Jump to content

PHP Login System


Recommended Posts

Hi there,I need some help about the login system i made a usual login system which the user and pass will store to database and get the information in the databaseand my problem is the permission or access to the likei have my post for example and i will put the link the edit post. i want to hide that to the guest/viewers.anyone here can share the codes thanks so much.

Link to post
Share on other sites

having $_SESSION["user"]["login"] whith default value being false when not logged-in then when a user logs-in you give this session var the value of true

<?php...your code...if(isset($_SESSION["user"]["login"]) && $_SESSION["user"]["login"] == true){?>	<a href="your_link">Edit</a><?php}...continue code...?>

Link to post
Share on other sites
having $_SESSION["user"]["login"] whith default value being false when not logged-in then when a user logs-in you give this session var the value of true
<?php...your code...if(isset($_SESSION["user"]["login"]) && $_SESSION["user"]["login"] == true){?>	<a href="your_link">Edit</a><?php}...continue code...?>

thanks for the code sir.if im not mistaken in session will store the user and pass of the admin and i need to change the user and login in your given source code?just a clarification sir thanks a lot
Link to post
Share on other sites

no, you should not store any password on the session and if you want it only for admin you shoud have something to differentiate the admin from other users - a column isadmin(bit) set to 1 if the user is an administrator and to 0 if it's not.then when your user logs in you have to had that info to the session to.your $_SESSION["user"] would be something like

$_SESSION["user"] = array("login"=>true,"username"=>"loged_user_name", "isadmin"=>true);

when the user is an administrator, and then your code to show the edit link will be

<?php...your code...if(isset($_SESSION["user"]["login"]) && $_SESSION["user"]["login"] == true && isset($_SESSION["user"]["isadmin"]) && $_SESSION["user"]["isadmin"] == true ){?>	<a href="your_link">Edit</a><?php}...continue code...?>

Link to post
Share on other sites

Here's the codemy check login php login

<?php$host="localhost";$username="";$password="";$db_name="test";$tbl_name="members";mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);$count=mysql_num_rows($result);if($count==1){session_register("myusername");session_register("mypassword");header("location:login_success.php");}else {echo "Wrong Username or Password";}?>

and this is the success login

<?session_start();if(!session_is_registered(myusername)){header("location:main_login.php");}?><html><body>Login Successful</body></html>

where should i insert the code you posted sir? sorry i got really confused about this thanks a lot for the effort sir

Edited by nielcleo
Link to post
Share on other sites

well, as was mentioned, instead of using session register, just assign some meaningful properties to the SESSION array instead, and then check for them in the array.this

if($count==1){  session_register("myusername");  session_register("mypassword");  header("location:login_success.php");}

becomes

if($count==1){  $_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true);    //you will need to determine the admin part by checking the result of   your query   header("location:login_success.php");}

and this

session_start();if(!session_is_registered(myusername)){  header("location:main_login.php");}?>

becomes this

if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){  //user has logged in authenticated, etc  //do admin check to show admin stuff if you need  if($_SESSION['user']['logged_in']['is_admin']){	//admin code here  };};

Edited by thescientist
Link to post
Share on other sites

that's simple. have you read about headers? They have called before any other on the page. no white space, no html tags, no nothing. simply enough, what is line 35?edit: http://www.w3schools.com/php/func_http_header.asp

Edited by thescientist
Link to post
Share on other sites

This part points to the problem: output started at C:\xampp\htdocs\1\checklogin.php:5On line 5 something was printed onto the page. Nothing should be printed before a header is send.

Link to post
Share on other sites
This part points to the problem: output started at C:\xampp\htdocs\1\checklogin.php:5On line 5 something was printed onto the page. Nothing should be printed before a header is send.
line 5 on checklogin.php or in the success.php?in checklogin the line 5 is <?php only and in success.php here's the code
<?session_start();if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){  //user has logged in authenticated, etc  //do admin check to show admin stuff if you need  if($_SESSION['user']['logged_in']['is_admin']){     };};?><html><body>Must Redirect to index.php and show the admin link..</body></html>

Edited by nielcleo
Link to post
Share on other sites

post all of checklogin. You say checklogin's line 5 is opening php tags. That means there's 4 line before it. Like we said, there can be no output before a header can be sent. no whitespace, html, nothing.

Link to post
Share on other sites

here's the checklogin

<?php$host="localhost";$username="testdb";$password="123";$db_name="db_table";$tbl_name="members";mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);$count=mysql_num_rows($result);if($count==1){  $_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true);   //you will need to determine the admin part by checking the result of   your query  header("location:success.php");}else {echo "Wrong Username or Password";}?>

and here's the new error when i remove the html tagWarning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\1\checklogin.php:3) in C:\xampp\htdocs\1\checklogin.php on line 33

Edited by nielcleo
Link to post
Share on other sites

it could be an issue of BOM. You should try re-saving your file and depending on the editor you use, try and very that you are saving your files without BOM, and UTF-8.edit: and just to verify, the php tag is the absolute first thing in the file? no empty lines or whitespace before it?

Edited by thescientist
Link to post
Share on other sites
it could be an issue of BOM. You should try re-saving your file and depending on the editor you use, try and very that you are saving your files without BOM, and UTF-8.edit: and just to verify, the php tag is the absolute first thing in the file? no empty lines or whitespace before it?
i use only notepad for this sir, ill check it it again..if you have editor to suggest thanks sir i have here frontpage only Edited by nielcleo
Link to post
Share on other sites

Hi again i want to add in the login system how can i make a permission on other account..i mean level of the accountfor example admin and member :) the admin can post and edit the post and the member only post but cant edit the post.. hmmm.. i got confused of this..

Link to post
Share on other sites

question sirabout system login here's the code for checklogin.php

<?php$host="localhost";$username="testdb";$password="123";$db_name="db_table";$tbl_name="members";mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);$count=mysql_num_rows($result);if($count==1){  $_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true);   //you will need to determine the admin part by checking the result of   your query  header("location:success.php");}else {echo "Wrong Username or Password";}?>

and the success.php

<?session_start();if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){  //user has logged in authenticated, etc  //do admin check to show admin stuff if you need  if($_SESSION['user']['logged_in']['is_admin']){	admin page  };};?>

i encounter problem when i log its successfully logged but the admin code's are not showed...

Link to post
Share on other sites

You need to use session_start on the login page also, it doesn't look like you are. Also, check your names:$_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true);if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){This isn't correct either:if($_SESSION['user']['logged_in']['is_admin'])It's just $_SESSION['user']['is_admin'].

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...