divinedesigns1 Posted August 10, 2012 Share Posted August 10, 2012 hello, i am having a problem with my login script, when i log in the form remains on the page until i manually refresh the page, i was trying to add a endif to the script but when i do i end up with a error, can someone show me where i need to place this and how does it actually work readed the php.net already just need someone to clear it up for me, thanks whoops this is the script im using <?phpinclude_once 'php/conpo.php';if(isset($_SESSION['id'])){echo 'Welcome, ' . $_SESSION['name'] . '!';}else{echo '<form action="" method="post">';echo 'Email Address: ' . '<input type="email" name="email">' . '<br/>';echo 'Password: ' . '<input type="password" name="password">' . '<br/>';echo '<input type="submit" name="submit" value="Login">' . '</form>'; if(isset($_POST['submit'])){// define the variables for the login form$log_email = $_POST['email'];$log_pass = $_POST['password'];// start filtering from here$log_pass = preg_replace("#[^A-za-z0-9]I#", "", $log_pass);$log_pass = strip_tags($log_pass);$log_pass = stripslashes($log_pass);$log_email = strip_tags($log_email);$log_email = stripslashes($log_email); // checking for the foolish mistakes heheheheif(empty($log_pass) && empty($log_email)){echo 'No Account, No Enterance' . '<br/>';}if(empty($log_email)){echo 'Please Enter A Valid Email' . '<br/>';}if(filter_var($log_email, FILTER_VALIDATE_EMAIL) === false){echo 'Email address not valid' . '<br/>';}if(empty($log_pass)){echo 'Please Enter Your Password' . '<br/>';}else{if(!empty($log_email) && !empty($log_pass)){// Checking Filter before login$log_email = mysqli_real_escape_string($con, $log_email);$log_pass = mysqli_real_escape_string($con, $log_pass);$log_pass = md5($log_pass); // woot woot lets get this bastard in lol$query = "SELECT * FROM dodo WHERE email='$log_email' AND password='$log_pass'";$result = mysqli_query($con, $query);$log = mysqli_num_rows($result); // lets sets up some bastard sessionif($log > 0){while($row = mysqli_fetch_array($result)){// lets create a id session$id = $row['user_id'];$_SESSION['id'] = $id;// create a session for each user name$name = $row['name'];$_SESSION['name'] = $name;// create a session for each user email$log_email = $row['email'];$_SESSION['email'] = $log_email;// create a session for each user password$log_pass = $row['password'];$_SESSION['password'] = $log_pass;}}else{echo 'Invalid Email Address Or Password' . '<br/>';} }}}}?> thanks for all the help in advance Link to comment Share on other sites More sharing options...
justsomeguy Posted August 10, 2012 Share Posted August 10, 2012 You should check if the form was submitted and process it before doing anything else. The first thing you're doing is checking if the session is set, and then you're processing the form. That's the wrong order, the session isn't going to be set until after you've processed the form. Link to comment Share on other sites More sharing options...
divinedesigns1 Posted August 10, 2012 Author Share Posted August 10, 2012 You should check if the form was submitted and process it before doing anything else. The first thing you're doing is checking if the session is set, and then you're processing the form. That's the wrong order, the session isn't going to be set until after you've processed the form.ok i switch it around but im still getting the form instead of the person name Link to comment Share on other sites More sharing options...
thescientist Posted August 10, 2012 Share Posted August 10, 2012 show the code Link to comment Share on other sites More sharing options...
justsomeguy Posted August 10, 2012 Share Posted August 10, 2012 ok i switch it around but im still getting the form instead of the person nameSounds like you didn't do it right then, huh? Link to comment Share on other sites More sharing options...
divinedesigns1 Posted August 11, 2012 Author Share Posted August 11, 2012 Sounds like you didn't do it right then, huh?yeah, im rewriting the script again Link to comment Share on other sites More sharing options...
divinedesigns1 Posted August 11, 2012 Author Share Posted August 11, 2012 show the codei will in a few Link to comment Share on other sites More sharing options...
divinedesigns1 Posted August 11, 2012 Author Share Posted August 11, 2012 (edited) ok what am i doing wrong? i check if the form was submit first, and if theres any empty fields give an error, then i check if the information entered in the form matches the information in the db, then i count the rows that matches to that user, after all of that, then i check to see if the session is set or not but i still get the same result updated code <?phpsession_start();?><form action="" method="post">Username: <input type="email" name="email" />Password: <input type="password" name="password" /><input type="submit" name="submit" value="Login" /><?phpif(isset($_POST['submit'])){//define the form variables$email = $_POST['email'];$password = $_POST['password']; // filter the variable$password = preg_replace("#[^A-Za-z0-9]I#", "", $password);$password = stripslashes($password);$password = strip_tags($password);$email = stripslashes($email);$email = strip_tags($email); // check if the fields are empty or notif(empty($email) && empty($password)){ echo 'Incorrect Username Or Password' . '<br/>';}if(empty($email)){ echo 'Invalid Email Address' . '<br/>';}if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){ echo 'Please Enter A Valid Email' . '<br/>';}if(empty($password)){ echo 'invalid password' . '<br/>';}if(!empty($email) && !empty($password)){ // include the db include_once 'php/config.php'; // do another filter $email = mysqli_real_escape_string($con, $email); $password = mysqli_real_escape_string($con, $password); $password = md5($password); // once everything is filter, check to see if the email matches $log_query = "SELECT * FROM users WHERE email='$email' AND password='$password'"; $log_result = mysqli_query($con, $log_query); $log_check = mysqli_num_rows($log_result); if($log_check > 0){ while($row = mysqli_fetch_array($log_result)){ $id = $row['user_id']; $_SESSION['uid'] = $id; } }else{ echo 'bad'; }}}if(isset($_SESSION['uid'])){ echo 'Welcome ' . $_SESSION['uid'] . '!';} sorry for the late reply, had to head to workEdit: i changed the code, since i want to give updates about the changes i did Edited August 11, 2012 by DDs1 Link to comment Share on other sites More sharing options...
divinedesigns1 Posted August 11, 2012 Author Share Posted August 11, 2012 ok so above code got edited a few mins before this comment, when i use the code above i get the website when i log in which is what i want buttt i still get the form Link to comment Share on other sites More sharing options...
divinedesigns1 Posted August 11, 2012 Author Share Posted August 11, 2012 ok now im just not getting the ok, besides that everything works Link to comment Share on other sites More sharing options...
divinedesigns1 Posted August 11, 2012 Author Share Posted August 11, 2012 everything works perfectly now, what i needed to do was to put the if(isset($_session[])) outside from the if(isset($_post[])) then remove the form and place it inside the if(isset($_session[])){}else{ // place form here } but i had it in the if(isset($_post[])){ }else{ form was here } and because of that, the form keep on being displayed which i fine weird Thanks jsg and thesci Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now