zyra Posted July 14, 2011 Share Posted July 14, 2011 I have been trying to make a small user managment system, where you login and then you can see the rest of the site. I ave tried using If statements, but it wont work. Is it possible? Quote Link to comment Share on other sites More sharing options...
jje Posted July 14, 2011 Share Posted July 14, 2011 The below script will receive input from a form, check if the username is USER and password is PASS and then register the session. I just quickly typed this into the reply box so I might have made a few typos, let me know if you get any errors. Create a file named 'login.php' and paste in this code. Change the $username and $password variables. <?php // Assign the correct username and passwords to variables // CHANGE THESE TO THE CORRECT USER AND PASS. $username = 'USER'; $password = 'PASS'; // Check if the form hasn't been submitted if (!isset($_POST['submit'])) { // Display the form echo "<form method=post action=login.php>"; echo "<p>Please authorize to view site.</p>"; echo "Username: <input type=text name=username><br>"; echo "Password: <input type=password name=password><br>"; echo "<input type=submit name=submit>"; echo "</form>"; // Check if the form has been submitted }else{ // See if the username and passwords match if ($_POST['username'] == $username && $_POST['password'] == $password) { // If yes, start the session session_start(); // Then create the session $_SESSION['username'] = $_POST['username']; // Redirect to the site homepage header("location:index.php"); // If not }else{ // Die and show the error message die('Login details mismatched'); // End of statement } // End of statement } ?> Then, at the top of every page you wish to protect, enter: <?php session_start(); if ($_SESSION['username'] == NULL) { header("location:login.php"); } ?> The above code activates the session and checks if a username has been registered. If it hasn't been registered, it redirects to login.php You can also make a nifty logout screen. Create a new file and enter <?php session_start(); session_destroy(); echo "Logout Success!"; ?> Hope this helps! Quote Link to comment Share on other sites More sharing options...
Byron Posted July 14, 2011 Share Posted July 14, 2011 I'm not seeing a submit button and your form method and action is backwards. echo "<form method=login.php action=post>"; Quote Link to comment Share on other sites More sharing options...
jje Posted July 15, 2011 Share Posted July 15, 2011 Oops - fixing. Thanks! Quote Link to comment Share on other sites More sharing options...
mikenyc Posted July 19, 2011 Share Posted July 19, 2011 Wouldn`t it be better to have a db? So you can have multiple accounts? then it would be something like.. Ofc first you would need a database, and table to hold usernames. You can do that with phpmyadmin in just a few mouse clicks, so I presume you know that part ( if you don`t, we will explain ofcourse ). I will also presume that the name of DB is... Lets say "useracc", and the table name "user" .. <?php //First, connection to mysql and database, I put these parameters for local testing ( when working in wamp or xamp, you should change it to your own parameters $conn = mysql_connect("localhost","root",""); mysql_select_db("useracc"); // Take username and pass from the form LOG IN FIELD $username = $_POST['username']; $password = '$_POST['password']; // Check if the form hasn't been submitted if (!isset($_POST['submit'])) { // Display the form echo "<form method='post' action='login'.php>"; echo "<p>Please authorize to view site.</p>"; echo "Username: <input type='text' name='username'><br>"; echo "Password: <input type='password' name='password'><br>"; echo "<input type='submit' name='submit'>"; echo "</form>"; // Check if the form has been submitted }else{ //Compare users from database where $username = user and $password = password $query = mysql_query("SELECT * FROM users WHERE $username = user AND $password = password LIMIT 1"); if (mysql_num_rows($query) >0){ // If yes, start the session session_start(); // Then create the session $_SESSION['username'] = $username; // Redirect to the site homepage header("location:index.php"); // If not }else{ // Die and show the error message die('Login details mismatched'); // End of statement } // End of statement } ?> I`m used to this kind of user management, because now you can have multiple.....admins, lets say, each with they`re own user and password. btw @byron I don`t think that chaning order of action and method will effect anything , but not putting quotation will Quote Link to comment Share on other sites More sharing options...
Krydos Posted July 19, 2011 Share Posted July 19, 2011 btw @byron I don`t think that chaning order of action and method will effect anything , but not putting quotation will I'm not seeing a submit button and your form method and action is backwards. echo "<form method=login.php action=post>"; I think the point was it was originally echo "<form action=login.php method=post>"; (Used strike through so people know that my example is intentionally wrong.) But, jje edited the post to make both examples correct. Quote Link to comment Share on other sites More sharing options...
Byron Posted July 19, 2011 Share Posted July 19, 2011 btw @byron I don`t think that chaning order of action and method will effect anything , It would have never worked like this: echo "<form method=login.php action=post>"; but not putting quotation will His quotes were in the right place and it would have worked fine but the correct way would have been to back slash it like this (also with correct method and action). echo "<form action=\"login.php\" method=\"post\">"; Quote Link to comment Share on other sites More sharing options...
PenTester Posted July 20, 2011 Share Posted July 20, 2011 Logout: <?php session_start(); session_destroy(); echo "Logout Success!"; echo "<a href='index.php'>Return to Home</a>"; ?> or ---------------- Edited: -------------- <?php session_start(); session_destroy(); header("location:index.php"); ?> Quote Link to comment Share on other sites More sharing options...
jje Posted July 23, 2011 Share Posted July 23, 2011 I mentioned a similar logout script in my first post at the bottom. However, blackstar's second logout script would NOT work, since you cannot use HEADER after stating an ECHO. PHP would output an error saying that 'output was already defined' or something like that. To fix this, just have the HEADER and get rid of the ECHO statement. Quote Link to comment Share on other sites More sharing options...
PenTester Posted July 23, 2011 Share Posted July 23, 2011 I mentioned a similar logout script in my first post at the bottom. However, blackstar's second logout script would NOT work, since you cannot use HEADER after stating an ECHO. PHP would output an error saying that 'output was already defined' or something like that. To fix this, just have the HEADER and get rid of the ECHO statement. oh sorry i haven't notice that. Quote Link to comment Share on other sites More sharing options...
Ice IT Support Posted July 26, 2011 Share Posted July 26, 2011 mikenyc's script with the database came up with multiple errors when I tried using the script. The repaired version is below: <?php // Connect to mySQL database $con = mysql_connect("localhost","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("your_database", $con); // Take username and pass from the form LOG IN FIELD $username = $_POST['username']; $password = $_POST['password']; // Check if the form hasn't been submitted if (!isset($_POST['submit'])) { // Display the form echo "<form method='post' action='login.php'>"; echo "<p>Please authorize to view site.</p>"; echo "Username: <input type='text' name='username'><br>"; echo "Password: <input type='password' name='password'><br>"; echo "<input type='submit' name='submit' value='login'>"; echo "</form>"; // Check if the form has been submitted }else{ //Compare users from database $query = mysql_query("SELECT User, Password FROM Users WHERE Username = '$username' AND Password = '$password'"); if (mysql_num_rows($query)){ // If yes, start the session session_start(); // Then create the session $_SESSION['username'] = $username; // Redirect to the site homepage header("location:index.php"); // If not }else{ // Die and show the error message die('Login details mismatched'); // End of statement } // End of statement } ?> Quote Link to comment Share on other sites More sharing options...
mikenyc Posted July 27, 2011 Share Posted July 27, 2011 btw @byron I don`t think that chaning order of action and method will effect anything , It would have never worked like this: echo "<form method=login.php action=post>"; but not putting quotation will His quotes were in the right place and it would have worked fine but the correct way would have been to back slash it like this (also with correct method and action). echo "<form action=\"login.php\" method=\"post\">"; OUUUUU.. sorry, my eyes are bad :/ I thought you meant that the right choice would be <form method=post action=login.php> and not <form ACTION=login.php method=post> Btw guys, mine post above isn`t displayed as I wrote it :// Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.