Login Script

Free Web Hosting, No Ads

Free Web Hosting, No Ads Portal

Free Web Hosting

Welcome Guest ( Log In | Register)

Free Web Hosting, No Ads > CONTRIBUTE > Computers > Programming Languages > PHP Programming

2 Pages

1 2 >

Reply to this topic

Start new topic

Login Script

mwbouwkamp View Member Profile Find Member's Posts	Sep 20 2006, 06:29 PM Post #1
Newbie [Level 1] Group: Members Posts: 22 Joined: 18-September 06 Member No.: 30,189	I am using the following code as a login page. I try to start by checking if a session already exists so that people don't have to login each time. The problem is that it is just being ignored. How do I check if a session is already set? CODE if (isset($_SESSION['loginname'])) { print('you were already logged in'); } else { if (submit) { list($users,$passwords,$accounttypes)=GetCurrentUsers($user,$password,$accounttype); $nologin=1; for ($i=0;$i<sizeof($users);$i++) { if (($users[$i]==$loginname) and ($passwords[$i]==crypt($loginpassword,$passwords[$i]))) { $nologin=0; } } } if ($nologin==0) { session_start(); $_SESSION['loginname']=$loginname; print('you are logged in'); } else { print('<form>'); print('<br />Username: <input type="text" name="loginname" size="20">'); print('<br />Password: <input type="password" name="loginpassword" size="20">'); print('<br /><input type="submit" name="submit" value="login">'); print('</form>'); } } Notice from BuffaloHELP: Use proper bbcode (list)

shadowx View Member Profile Find Member's Posts	Sep 20 2006, 07:12 PM Post #2
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 978 Joined: 12-April 06 From: Essex, UK Member No.: 21,719	Hum it all seems a little complicated to me so ill show the code for my login script ive used before and see if it is of any use to you. this is as i remember it anyway... CODE <? SESSION_start(); if($_SESSION[loggedin] == "1"){ // any code to be executed when logged in. else{ //anything to do if they arent logged in, usually an error message or login page redirection. }; to check sessions i used a seperate php file that was included on every login protected page including the login page, the session script set a variable which i used in the login page something like CODE if($loggedin == "1"){ echo "you are logged in already"; } else { echo <HTML> login page data </HTML>"; }; it worked for me! ive only used sessions once so its fairly basic but i tried basic attempts at bypassing it and i couldnt. However there was an issues with using session_start(); to continue a session which you should check out on www.phpsec.org i cant remember it so its probably best you read it, its in the articles section if i remember rightly. (list)

mwbouwkamp View Member Profile Find Member's Posts	Sep 20 2006, 07:32 PM Post #3
Newbie [Level 1] Group: Members Posts: 22 Joined: 18-September 06 Member No.: 30,189	I am not doing much different. My script can be summarized as: if (isset($_SESSION['loginname'])) { you are already logged in } else { if (submit) { check if the password and username are valid and if so, you are logged in } else { print the form to login } } The problem is that the first line "if (isset($_SESSION['loginname'])" that is supposed to check if there is a login name in the current session is always returning false, even if there is a session with a loginname in there. ~M (list)

mwbouwkamp View Member Profile Find Member's Posts	Sep 20 2006, 07:46 PM Post #4
Newbie [Level 1] Group: Members Posts: 22 Joined: 18-September 06 Member No.: 30,189	I have googled this issue a little and it seems that I should start my entire script with "session_start()". The problem is, though, that it regenerates a NEW session, instead of using the old one. ~M (list)

CrazyRob View Member Profile Find Member's Posts	Sep 20 2006, 07:52 PM Post #5
ITS ALIVE.....MUHHHAAAA Group: Members Posts: 532 Joined: 17-October 05 From: Chippenham UK Member No.: 13,031	Why dont you just get a different login script thats simpler and that includes sessions like your current one? (list)

mwbouwkamp View Member Profile Find Member's Posts	Sep 20 2006, 07:59 PM Post #6
Newbie [Level 1] Group: Members Posts: 22 Joined: 18-September 06 Member No.: 30,189	Once again, my script is not that difficult... but even if it is, I would like to understand what I am doing wrong as that is the only and best way to learn. ~M (list)

shadowx View Member Profile Find Member's Posts	Sep 20 2006, 08:47 PM Post #7
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 978 Joined: 12-April 06 From: Essex, UK Member No.: 21,719	QUOTE(mwbouwkamp @ Sep 20 2006, 08:46 PM) I have googled this issue a little and it seems that I should start my entire script with "session_start()". The problem is, though, that it regenerates a NEW session, instead of using the old one. ~M Yes for the session global variables to be avaliable you need to use session_start() im not sure if it was the way my script was set out that allowed it to keep track of sessions basically it is this: CODE include("check.php"); if($_SESSION['loggedin'] == "1"){ //if user is logged in make html content } else { //give an error } check .php was the only page where i used session_start so perhaps because it was controlled on one page it kept track of things. Otherwise it could be a problem with the installation you as using as youmight need to fiddle with directories to allow sessions to be stored and/or make sure cookies are enabled. I dont see a problem with the script myself as i thought that session_start simply brought back the global array $_SESSION[' '] for use and to overwrite a session you had to destroy it first. Check that you have a "tmp" or "temp" or similar directory in your server root, if using a hosting company it shouldnt be a problem but if using a development environment it might need tampering as if this directory exsists sessions cant be saved on the web server and this could cause problems if the ini file says that all sessions must be saved on the server. but other than that im afraid i dont know what to say, like i said ive not had much experience with sessions Good luck though (list)

electron View Member Profile Find Member's Posts	Sep 21 2006, 05:01 PM Post #8
Premium Member Group: Members Posts: 162 Joined: 10-May 06 Member No.: 23,375	Well session_start() must be the first thing you must call before any headers are outputed.If headers are first called before the session_start() function is called it would result in an E_WARNING level error. Your present script does not contain this function in the beginning resulting in this false return. Also I would like to add that Sessions are stored on the Server itself in a file or if you want in a Database like MySQL and the client is recognised by means of a SESSION ID that is transmitted through either the cookies on the Client side or through the URL using the GET Method. So if the user has no COOKIES Enbled it would again result in the failure of your script. Well this is just part of all the Security concerns and when sessions could fail. Hope this info helped. (list)

mwbouwkamp View Member Profile Find Member's Posts	Sep 22 2006, 02:49 PM Post #9
Newbie [Level 1] Group: Members Posts: 22 Joined: 18-September 06 Member No.: 30,189	My script now starts with "session_start()". The problem is, that each time I reload the page, it makes a new session instead of using the information of the old session. I have php and mysql installed locally on my computer and there is a session file created in my session directory. The problem is, that its excistence is ignored. Also, accepting cookies is enabled. ~M