• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

PHP Session login assistance needed

Hi all,

I am using the code below for session login. The problem is thatwithout logging I can still change the url and go straight to the othe pages.

What code would I use to check if the user has logged in or not please?

Thanks

Here's the code below.
<?php
ob_start();
session_start();
$host = "localhost"; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name = "test"; // Database name
$tbl_name = "members"; // Table name
// Connect to server and select database.
mysql_connect($host, $username, $password) OR
        die('cannot connect');

mysql_select_db($db_name) or die("cannot select DB");

// username and password sent from form
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)

//I think stripslashes is useless here
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = "SELECT 1 FROM $tbl_name 
            WHERE 
                username='$myusername'
                AND password='$mypassword';";

$result = mysql_query($sql);
$count = mysql_num_rows($result);

if ($count == 1) {
    $_SESSION["myusername"]=$myusername;
    $_SESSION["mypassword"]=$myusername;
    header("location:login_success.php");
} else {
    echo "Wrong Username or Password";
}

Open in new window

0
error77
Asked:
error77
  • 3
1 Solution
 
Loganathan NatarajanLAMP DeveloperCommented:
session_start();   .. to be the first line on your page...

so it should be,

<?php
session_start();
ob_start();

....
0
 
Loganathan NatarajanLAMP DeveloperCommented:
on your session check page...

just try like this,

if (!$_SESSION["myusername"])
{
 header("location:login_error.php");
}
0
 
Loganathan NatarajanLAMP DeveloperCommented:
simple example, how to use login session to check other pages ... click to see session auth
0
 
Dave BaldwinFixer of ProblemsCommented:
The code that checks your login has to be on Every Page that needs protecting with the login.
0
 
geowrianCommented:
First, I would remove the storing of the user's password in the session variable unless this is actually necessary for something (i.e. sending the password to another system). To do this, remove line #38 in your code above.

Second, I would add  a flag to indicate if the user is logged in or not. For instance, add this on line #38 (where you removed the other line):
$_SESSION['LoggedIn'] = true;

Last, you need the following on/near the top of each page (or in an included file):

<?php
session_start();
if(!isset($_SESSION['LoggedIn']) || !$_SESSION['LoggedIn']) {
     echo "You must be logged in";
     exit(0);
}
?>
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now