Login & Sessions

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

meesh2175
New php-forum User
New php-forum User
Posts: 12
Joined: Thu Feb 16, 2012 1:03 pm

Login & Sessions

Postby meesh2175 » Tue Oct 23, 2012 11:32 am

Hello, I am new at creating sessions and I have come to a road block with my website. I have created a login page which checks the username and password to see if the user exists. If they do, it stores their userrecord.

Once the user has logged in, they can navigate through the website. Each page within the website starts with:

Code: Select all

<?php
require_once("logincheck.php");
session_start();
?>


The logincheck.php checks to make sure a user is logged with a valid username and password:

Logincheck.php

Code: Select all

<?php
session_start();
require_once('config.php');

mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Can't connect to database");
mysql_select_db(DB_DATABASE) or die(mysql_error());

$myusername = $_SESSION['username'];
$mypassword = $_SESSION['password'];

$sql = "SELECT * FROM users WHERE username ='$myusername' AND password ='$mypassword'";

$result = mysql_query($sql);
$count = mysql_num_rows($result);

if($count == 0) {header("location:index.php");}
else{$_SESSION["userrecord"] = mysql_fetch_assoc($result);}

?>


The part I am having problems with is the "Update Password" page. Once the user updates their password, it makes them log back in again. Is there a way to avoid the user from having to log back in? Below is my code for updating my database with the new password.

Code: Select all

<?php
session_start();
require_once('config.php');

$errmsg_arr = array(); //Array to store validation errors
$errflag = false; //Validation error flag

$myusername = $_SESSION['username'];
   
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {die('Failed to connect to server: ' . mysql_error());}
   
$db = mysql_select_db(DB_DATABASE); if(!$db) {die("Unable to select database");}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
   $str = stripslashes($str);   }
   return mysql_real_escape_string($str);   }
   
//Sanitize the POST values
$password1 = clean($_POST['password1']);
$password2 = clean($_POST['password2']);
$secret_password = md5($password2);

//Create INSERT query
if($password1 == $password2){
$qry = "UPDATE users
      SET password = '$secret_password'
      WHERE username = '$myusername'";
   
$result = @mysql_query($qry);
}
   
//Check whether the query was successful or not
if($result)
{header("location: password_updated.php");
exit();   }
else {header("location: password_wrong.php");}
?>


Any suggestions? Thanks!!

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Login & Sessions

Postby egami » Tue Oct 23, 2012 12:17 pm

show me password_updated.php

meesh2175
New php-forum User
New php-forum User
Posts: 12
Joined: Thu Feb 16, 2012 1:03 pm

Re: Login & Sessions

Postby meesh2175 » Wed Oct 24, 2012 4:27 am

Here is password_updated.php:

Code: Select all

<?php session_start(); ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>My Login Website</title>
</head>

<body>
<table width="750" border="0" align="center" cellpadding="8" cellspacing="0" class="table">
<tr>
<td width="209" height="30" bgcolor="#000000" style="font-weight: bold; color: #999;"><span style="font-weight: bold; font-size: 20px; color: #FFF;">UPDATE PASSWORD</span></td>
<td width="359" height="30" align="right" bgcolor="#000000" style="font-weight: bold">&nbsp;</td>
</tr>
<tr>
<td colspan="2" bgcolor="#CCCCCC" style="font-weight: bold"><span style="color: #000; text-align: left;">Password Updated</span>
</td></tr>
<tr>
<td height="75" colspan="2" align="left"><p>Your password was successfully updated. </p></td></tr>
</table>
</body>
</html>

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Login & Sessions

Postby egami » Wed Oct 24, 2012 10:44 am

each page should begin with

<?php
session_start();
....


and then, include logincheck.php


I do it a bit differently..


<?php
session_start();
if (!isset($_SESSION['loggedin']))
{
header("Location: login.php");
}

//db..
include ('/path/to/sql/include/file');

...stuff here....


Return to “PHP coding => General”

Who is online

Users browsing this forum: No registered users and 2 guests