastName’);
$UserName = mysql_result($admin_res, 0,’UserName’);
$EmailAddress = mysql_result($admin_res, 0,’EmailAddress’);
[/code]

this is where i take it the session must start but i really dont have a clue. and what else i dont understand is how the other pages are restricted so it links to somewhere if they r not logged in ?????? i dont get that if you could explain it in sense of a login that would be great.

Thanks Adam

to post a comment
PHP

9 Comments(s)

Copy linkTweet thisAlerts:
@NaemoAug 16.2004 — firstly at the top of EVERY page you wish to be protected BEFORE any html is sent to the browser this must be included:

[code=php]
session_start();
[/code]

After that you define seesions like so:

[code=php]

# Login page:

if( Authorized ){

$_SESSION['username']=$user;
$_SESSION[' .... etc
....
....

}


# Now on any other page you can access the sessions by simply,

echo "Welcome, ".$_SESSION['username'];

[/code]

Thats basically it.

Note that sessions are only kept while the browser window is open so if it is close then you will have to log back in, unlike cookies.
Copy linkTweet thisAlerts:
@k0r54authorAug 16.2004 — im sorry i still dont quite understand it,

if the page that it goes to has session_start() but they are not logged in how does the browser know where to send them

Thanks Adam
Copy linkTweet thisAlerts:
@k0r54authorAug 16.2004 — also would u use cookies or session
Copy linkTweet thisAlerts:
@NaemoAug 16.2004 — sorry i hope this makes it clearer:

[code=php]

# Login page:

if( authorized ){
$_SESSION['are_you_logged_in']="yes";
}


# Protected page:

if(isset($_SESSION['are_you_logged_in']) && $_SESSION['are_you_logged_in']=='yes'){

# Display html

}else{
header("Location:login.php");
}


#Logout page:

unset($_SESSION['are_you_logged_in']);

[/code]

if you dont understand some of this then ask for explanation
Copy linkTweet thisAlerts:
@NaemoAug 16.2004 — [i]Originally posted by k0r54 [/i]

[B]also would u use cookies or session [/B][/QUOTE]

that depends on the purpose of the website. if the site were something like this site where most people probably log in from their home computer then cookies are the best option as they 'remember' you so you dont keep on having to log in. on the other hand if the site is one where someone would login anywhere, at work, home, cafe then sessions are the best as otherwise if it were a public computer then if someone went on the computer after them then they would be logged in under the previous person.

so in conclusion it depends on the type of project.
Copy linkTweet thisAlerts:
@k0r54authorAug 16.2004 — Ok! lol

so

[code=php]

//this bit goes after my first post!

if( authorized ){
$_SESSION['are_you_logged_in']="yes";
}

// this is used on the logout page and then they canot access any pages again
unset($_SESSION['are_you_logged_in']);


//Now this bit it the bit i dont understand
//why does it have are you logged in called twice and where does this code go?
if(isset($_SESSION['are_you_logged_in']) && $_SESSION['are_you_logged_in']=='yes'){

# Display html

}else{
header("Location:login.php");
}
[/code]
Copy linkTweet thisAlerts:
@NaemoAug 16.2004 — [code=php]

isset($_SESSION['are_you_logged_in'])

[/code]


this part checks that the session variable is defined. if the person had not logged in or was logged out then this would return false.



[code=php]

$_SESSION['are_you_logged_in']=="yes"

[/code]

this part checks that the value stored in the session equals "yes". this is just an extra bit that can be removed but could be useful if the value were changed to "no" so then isset() would return true but this would return false.


to implement
[code=php]
## put at very beginning
session_start();

if(!isset($_SESSION['are_you_logged_in']) || $_SESSION['are_you_logged_in']!="yes"){
header("Location:login.php");
}

[/code]

this part checks that the session $_SESSION['are_you_logged_in'] is defined, if it is not then the page is redirected to the login page.
Copy linkTweet thisAlerts:
@k0r54authorAug 16.2004 — ok so this should work

Page 1
[code=php]
//calling required files
require_once('../common/easy_link.php');
session_start();

//connect to db form db_connect.php
$conn = mysql_connect("localhost","apccompunet","sepultura") or die(mysql_error());

//connect to table
mysql_select_db("apccompunet",$conn) or die(mysql_error());

//create query to let users in
$adminsql = "SELECT FirstName, LastName, UserName, EmailAddress FROM members WHERE UserName = '$_POST[UserName]' AND Password = password('$_POST[Password]') AND EmailAddress = '$_POST[EmailAddress]'";

//the result to the access query
$admin_res = mysql_query($adminsql, $conn) or die(mysql_error());

//get the number of rows in the result should be 1 due to primary key
if (mysql_num_rows($admin_res) ==1) {

//if there is 1 row (Authorised)
$FirstName = mysql_result($admin_res, 0,'FirstName');
$LastName = mysql_result($admin_res, 0,'LastName');
$UserName = mysql_result($admin_res, 0,'UserName');
$EmailAddress = mysql_result($admin_res, 0,'EmailAddress');

//start sessions
$HTTP_SESSION_VARS['UserName'] = $UserName;
$HTTP_SESSION_VARS['FirstName'] = $FirstName;
$HTTP_SESSION_VARS['LastName'] = $LastName;
$HTTP_SESSION_VARS['EmailAddress'] = $EmailAddress;
$HTTP_SESSION_VARS['admin'] = $admin
$HTTP_SESSION_VARS['logged_in'] = 'Yes';

//blah blah all the else stuff

[/code]

and this being page 2

[code=php]
<?PHP

session_start();

//if they are not logged in then go to not_logged_in.php
if(!isset($_SESSION['are_you_logged_in']) || $_SESSION['are_you_logged_in']!="yes"){
header("Location: not_logged_in.php");
}

<html>
<body>
<?PHP echo "Well Done ".$_SESSION['$FirstName']" ".$_SESSION['LastName']" you are logged in";
</body>
</html>

[/code]

would this work??
Copy linkTweet thisAlerts:
@k0r54authorAug 17.2004 — After some tweeking and reading it is now working.

Thanks to all that helped i really needed to learn this and is quite handy lol

thanks
×

Success!

Help @k0r54 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...