What's Here?

Members: 109,491
Replies: 414,275
Topics: 62,995
Snippets: 2,288
Tutorials: 610
Total Online: 1,190
Members: 62
Guests: 1,128

Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 109,491 PHP Programmers for FREE! Ask your question and get quick answers from experts. There are 1,190 online right now! We've got more than 500 tutorials and 2,000 snippets. Join and find out why Dream.In.Code is the #1 programming help community on the internet! Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert Register to Make This Box Go Away!

PHP login form issues

PHP login form issues, Trying to fix an issue with $_SESSIONS

Options

livelonger87	26 Jun, 2008 - 07:59 PM Post #1
New D.I.C Head Joined: 27 May, 2008 Posts: 20 My Contributions	This is my current page... CODE <?php session_start(); require("connect.php"); $check_ban = array(); ?> <html> <head> <style type="text/css"> .body { background-color: gray; border: 2px solid orange; } #header { width: 1024px; height: 150px; background-image: url("/images/header.gif"); background-repeat: no-repeat; border: 2px dotted orange; text-align: left; font-family: verdana; } #content { width: 1024px; height: 800px; background-color: white; border: 1px dotted black; } #navigation { width: 42px; height: 700px; background-color: #E6E6E6; float: left; border: 1px dotted black; } #login { width: 240px; height: 150px; background-image: url("/images/login.gif"); border: 2px solid black; float: right; overflow: auto; } #signup { position: relative; top: 50px; left: 90px; width: 450px; height: 550px; background-color: #E6E6E6; border: 2px solid orange; float: left; overflow: auto; } #banned { width: 1024px; height: 768px; border: 2px solid black; font-family: verdana; font-size: 12px; padding: 10px; background-image: url("/images/Banned.gif"); } </style> </head> <body> <?php $login_user = stripslashes($_POST['username']); $login_pass = stripslashes($_POST['password']); $q = "SELECT * FROM `Registered_users` WHERE `Username`='$login_user'"; $result = mysql_query($q); $array = mysql_fetch_array($result); if($array['Banned'] == 'Yes') { ?> <div id="banned"> You have been banned! </div> <?php } else { ?> <div id="header"> <?php if($_SESSION['loggedin'] == false) { ?> <div id="login"> <?php if($_POST['login_this_user']) { if($login_user == NULL \|\| $login_pass == NULL) { print "You must enter a username and/or password before logging in. <br><br>"; } else { print "Logging in as <b>$login_user</b>... <br><br>"; $q = "SELECT * FROM `Registered_users` WHERE `Username`='$login_user' AND `Password`='$login_pass'"; $result = mysql_query($q); if(!$result) { print "Error: <br>"; } else { $check = 0; while($line = mysql_fetch_assoc($result)) { $check++; } if($check == 1) { $_SESSION['loggedin'] == '1'; setcookie("randomusername", "$login_user", time()+3600); header("location: index.php?login=1&user=username&id=user"); } else { $_SESSION['loggedin'] == false; header("Location: index.php"); } } } } ?> <br> Please login... <br> <br> <form action='<?php echo $_SEVER['PHP_SELF']; ?>' name='login_user' id='login_user' method='post'> <table> <tr> Username: <center><input type='text' name='username' id='username'></center> </tr> <tr> Password: <center><input type='password' name='password' id='password'></center> </tr> <tr> <center><input type='submit' value='login' name='login_this_user' id='login_this_user'></center> </tr> </table> </form> </div> <?php }; if($_SESSION['loggedin'] == '1') { ?> <div id="login"> <?php if($login_user == "Dave") { print "Welcome <b>Admin</b><br>"; } else { print "Welcome <b>$login_user</b><br>"; } ?> </div> <?php }; ?> </div> <div id="content"> <div id="navigation"> <a href="index.php"> <img src="/images/Home.gif"> </a> <a href="logout.php"> <img src="/images/Logout.gif"> </a> <a href="createtopic.php"> <img src="/images/Msg.gif"> </a> <a href="admin.php"> <img src="/images/Admin.gif"> </a> <a href="memberlist.php"> <img src="/images/Memberlist.gif"> </a> </div> <?php if($_SESSION['loggedin'] == false) { ?> <div id="signup"> <?php if($_POST['signup_this_user']) { function forbidden_chars($age_chars) { $a = array(); $a[] = "a"; $a[] = "b"; $a[] = "c"; $a[] = "d"; $a[] = "e"; $a[] = "f"; $a[] = "g"; $a[] = "h"; $a[] = "i"; $a[] = "j"; $a[] = "k"; $a[] = "l"; $a[] = "m"; $a[] = "n"; $a[] = "m"; $a[] = "o"; $a[] = "p"; $a[] = "q"; $a[] = "r"; $a[] = "s"; $a[] = "t"; $a[] = "u"; $a[] = "v"; $a[] = "w"; $a[] = "x"; $a[] = "y"; $a[] = "z"; $a[] = "A"; $a[] = "B"; $a[] = "C"; $a[] = "D"; $a[] = "E"; $a[] = "F"; $a[] = "G"; $a[] = "H"; $a[] = "I"; $a[] = "J"; $a[] = "K"; $a[] = "L"; $a[] = "M"; $a[] = "N"; $a[] = "O"; $a[] = "P"; $a[] = "Q"; $a[] = "R"; $a[] = "S"; $a[] = "T"; $a[] = "U"; $a[] = "V"; $a[] = "W"; $a[] = "X"; $a[] = "Y"; $a[] = "Z"; $replace = "Age must be an integre, not a character. <br>"; return str_replace($a, $replace, $age_chars); } $check_username = array(); $username = mysql_real_escape_string(stripslashes($_POST['signup_username'])); $password = mysql_real_escape_string(stripslashes($_POST['signup_password'])); $pass_conf = mysql_real_escape_string(stripslashes($_POST['pass_conf'])); $email = mysql_real_escape_string(stripslashes($_POST['signup_email'])); $email_conf = mysql_real_escape_string(stripslashes($_POST['email_conf'])); $age = $_POST['age']; $interests = mysql_real_escape_string(stripslashes($_POST['interests'])); $about = mysql_real_escape_string(stripslashes($_POST['about_you'])); $uname_length = strlen($username); $pword_length = strlen($password); $inter_length = strlen($interests); $a_length = strlen($about); $age_length = strlen($age); if($username == NULL \|\| $password == NULL \|\| $pass_conf == NULL \|\| $email == NULL \|\| $email_conf == NULL \|\| $age == NULL \|\| $interests == NULL \|\| $about == NULL) { print "You must fill in the required fields in order to signup. <br>"; } else if($password != $pass_conf) { print "You must enter corresponding passwords. <br>"; } else if($email != $email_conf) { print "You must enter corresponding emails. <br>"; } else if(in_array(forbidden_chars, $age)) { print "Age must be an int, not a char. <br>"; } else if($uname_length > 10) { print "Username must be less than 10 characters. <br>"; } else if($p_length > 10) { print "Password must be less than 10 characters. <br>"; } else if($age_length > 3) { print "You cannot possibly be up to a 1000 years of age can you?<br>"; } else if($a_length > 200) { print "You must shorten your 'about you' length to a character length below 200. <br>"; } else if($inter_length > 200) { print "You must shorten your 'interests' length to a character length below 200. <br>"; } else { $insert_user = mysql_query("INSERT INTO Registered_users (Username, Age, Password, Email, About, Interests) VALUES ('$username', '$age', '$password', '$email', '$about', '$interests')"); } if(!$insert_user) { print "Error 1015: Cannot transmit queries to database the selected table <br>"; } else { print "Thank you <b>$username</b> for signing up to GTD!<br> Have fun posting!<br>"; } } ?> <form action="index.php" id="signup_user" method="post"> Please signup if you haven't. Benefits include; the ability to view posts, topics; the ability to gain access to downloads, downloads include; music, games, films, software and more; the ability to also post discussions and replies to current dicussions, as well as images and videos. You can also contribute to the community by adding website links to the web archive located within the archive section. <br> <br> <center> <table> <tr>Username: <input type="text" name="signup_username" id="signup_username"></tr> <tr>Password: <input type="text" name="signup_password" id="signup_password"></tr> <tr>Password confirmation: <input type="text" name="pass_conf" id="pass_conf"></tr> <tr>Email: <input type="text" name="signup_email" id="signup_email"></tr> <tr>Email confirmation: <input type="text" name="email_conf" id="email_conf"></tr> <tr>Age: <input type="text" name="age" id="age"></tr> <tr>Interests: <input type="text" name="interests" id="interests"></tr> <tr>About you: <input type="text" name="about_you" id="about_you"></tr> <tr><input type="submit" value="Signup" name="signup_this_user" id="signup_this_user"></tr> </table> </center> </form> </div> <?php }; ?> <?php if($_SESSION['loggedin'] == '1') { ?> <div id="signup"> Welcome <b><?php print "$login_user"; ?></b><br> </div> <?php }; ?> </div> <?php } ?> </body> </html> It logs me in because the address bar displays the hyperlink I requested for a successful login session. However, it still displays the login and signup forms when it should be displaying welcome messages. I'm not sure about where I've gone wrong here :confused:
	This Post Was Helpful! ^New!

Register for Free to Make This Ad Go Away!

no2pencil	26 Jun, 2008 - 08:04 PM Post #2
Wet D.I.C. Joined: 10 May, 2007 Posts: 4,942 Thanked 27 times Dream Kudos: 2325 Expert In: Goofing Off My Contributions	Can you print your session variables & assure that $_SESSION['loggedin'] is getting set before you do your conditional testing on it? CODE <?php session_start(); Print_r ($_SESSION); .... html code ... if($_SESSION['loggedin'] == false) { ... } ?>
	This Post Was Helpful! ^New!

JBrace1990

26 Jun, 2008 - 09:43 PM

Post #3

D.I.C Regular

Joined: 9 Mar, 2008
Posts: 427

Windows

Thanked 19 times

Dream Kudos: 350
My Contributions

ok, I found the problem.... it's in this section of code, and i'll explain it to you:

php

if($_POST['login_this_user'])
{
    if($login_user == NULL || $login_pass == NULL)
    {
        print "You must enter a username and/or password before logging in. <br><br>";
    }
    else
    {
        print "Logging in as <b>$login_user</b>... <br><br>";
        
        $q = "SELECT * FROM `Registered_users` WHERE `Username`='$login_user' AND `Password`='$login_pass'";
        $result = mysql_query($q);
        if(!$result)
        {
            print "Error: <br>";
        }
        else
        {
        $check = 0;

        while($line = mysql_fetch_assoc($result)) {
         $check++;
        }
        if($check == 1)
        {
        $_SESSION['loggedin'] == '1';
        setcookie("randomusername", "$login_user", time()+3600);
        header("location: index.php?login=1&user=username&id=user");
        }
        else
        {
        $_SESSION['loggedin'] == false;
        header("Location: index.php");
        }
        }
    }
}
?>
<br>
Please login...
<br>
<br>
<form action='<?php echo $_SEVER['PHP_SELF']; ?>' name='login_user' id='login_user' method='post'>
<table>
<tr>
Username:
<center><input type='text' name='username' id='username'></center>
</tr>
<tr>
Password:
<center><input type='password' name='password' id='password'></center>
</tr>
<tr>
<center><input type='submit' value='login' name='login_this_user' id='login_this_user'></center>
</tr>
</table>
</form>
</div>
<?php
};

now, your login form is outside the if, but it's not in an else... by keeping it there, as long as ($_SESSION['loggedin'] == false), it will display the table with the form... to fix it, just add an else statement going around the form =)

This Post Was Helpful! ^New!

Martyr2	26 Jun, 2008 - 10:29 PM Post #4
Programming Theoretician Joined: 18 Apr, 2007 Posts: 4,356 Thanked 81 times Expert In: C/C++, Java, VB, VB.NET, C#, PHP, Web Development, HTML & CSS, Javascript My Contributions	Another note to add is that you are attempting to assign a value to a session variable using a double equal sign like $_SESSION['loggedin'] == '1'; Remember that double equal sign is a relational operator. As in, it is used for comparing. So your statement there is saying does the session variable "loggedin" equal 1. It will return true or false, not assign 1 to the session variable. You do this for $_SESSION['loggedin'] == false; as well. Again you are comparing here, not assigning the value. If you are confused, read up on the double equal sign relational operator versus the single assignment operator.
	This Post Was Helpful! ^New!