Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

Login & Sessions

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Login & Sessions

Postby meesh2175 » Tue Oct 23, 2012 11:32 am

Hello, I am new at creating sessions and I have come to a road block with my website. I have created a login page which checks the username and password to see if the user exists. If they do, it stores their userrecord.

Once the user has logged in, they can navigate through the website. Each page within the website starts with:

Code: Select all
<?php
require_once("logincheck.php");
session_start();
?>


The logincheck.php checks to make sure a user is logged with a valid username and password:

Logincheck.php
Code: Select all
<?php
session_start();
require_once('config.php');

mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Can't connect to database");
mysql_select_db(DB_DATABASE) or die(mysql_error());

$myusername = $_SESSION['username'];
$mypassword = $_SESSION['password'];

$sql = "SELECT * FROM users WHERE username ='$myusername' AND password ='$mypassword'";

$result = mysql_query($sql);
$count = mysql_num_rows($result);

if($count == 0) {header("location:index.php");}
else{$_SESSION["userrecord"] = mysql_fetch_assoc($result);}

?>


The part I am having problems with is the "Update Password" page. Once the user updates their password, it makes them log back in again. Is there a way to avoid the user from having to log back in? Below is my code for updating my database with the new password.

Code: Select all
<?php
session_start();
require_once('config.php');

$errmsg_arr = array(); //Array to store validation errors
$errflag = false; //Validation error flag

$myusername = $_SESSION['username'];
   
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {die('Failed to connect to server: ' . mysql_error());}
   
$db = mysql_select_db(DB_DATABASE); if(!$db) {die("Unable to select database");}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
   $str = stripslashes($str);   }
   return mysql_real_escape_string($str);   }
   
//Sanitize the POST values
$password1 = clean($_POST['password1']);
$password2 = clean($_POST['password2']);
$secret_password = md5($password2);

//Create INSERT query
if($password1 == $password2){
$qry = "UPDATE users
      SET password = '$secret_password'
      WHERE username = '$myusername'";
   
$result = @mysql_query($qry);
}
   
//Check whether the query was successful or not
if($result)
{header("location: password_updated.php");
exit();   }
else {header("location: password_wrong.php");}
?>


Any suggestions? Thanks!!
meesh2175
New php-forum User
New php-forum User
 
Posts: 12
Joined: Thu Feb 16, 2012 1:03 pm

Re: Login & Sessions

Postby egami » Tue Oct 23, 2012 12:17 pm

show me password_updated.php
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2197
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Login & Sessions

Postby meesh2175 » Wed Oct 24, 2012 4:27 am

Here is password_updated.php:

Code: Select all
<?php session_start(); ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>My Login Website</title>
</head>

<body>
<table width="750" border="0" align="center" cellpadding="8" cellspacing="0" class="table">
<tr>
<td width="209" height="30" bgcolor="#000000" style="font-weight: bold; color: #999;"><span style="font-weight: bold; font-size: 20px; color: #FFF;">UPDATE PASSWORD</span></td>
<td width="359" height="30" align="right" bgcolor="#000000" style="font-weight: bold">&nbsp;</td>
</tr>
<tr>
<td colspan="2" bgcolor="#CCCCCC" style="font-weight: bold"><span style="color: #000; text-align: left;">Password Updated</span>
</td></tr>
<tr>
<td height="75" colspan="2" align="left"><p>Your password was successfully updated. </p></td></tr>
</table>
</body>
</html>
meesh2175
New php-forum User
New php-forum User
 
Posts: 12
Joined: Thu Feb 16, 2012 1:03 pm

Re: Login & Sessions

Postby egami » Wed Oct 24, 2012 10:44 am

each page should begin with

<?php
session_start();
....


and then, include logincheck.php


I do it a bit differently..


<?php
session_start();
if (!isset($_SESSION['loggedin']))
{
header("Location: login.php");
}

//db..
include ('/path/to/sql/include/file');

...stuff here....
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2197
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT


Return to PHP coding => General

Who is online

Users browsing this forum: No registered users and 3 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.