Jump to content

PHP Sessions


msp301

Recommended Posts

I am trying to make a login form for a website that will pass the username and password to session variables so that the user's login details can be retained throughout their entire session on the site. I have written a script that should return the session variable values after a login has been made, but instead this is returning nothing at the moment; am I using sessions correctly or am I missing something about how they should be set up ?

Thanks

<?php
  session_start();

  if($_POST['username'] and $_POST['pass'])
    {
      if($_SESSION['username'] == $_POST['username'])
    {
      if($_SESSION['pass'] == $_POST['pass'])
        {
          echo("Already Signed In");
        }
       else
        {
          $_SESSION['username'] = $_POST['username'];
          $_SESSION['pass'] = $_POST['pass'];
          echo("Username = ".$_SESSION['username']."Password = ".$_SESSION['pass']);
        }
    }
    }
?>

<html>
<body>
  <form action="<?php PHP_SELF; ?>" method="post">
    Username:<input type="text" name="username">
    Password:<input type="text" name="pass">
    <input type="submit" value="Login">
  </form>
</body>
</html>

Link to comment
Share on other sites

You use of $_SESSION is fine, but there is something wrong with your IF statements.

For the session to be created, going by you IF logic, you already need to have a username Session created, this can be fixed by moving your else statement back on brace.

Try this though:

<?php
    session_start();
    
    if (isset($_POST['pass']))
    {
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['pass'] = $_POST['pass'];
    }
    
    if (isset($_SESSION['username']))
    {
        echo("Username = ".$_SESSION['username']." Password = ".$_SESSION['pass']);
    }
    else
    {
        ?>
            <html>
            <body>
              <form action="<?php PHP_SELF; ?>" method="post">
                Username:<input type="text" name="username">
                Password:<input type="text" name="pass">
                <input type="submit" value="Login">
              </form>
            </body>
            </html>
        <?php
            
    }
?>

Link to comment
Share on other sites

Nice, thanks for that, I realized what I had done now before with my IF statement, thanks ...

The only problem that I have now is trying to get my logout function working, at the moment the script will store the username and password details as session variables whilst also comparing the information entered with my sql database to check the user exists which is all good. Now I want to end the session with "session_destroy", yet I can't seem to get my logout variable to activate the IF statement. I have tried using GET to obtain it from the form as true and activate the function as well as calling a new script in a separate file and returning a session variable "logout"

Been staring at this for hours, it looks as if it should work, but maybe I'm making the wrong approach

Thanks again

<?php
session_start();

//deletes login details from session variables on logout
if($_SESSION['logout'] == "true")
  {
    session_destroy();
  }

//parse entered user details and compare with mysql database records
if (isset($_POST['username']) and ($_POST['pass']))
  {
    //database login details
    $user = "root"; $password = "password";
    
    //connects to sql database
    $connect = @mysql_connect("localhost",$user,$password) or die("Unable to Connect");
    
    //load database
    $database = @mysql_select_db("my_database",$connect) or die("Database Connection Failed");

    //create required database query
    $query = "select * from customers where username=\"$username\" and password=\"$pass\"";

    //runs created query
    $result = mysql_query($query,$connect) or die("Database Query Failed");

    //compares user's login details with database records
    $matches = mysql_numrows($result);


    if ($matches != 0)
      {
    //Save login details to Session variables
    $_SESSION['username'] = $_POST['username'];
    $_SESSION['pass'] = $_POST['pass'];
      }
    else
      {
    //print failed login message
    $msg = "Login Failed";
    echo("<html><body>".$msg."</body></html>");
      }

  }


//retrive user information from database using stored Session information
if (isset($_SESSION['username']) and ($_SESSION['pass']))
  {
    //database login details
    $user = "root"; $password = "password";
    
    //connects to sql database
    $connect = @mysql_connect("localhost",$user,$password) or die("Unable to Connect");
    
    //load database
    $database = @mysql_select_db("my_database",$connect) or die("Database Connection Failed");

    //create required database query
    $query = "select * from customers where username=\"$username\" and password=\"$pass\"";

    //runs created query
    $result = mysql_query($query,$connect) or die("Database Query Failed");

    //compares user's login details with database records
    $matches = mysql_numrows($result);


    //authenticate user login
    if ($matches != 0)
      {
    //Display Login Welcome Message
    $msg = "Hello, ";
    
    //retrives user's name from the database query
    while($row = mysql_fetch_array($result))
      {
        //print login result
        echo("<html><body>".$msg.$row["forename"]."<form action=\"./scripts/logout.php\"><input type=\"submit\" value=\"Logout\"></form></body></html>");      
      }
      }
}
else
  {
?>
    <html>
    <body>
      <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
    Username:<input type="text" name="username">
    Password:<input type="text" name="pass">
      <input type="submit" value="Login">
      </form>
    </body>
    </html>
<?php
  }
?>

Link to comment
Share on other sites

<?php
    session_start();
    
    if (isset($_POST['pass']))
    {
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['pass'] = $_POST['pass'];
    }
    
    if (isset($_SESSION['username']))
    {
        echo("Username = ".$_SESSION['username']." Password = ".$_SESSION['pass']);
    }
    else
    {
        ?>
            <html>
            <body>
              <form action="<?php PHP_SELF; ?>" method="post">
                Username:<input type="text" name="username">
                Password:<input type="text" name="pass">
                <input type="submit" value="Login">
              </form>
<a href="./?logout=true">Logout</a>
            </body>
            </html>
        <?php
            
    }

if (isset($_GET['logout']))
{
session_destroy();
}
?>

Link to comment
Share on other sites

  • 3 months later...
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...