Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Session for login

session login

  • Please log in to reply
1 reply to this topic

#1 newphpcoder

newphpcoder

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 527 posts

Posted 06 May 2011 - 12:25 AM

I have a login form, when the user input his correct username and password he will go to the machine1 and in the machine1 theres a logout hyperlink. My problem is when the user already logout and he type in the url http://localhost/machine1/machine1.php he can view the machine1 which is wrong because he is already logout. I want is if the user did not login he cannot view the machine1.

All I mean is when the user tried to go in machine1 even he is not already login, instead of locating him in machine1 he will locate to the index.php which is the login form. and when the user is already login he cannot go back to the index.php because he is already login.

I have no idea regarding the code to solve this kind of problem.


here is my index.php or login form:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 h2 strong {
color: #06F;
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
#form1 p label {
color: #009;
}
</style>
</head>

<body>
<form id="form1" name="form1" method="post" action="">
<h2><strong>       LOGIN FORM</strong></h2>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>                    
<input type="submit" name="submit" id="submit" value="Submit" />
</p>

<?php
include 'connection.php';

if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];


$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string(sha1($password));


mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");

$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";


$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("location:machine1.php");
}
else {
echo "Wrong Username or Password";
}
}

?>
</form>
</body>
</html>


and here is my code for machine1

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>

</head>
<body>
<form name="machine1" action="machine1.php" method="post">

<p>
<?php
session_start();

$sort = "ASC";
$data_sort = "Emp_ID";

if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "DESC";
}
else{
$sort = "ASC";
}
}


if (isset($_GET['field_name'])) {
if($_GET['field_name'] == 'Emp_ID'){
$data_sort = "Emp_ID";
}
elseif($_GET['field_name'] == 'Last_Name'){
$data_sort = "Last_Name";
}
elseif($_GET['field_name'] == 'First_Name'){
$data_sort = "First_Name";
}
elseif($_GET['field_name'] == 'Birthday'){
$data_sort = "Birthday";
}
}
?>
                                                                                      <a href="logout.php">Log out</a> </p>
<table border="1">
<tr>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Emp_ID">Emp ID</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Last_Name">Last Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=First_Name">First Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Birthday">Birthday</a></td>
<td>Option</td>
</tr>

<?php
include 'connection.php';

if (isset($_GET['pageno'])) {
$pageno = $_GET['pageno'];
} else {
$pageno = 1;
}
$query = "SELECT count(*) FROM tbl_machine1";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
$query_data = mysql_fetch_row($result);
$numrows = $query_data[0];

$rows_per_page = 5;
$lastpage = ceil($numrows/$rows_per_page);

$pageno = (int)$pageno;
if ($pageno > $lastpage) {
$pageno = $lastpage;
}
if ($pageno < 1) {
$pageno = 1;
}

$limit = 'LIMIT ' .($pageno - 1) * $rows_per_page .',' .$rows_per_page;

$query = "SELECT * FROM tbl_machine1 ORDER BY $data_sort $sort $limit";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);


while($info = mysql_fetch_array( $result ))
{
$emp_id = $info['Emp_ID'];
$lname = $info['Last_Name'];
$fname = $info['First_Name'];
$bday = $info['Birthday'];
$date = date('d-m-Y', strtotime($bday));
?>
<tr>
<td><?php echo $emp_id;?> </td>
<td><?php echo $lname;?> </td>
<td><?php echo $fname;?> </td>
<td><?php echo $date;?> </td>
<td><a href = 'edit.php?id=<?php echo $emp_id; ?>'>Edit</a> <a href='delete.php?id=<?php echo $emp_id; ?>' onClick="return confirm('Are you sure you want to delete?')">Delete</a></td>
</tr>
<?php
}
?>
</table>
<A HREF="javascript:void(0)" onClick="window.open('add.php','welcome','width=300,height=200')">
<input type="button" name="add" value="ADD"> </A>  

<?php

if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "ASC";
}
else{
$sort = "DESC";
}
}

if ($pageno == 1) {
echo " FIRST PREV ";
} else {
?>
<a href="machine1.php?pageno=1&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">FIRST</a>
<?php
$prevpage = $pageno-1;
?>
<a href="machine1.php?pageno=<?php echo $prevpage;?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">PREV</a>

<?php
}
echo " ( Page $pageno of $lastpage ) ";

if ($pageno == $lastpage) {
echo " NEXT LAST ";
} else {
$nextpage = $pageno+1;

?>

<a href="machine1.php?pageno=<?php echo $nextpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">NEXT</a>
<a href="machine1.php?pageno=<?php echo $lastpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">LAST</a>
<?php
}
?>
</body>
</html>


and this my code for my logout:

<?php
session_start();
session_destroy();

header ("Location: index.php");
?>


I really need to solved it and I hope somebody can help me.
Thank you
  • 0

#2 komprenda

komprenda

    CC Lurker

  • Just Joined
  • Pip
  • 1 posts

Posted 06 May 2011 - 02:34 AM


<?php ob_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
#form1 h2 strong {
color: #06F;
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
#form1 p label {
color: #009;
}
</style>
</head>

<body>
<form id="form1" name="form1" method="post" action="">
<h2><strong>       LOGIN FORM</strong></h2>
<p>
<label for="username">Username: </label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password: </label>
<input type="password" name="password" id="password" />
</p>
<p>                    
<input type="submit" name="submit" id="submit" value="Submit" />
</p>

<?php
include 'connection.php';

if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];


$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string(sha1($password));


mysql_query("UPDATE tbllogin SET password = '$password' WHERE username = '$username'");

$sql="SELECT * FROM tbllogin WHERE username='$username' and password='$password'";


$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_start();
$_SESSION["username"] = $username;
header("location:hello.php");
die;
}
else {
echo "Wrong Username or Password";
}
}

?>
</form>
</body>
</html>


hello.php

<?php
session_start();
echo "<p>Hello, {$_SESSION["username"]}!</p>";
?>

  • 0





Also tagged with one or more of these keywords: session, login

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download