Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PHP Session webpage after authentication

Posted on 2014-03-23
6
Medium Priority
?
909 Views
Last Modified: 2014-04-06
Hello All,

I have accomplished my first login web page using php and mysql, but in order to start a "session" or to redirect the user that has logged in to their home page wher their data is, how can I do this?

Here's my php code for my login page:

<?php
mysql_connect("localhost","root","**********");
      mysql_select_db("***********");

if(isset($_POST['submit'])){
      $uname = $_POST['uname'];
      $password = $_POST['password'];
      
      $sql = mysql_query("SELECT * FROM users WHERE uname = '$uname' AND password= '$password'");
      if(mysql_num_rows($sql) > 0){
            echo "You are now Logged in";
            exit();
      }
      else {
            echo "Wrong Username and Password";      
      }
      
}
else{
$form = <<<EOT
<form action="Login.php" method="POST">
Username: <input type="text" name="uname"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Login" name="submit"/>
</form>
EOT;

echo $form;


}      

?>
0
Comment
Question by:LuiLui77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Terry Woods
ID: 39949463
A little knowledge can be a dangerous thing. In case you weren't aware, if a user enters the following value to your login form, the consequences are not good (no username or password would be required):
' or 1=1 or '

Open in new window

Or, potentially worse (this might drop your users table from the database; don't do it!):
'; drop table users; --'

Open in new window



More info here on sanitising user input: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_27699398.html

Looks like some good details on using sessions here: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23573048.html
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 39949473
There also some information here on how to redirect after form submission: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_24926053.html

These days I'm using the CodeIgniter framework, which does redirects automatically, but my understanding is that you should be redirecting after every successful POST form submission (ie those that change information), otherwise you get unwanted browser behaviour (such as the wrong page loading when a user opens a bookmark, or a resubmit information question when refreshing the page).
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1500 total points
ID: 39949956
This article explains the essential design patterns for PHP client authentication (all web sites do the basics the same way).  It shows how the PHP session is used.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

This article explains PHP sessions.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html

This article explains why you want to put aside MySQL and instead choose one of the supported database extensions like MySQLi or PDO.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

And in case you're new to PHP and want to get some good learning resources (instead of copying code you found on the internet) try the resources called out in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
LVL 35

Expert Comment

by:Terry Woods
ID: 39951435
Good one Ray. Odd that my search didn't find any of those!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
By, Vadim Tkachenko. In this article we’ll look at ClickHouse on its one year anniversary.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question