new to php

[Synook]

You set $_SESSION['logged_in'] when the person verifies himself. It is not a specified variable, we made it up, and you could just as well have used $_SESSION['dfasdgasdgasg'] if we wanted to (although that would be rather hard to remember). The following login page sets the $_SESSION['logged_in'] when the username and password are found in one record of a database

<?phpif (isset($_POST['login'])) {$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string($_POST['password']);$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");if (mysql_num_rows($result) == 1) $_SESSION['logged_in'] = true;else echo "Error: Incorrect username or password!";} else {?><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">Username: <input type="text" name="username" />Password: <input type="password" name="password" /><input type="submit" value="Log In" name="login" /></form><?php}?>

Can you see how we set $_SESSION['logged_in'] to true if the user is found? Therefore, the pages with the logged in test will look for that variable and if we find it (because we set it) then we allow content to be seen, but if they don't (because the variable hasn't been set) then we redirect the user to the login page.

[shadowayex]

Ok I think I kind of get it now. When they login we make that into a variable that says "Yes they are logged in" and it is checked each page and if it's not true then we just make them sign in again. Right?And I hit a problem testing out my sign-up page.It "signs up" empty fields, like if someone were to just click "Sign Up!" and not type anything, it will add that. I know I need to add an If statement that says "If the Username or Password fields are empty, write "Please fill in both the Username AND Password fields" and I know mostly how to do that, but I don't know how to make it recognize an empty field.Also, not a problem, but just asking for an opinion. Should I hash the Username too? I tried just because I wanted to and it works, but if two people have similar usernames it might hash to be the same. Is it safe to hash the username too or should I just hash the password and let the username go in as it is?And another question (yes I know, I'm probably being a bother) but for the login, I need to have the password hashed to check it with the database, so would the PHP have to look something like this:

<?php$link = mysql_connect('Host', 'Username', 'Password')    or die('Could not connect: ' . mysql_error());mysql_select_db('Database Name') or die('Could not select database');$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string($_POST['password']);$password_hash = sha1($password);$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");if (mysql_num_rows($result) == 1){  $_SESSION['logged_in'] = true;}else{  echo "Error: Incorrect username or password!";}?>

Right? I hope so.

[justsomeguy]

You can use the == operator to do a logical test, and you can compare field values with the empty string ("") to see if they are empty.Depending on the system, it's best not to hash the username. Hashes are one-way, so you can't read a user record from the database and decode the hash to get their username. For some systems that might be fine, for some systems you might not want to list users or something. But if you want to list users in the database or display usernames other then the user who is logged in then you can't hash the username. Also, similar strings do not produce similar hashes. At least not with a good hashing algorithm.And about hashing the password, don't use mysql_real_escape_string if you are going to hash it. That means you are hashing the escaped password, not the original password. And the hash doesn't need to be escaped, it only contains hex digits.

[shadowayex]

So I should add in something that looks like:

<?phpif ($username == ""){  echo "Please enter your username."}else if ($password == ""){  echo "Please enter your password."}else{  *PHP Code for the signup*}?>

Would that work? or did I royally mess that up. I'm getting how this all works now, just kind of need to learn what I use to solve what problems and what's allowed. And I took the escape off of the hash. Thanks for letting me know that. I would've never knew.Oh and another questions that goes with my hopefully correct solving of that problem, can you put if statements in if statements?Like is that were right, after the else where I put "*PHP Code for the signup*" I'd have to put this:

$check = mysql_query("SELECT * FROM users WHERE Username='$username'");if (mysql_num_rows($check) == 0){  mysql_query("INSERT INTO users (Username, Password) VALUES ('$username', '$password')");}else{  echo "Username is already registered. Please select another.";}

So...will it work?

[boen_robot]

Of course you can put if inside if.

if (condition) {  if(condition) {//do something  }else {//do something else  }}

is a perfectly valid construct (well, except maybe the "condition" parts, which need to be filled of course).

[Synook]

If condition was a declared constant then it would work. Some scripts have configuration files that look at a number of variables, and then declare a single contant on the page. So for example if your system got really complicated then you may end up declaring a constant LOGGED_IN at the start of the page based on a number of factors. Then you could doif (LOGGED_IN) ... phpBB makes extensive use of this, but only if your code gets really complex will you need to start using constants.

[shadowayex]

One last question then I should be good for a while. In the condition, instead of putting two different if's for each of the fields, can I combine them into one. Like if I put something like:

<?phpif ($username OR $password == ""){  echo "Please fill in all fields."}else{  *sign up code*}?>

Would it work, of is there some other word or something I can use.

[Ingolme]

In PHP you don't use "OR" you use a double bar ( || ). And you'd need to declare the condition for each of the variables separately, like this:if($username == "" || $password == "")

[shadowayex]

Ok, thank you everyone!

[justsomeguy]

In PHP you don't use "OR" you use a double bar ( || ).

You can also use OR, XOR, and AND in addition to || and &&. The only difference is precedence.http://www.php.net/manual/en/language.oper...tors.precedence

[Synook]

If you write if ($username OR $password == "") that means "if the $username is true or the $password equals nothing"

[shadowayex]

Ok not really a problem but just a question. Is it possible to write an if statement that gets the user's resolution and displays a page setup that works for them. Like:

<?php$res = *code that gets resolution*;if ($res == 800 x 600){  echo "*HTML and stuff for the 800 x 600 version of the page*"}else if ($res == 1024 x 768){  echo "*HTML and stuff for the 1024 x 768 version of the page*"}*And so on for other resolutions*?>

Is there a way to do that with PHP? Or any scripting languages. I can always learn another language.

[zppblood]

You can with JavaScript

<script type="text/javascript">  alert(screen.width+"x"+screen.height);</script>

[shadowayex]

You can with JavaScript

<script type="text/javascript">  alert(screen.width+"x"+screen.height);</script>

Um, I'm confused on how that works.

[Ingolme]

I don't recommend pages that adjust by the resolution: Some computers have panoramic screens or have different unknown kinds of resolutions. The best thing is to make a dynamically changing design, or give it a static width that is suitable for most people. (760px is usually my choice if the page is static)

[shadowayex]

Oh ok, I kind of figured that it was going to be a no go. But I thought I'd give it a shot. Well, I think I'm good for now. Thanks for all your help everyone.

[shadowayex]

Ok, so everything works. But now I want to make it so when they log in, it redirects them to the home page. As of right now I just have it pop up a link when the sign in is successful that they can press that takes them to the home page. Is there a PHP code that says "If the log-in is successful, redirect user to homepage."?

[justsomeguy]

No, there's not one piece of PHP code that says all that. But you can use the header function to send a location header and redirect them wherever you want.

[killboy]

Ok, so everything works. But now I want to make it so when they log in, it redirects them to the home page. As of right now I just have it pop up a link when the sign in is successful that they can press that takes them to the home page. Is there a PHP code that says "If the log-in is successful, redirect user to homepage."?

Well, I made a simple function that allows to do what you want:

function redirect($pag){	$dir="/directory/";switch ($pag){	case ($dir."index.php"):	$pagina_actual="formulario_ingreso.php";	break;	case ($dir."formulario_ingreso.php"):	$pagina_actual="index.php";	break;	case ($dir."ingresar_usuario.php"):	$pagina_actual="index.php";	break;	case ($dir."matriz.php"):	$pagina_actual="ver_matriz.php";	break;	case ($dir."ver_matriz.php"):	$pagina_actual="matriz.php";	break;	case ($dir."admon.php"):	$pagina_actual="panel_admon.php";	break;	case ($dir."panel_admon.php" || $dir."formulario_eliminacion.php"):	$pagina_actual="admon.php";	break;		}return $pagina_actual;}

The function is set to receive the $PHP_SELF var as a parameter, and depending on its value, it'll return the URL of a certain page.Now, make a another .php file that redirects people. Something like this:

$redirection = redirect($_SERVER['PHP_SELF']);echo "Succeded...<META HTTP-EQUIV='refresh' CONTENT='2; url=".$redirection."'>"

I hope that helps...

[shadowayex]

Ok well I haven't tried the function kill boy wrote. I don't know how to use it or anything, and I tried using a header location and got this error:Warning: Cannot modify header information - headers already sent by (output started at /home/www/customhomepage.freehostia.com/login.php:16) in /home/www/customhomepage.freehostia.com/login.php on line 45So...I'm not sure what I did wrong. The way I did it might be bad. After the login If statement that makes it so the session is set I put another If statement that looks like this:

if (isset($_SESSION['logged_in'])){   header('location: home.php');}else{   echo "";}

The first line in that happens to be line 45 in the document.Is that my problem? I'm not really sure how to do it. But I need to add one to my signup page as well.

[zppblood]

You can't send the header because you outputted something, and must put it before you outputted something or use output buffering.

[justsomeguy]

Check the PHP tips topic in this forum for information about that error including how to fix it.

[shadowayex]

Ok new issue. You know how myspace has their link that sends users to their home section. I assume they use some special code to direct them to their page depending on their login criteria or something. How do you do that?

[justsomeguy]

There's not one way to do that. It depends totally how you set up your application. Having never used MySpace, I'm not sure specifically how they have it set up. You can either redirect all users to a common home page and look up their session information to see which user it is and get their content, or look up their session information first and then redirect them to a specific home page just for their user. It depends how you want to set it up.

[shadowayex]

There's not one way to do that. It depends totally how you set up your application. Having never used MySpace, I'm not sure specifically how they have it set up. You can either redirect all users to a common home page and look up their session information to see which user it is and get their content, or look up their session information first and then redirect them to a specific home page just for their user. It depends how you want to set it up.

Well either way could work. But the site I'm making people can build their own custom homepage. They'll be able to do it using one of three option. Looking up premade pages and using all or parts of those and adding their own typing, using a generator to ustomize it fully without having to really know a thing about webpage design, or make one completely and utterly from scratch. The controls on their control panel page will depend on what one of those options they chose, as well as an option to change to one of the other two if things change. So based off of that, I think having three premade pages and having the content displayed depend on the user setting would work, if possible.