PHP Session login assistance needed

Posted on 2011-04-25
Last Modified: 2012-05-11
Hi all,

I am using the code below for session login. The problem is thatwithout logging I can still change the url and go straight to the othe pages.

What code would I use to check if the user has logged in or not please?


Here's the code below.
$host = "localhost"; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name = "test"; // Database name
$tbl_name = "members"; // Table name
// Connect to server and select database.
mysql_connect($host, $username, $password) OR
        die('cannot connect');

mysql_select_db($db_name) or die("cannot select DB");

// username and password sent from form
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)

//I think stripslashes is useless here
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = "SELECT 1 FROM $tbl_name 
                AND password='$mypassword';";

$result = mysql_query($sql);
$count = mysql_num_rows($result);

if ($count == 1) {
} else {
    echo "Wrong Username or Password";

Open in new window

Question by:error77
    LVL 36

    Expert Comment

    by:Loganathan Natarajan
    session_start();   .. to be the first line on your page...

    so it should be,


    LVL 36

    Accepted Solution

    on your session check page...

    just try like this,

    if (!$_SESSION["myusername"])
    LVL 36

    Expert Comment

    by:Loganathan Natarajan
    simple example, how to use login session to check other pages ... click to see session auth
    LVL 82

    Expert Comment

    by:Dave Baldwin
    The code that checks your login has to be on Every Page that needs protecting with the login.
    LVL 12

    Expert Comment

    First, I would remove the storing of the user's password in the session variable unless this is actually necessary for something (i.e. sending the password to another system). To do this, remove line #38 in your code above.

    Second, I would add  a flag to indicate if the user is logged in or not. For instance, add this on line #38 (where you removed the other line):
    $_SESSION['LoggedIn'] = true;

    Last, you need the following on/near the top of each page (or in an included file):

    if(!isset($_SESSION['LoggedIn']) || !$_SESSION['LoggedIn']) {
         echo "You must be logged in";

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    This is a general how to create your own custom plugin system for your PHP application that you designed (or wish to extend a third party program to have plugin functionality that doesn't have it yet).  This is not how to make plugins for existing s…
    This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now