Jump to content

Validate sign in?


Sharkadder

Recommended Posts

Hi,On my website i have given users the ability to buy things, in order for the user to buy something they have to press the "add to basket" button.Now what i want is a script that will allow the user to only purchase once signed in. So the user will press the appropiate button, if they are signed in the item will be added to basket, if they arn't it will display a page with login and underneath saying sign up if you don't currently have an account. All the sign up details are kept within a my sql database. Once the button is clicked i have some javascript that will add the item to the basket.The reason i am posting in here is because i wasn't sure if javascript could do my sql table lookup's to check for usernames or passwords once a button is pressed. So what do you reckon will be the best way to, check that a user is signed in once add to cart is pressed? if the user isn't currently signed in then the user will get taken to another page, otherwise the item get's added to cart and they continue shopping.I could of probably posted this in the javascript forum as well but i figured it's more an sql thing i am wanting to know. I will probably need something like once the user fills in username and password and presses sign in, a table lookup is then done, if correct a field within the table will then change to signed in, i will need some sort of cookie to sign them out automatically when so much inactivity has happened.Thanks any help/coding examples is well apprechiated.

Link to comment
Share on other sites

Let them add things to the cart without needing to sign in. Once they go to checkout then do the account check at that point. You can't use Javascript alone to check the database, you'll need to use something like a PHP script. You can have Javascript send out an AJAX request for the PHP script if you want, or just load it normally.

Link to comment
Share on other sites

i've never used AJAX before. Basically when you press add to cart, the only other button's you can press to do with checkout are, view cart or checkout, these links lead to a CGI page within paypal's main website so i cannot do that.I know that i can do a login script via php which i can now probably do with a bit of research but not sure how i would go about making them sign up if not signed in once they reach checkout. Are you suggesting i create my own checkout and not use the default paypal one? Or are you suggesting that when they click "view cart" or "checkout" it will actually ask them to log into their account? I am not sure how to do a check on if somebody is logged in or not otherwise i would.I know the standard paypal CGI page for website payments have a button called "continue to checkout" or something along them liines, however i don't think i can change that buttons link from the default, otherwise i would include it then.Thanks hope i have explained a bit more and that you can help me out

Link to comment
Share on other sites

If the view cart and checkout links are regular text links, then you can have those links point to an intermediate page on your site that checks if the user is logged in and, if so, redirects them to the PayPal link. If they are form submit buttons you can probably still set something up like that, it would just take a little more time and one more step, the user would basically have to click the button twice. There's a thread here about using PHP to register and log in users:http://w3schools.invisionzone.com/index.php?showtopic=12509

Link to comment
Share on other sites

thanks for the info, i have some basic code on setting this up in php but not sure how effective it is going to be. I am going to try it tomorrow anyways.The only problem i can see with code i have and the one in the link you posted is staying alive time. From what i read it seems that you are logged in just for that 1 page, once i switch pages my session will then end and i will have to re-log in again, that's if what i think is going to happen is correct. I will also probably need a check to see if your logged in or not for various links within my menu bar, e.g. i could have "my account" blocked out until signed in, although a good idea is probably just display login once that link is pressed.thanks, maybe i got the session timing wrong and it does indeed keep the sign in alive throughout the whole ongoing website viewing process.

Link to comment
Share on other sites

The session has a certain expire time, the default is 24 minutes. It will expire 24 minutes after the last time the user clicks, or when they close their browser. So if the user is visiting several pages the same session will stay active unless it expires on them because they haven't clicked in a while. Sessions are only for a single server, you can't take your session with you to another server. Any page that uses the session needs to use PHP's session_start function before it does anything with the session, reading or writing.

Link to comment
Share on other sites

thanks for that dude, i am going to try some code now, i think i'm going to try and include a remember me checkbox and a forgot password link if i can but that will be done at a later date. I tried some login script code i had last night and it worked, although it was just the sessions i was worried about.I will let you know how it goes anyways and if i need help with anything then i will ask.

Link to comment
Share on other sites

Ok dude, i have tried some code and unfortunately i have hit a dead end. I have various pieces of code, some work, others are meant to work but don't and others are just being a pain in the backside, so here is what i like to do.I use php 4 to create a nice login form, the form itself will communicate with the mysql database, i type in username and password, press login and it tells me that my username and password are correct. If i type in invalid username and password it tells me that they are wrong. This all being good however some other scripts i have found have interested me a lot more, although i have not managed to get them to work :-(.So here is some code i have for my login page, this is just html:main_login.php<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"><tr><form name="form1" method="post" action="checklogin.php"><td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"><tr><td colspan="3"><strong>Member Login </strong></td></tr><tr><td width="78">Username</td><td width="6">:</td><td width="294"><input name="myusername" type="text" id="myusername"></td></tr><tr><td>Password</td><td>:</td><td><input name="mypassword" type="text" id="mypassword"></td></tr><tr><td> </td><td> </td><td><input type="submit" name="Submit" value="Login"></td></tr></table></td></form></tr></table>As you can see the above code is just simple html, forgive the usage of tables, that is just there until i can get something working properly for what i need. Ok now the user get's taken to that page to begin with. Once the user presses "Login"a check is then done on the username and password to make sure it is correct, the code ofr this file is show here:checklogin.php<?php$host="localhost"; // Host name$username="username"; // Mysql username$password="password"; // Mysql password$db_name="databasename"; // Database name$tbl_name="table"; // Table name// Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");// username and password sent from form$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];// To protect MySQL injection (more detail about MySQL injection)$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $myusername and $mypassword, table row must be 1 rowif($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php"session_register("myusername");session_register("mypassword");header("location:login_success.php");}else {echo "Wrong Username or Password";}?>Ok that is the code i have to check login details, i have changed my server details deliberately for obvious reasons when posting code, i can assure you that these details are correct when i try it on my server. Ok now once the username and password have been validated it then calls on another page to say login has been successful, this page is called login_success.php and the code is shown here:<?session_start();if(!session_is_registered(myusername)){header("location:login.php");}?><h1>login successful</h1>Ok that is my code, what i need is my code modifying so that i can have a remember me feature, so for example they will be a page which either has "click here to sign in" or it will have "welcome username" (where username is the actual username). Once you click sign in, you will be taken to the main_login form, if you are already signed in then you don't need to sign in.Now that is the part i am stuck on, how i actually get the remember me feature to work, how i store the sign in values in a cookie, also how i get the sign in/welcome text to display depending on the values within the cookie.I have looked at code to do with "remember me" features using cookies, everytime i try to incorperate them within my code, all i get is a blank screen. Maybe the examples i have found are for php5 and not 4, can anybody help me here? i have tried for about 5 days now and i cannot get the remember me features to work at all in the way i want.So to recap, the code i have posted works for logging in, what i need is help with a remember me feature which will use cookies and a page before main_login.php, this page will have a typerlink to main_login.php file if not logged in, otherwise it will say welcome username.thanks, if this post needs moving to php section then please move it admin/moderator

Link to comment
Share on other sites

All you need to do is set the cookie if they clicked the checkbox, and when you check if they're logged in you check the cookie before the session. If the cookie is set then you copy the information in the cookie into the session so that you don't need to keep checking the cookie. You can use setcookie to create the cookie and you check it using the $_COOKIE array the same way you do with $_SESSION. Keep in mind that cookies are not available on the same page that you set them, the page has to be refreshed for the cookie to be available. It's also not the best idea to use a header redirect after you set a cookie, if you need to set a cookie and then redirect use a meta refresh instead of a location header. Cookies also have problems being set if the domain is localhost, so it's best to test on a live server.http://www.php.net/manual/en/function.setcookie.php

Link to comment
Share on other sites

Hi, just an update on my progress.I have managed to get some sort of thing working now. Basically i have an index page, the user visits it. If a cookie doesn't exsist with sign in data then it will bring up the login part of the form, otherwise it will say "welcome [username]"Once signed in the user can logout if they wish to do so. Once logged out the user can sign in again if they wish, the login form has a remember me button which is now working. You press that button and the next time you enter it will say "welcome [username].Now the only problem i have is some daft error what keeps coming up and i cannot think why, the system is working and the page loads underneath this error. the error in which i speak of is as shown below:Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at index.php:1) in index.php on line 2For reasons i do not need to go into, i have deleted the actual full hyperlink and just left index.php in the above error. Now to give you an idea of exactly what line 2 is, it's just a "session_start();" variable, why it brings up that error i am not sure. Do you have any idea what could be causing this? Surely i have to do the session_start check when the user first visits my index.php webpage so that i can display login or welcome message.The cookies are now created in a file called process.php, so they do not conflict with the index.php webpage when being viewed.thanks, if you need any further code i can post, otherwise can you explain what might be going wrong and how i can sort it out.

Link to comment
Share on other sites

well that is very strange, because all line one say is <?phpIf i put session_start() before that then it shouldn't make a difference. I have looked for examples on the internet and from what i can see all session_starts go the way i have done it, by this i mean like so:<?phpsession_start();so i don't get what the problem is, any other ideas?

Link to comment
Share on other sites

The error message says that output starts on line 1, so there must be something before the <?php tag. Any whitespace gets sent to the browser as output, if you have spaces or blank lines then that's your problem.

Link to comment
Share on other sites

ok thanks for that, i have just a few more questions. The problem i now have is, now i removed the white space which indeed i had after <?php i now have a problem.The page loads up white, it doesn't bring up the text saying click here to log in. If i go to the login.php page and sign in, then go back to the index.php page, it displays the message saying "[username], you are signed in", if i log out and then go back to the index.php page once logged out it says "welcome guest, click here to sign in". If i close the browser down and load it back up so that the cache has time to clear, the index.php page shows up as either welcome guest or welcome [username] depending on if you used the remember me feature. It seems to be just the first time you visit that web page that the page loads up as white, so how do i get around this problem?thanks man, if you need code i can post, my guess is it's looking for a cookie of which isn't created.because it's the first time i have visited the site. Will i need to call upon process.php when the user first visits the site?So what is the problem? Once i have got this sorted i have just 1 more question related to sql which i will ask once this is sorted.

Link to comment
Share on other sites

EDITok i solved it, what i did was included my code for the page within the condition statement to check is a cookie exsists, since a cookie doesn't exsist when you first visit the page, it just loaded up as blank.Ok now that is solved i just have 1 more question and then i am sorted. The question i have is this:How do i get data from a mysql table to display depending on a value from that row?.e.g. i know what the username is from a row of data from when the user signs in by checking a session or cookie variable value. But what i don't know is how i display all data from that row belonging to the person who has the desired username. So the page would look like this:username: [username]password: [password]them values would be imported depending on the row for the username within the table, hope you udnerstand what i mean

Link to comment
Share on other sites

ohhh right, so it's just like how i got the username and password from the database, right i get it.thanks for all the help, i think my time here is just about done, anything else i find i'll post but i think i'm well on my way now.Many thanks for the help

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...