1. This forum is ARCHIVED! Visit the new Cloud Sixteen forums, codename Eden, at https://eden.cloudsixteen.com. These forums will remain archived for a few months before being closed down, so try to encourage plugin developers to begin moving their content across to the new forums.
Dismiss Notice
Hi Guest, you need a Steam account to register and post on these forums. Login with Steam at the top of the forums to get started!
Dismiss Notice
Hi Guest, do you want to buy HL2RP or another Clockwork schema? Visit the Cloud Sixteen Store to get started!

PHP - Login system

Discussion in 'Programming' started by Vortix, Sep 28, 2014.

  1. Vortix

    Vortix Moderator Staff Member Moderator Legend Clockwork Customer

    Reviewing code I found online, trying to learn how to make a login system for myself and testing it. Seem to have gotten it working, except a few questions:
    The session is registered once the details are checked:
    PHP:
    $_SESSION['email'] = $email;
    $_SESSION['pass'] = $pass;
    Thenit directs to the login succcess page:
    header("location:login_success.php");
    Which is this page:
    PHP:
    session_start();
    if(!isset(    $_SESSION['email'])){
    header("location:dashboard.html");
    }
    One of the things I'm wondering is this: It seems to be checking if the session is not set? (!isset)?
    If someone gets the login details correct, why would it check if the session is not set? Surely it should check if the session is set and then redirect to the appropriate page?

    Then, I have the login page. At the moment, if they get the username/password wrong it redirects to the check login page, and if it is wrong it will inform them on that page- What I want to do is make it redirect back to the main login page, and have it display the error in red text below the log in button.
    This is what I have:
    PHP:
    <form role="form" method="post" action="checklogin.php">
        <div class="form-group">
            <input class="form-control" type="text" name="email" placeholder="Email">
        </div>
        <div class="form-group">
            <input class="form-control" type="password" name="pass" placeholder="Password">
        </div>
        <div class="form-group">
            <input type="submit" name="login" class="btn btn-primary" value="Log in">
        </div>
        <?php
            if($count == 0) {
        echo     "Wrong username or password.";
        }
            ?>
    </form>
    If count is 0 then it should echo "Wrong username or password.", I even tried print.
    This is where count is declared:
    PHP:
    $sql="SELECT * FROM $tbl_name WHERE user_name='$email' and user_pass='$pass'";
    $result=mysqli_query($con$sql);
    $count=mysqli_num_rows($result);
    Afterwards it then has a check: If count is 1 then it directs to the success page, otherwise it goes back to index.
    My issue is that when it goes back to index there is absolutely no text displaying underneath the log in button like I'm trying to accomplish.
    I haven't really used PHP in HTML much before, so pls excuse if I'm being an idiot.
    Thanks for any help
     
    Vortix, Sep 28, 2014
    #1
  2. Gr4Ss

    Gr4Ss

    I don't know any PHP, but my guess for the checking if the session is set is to prevent people from directly going to the login_successful.php page through the url without entering any credentials on the login page.
     
    Gr4Ss, Sep 28, 2014
    #2
  3. Vortix

    Vortix Moderator Staff Member Moderator Legend Clockwork Customer

    Yeah, except it uses ! before isset(), which means it's actually checking that it's NOT set before redirecting it, that's what I'm confused about.
     
    Vortix, Sep 28, 2014
    #3
  4. alexanderk

    alexanderk a Legend

    Is this all the code?
     
    alexanderk, Sep 28, 2014
    #4
  5. Vortix

    Vortix Moderator Staff Member Moderator Legend Clockwork Customer

    Not all the code, no, I only put in the bits that matter related to the issue, however if it's needed:
    index.html (The login page)
    HTML:
    <!DOCTYPE html>
<html style="background-color: #444444">
	<head>
		<meta charset="UTF-8">
		<title>Log-in</title>
		<link href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
        	<link href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet" type="text/css" />
        	<link href="//code.ionicframework.com/ionicons/1.5.2/css/ionicons.min.css" rel="stylesheet" type="text/css" />
        	<link href="css/AdminLTE.css" rel="stylesheet" type="text/css" />
	</head>
	<body style="background-color: #444444">
		<div class="col-md-6" style="position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%);">
			<div class="col-md-6" style="position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%);">
				<center>
				<div class="box box-warning">
					<center>
					<div class="box-header">
						<h1>Log-in</h1>

					</div>
					<div class="box-body">
						<form role="form" method="post" action="checklogin.php">
							<div class="form-group">
								<input class="form-control" type="text" name="username" placeholder="Username">
							</div>
							<div class="form-group">
								<input class="form-control" type="password" name="pass" placeholder="Password">
							</div>
							<div class="form-group">
								<input style="width: 100%" type="submit" name="login" class="btn btn-primary" value="Log in">
							</div>
						</form>
						<form role="form" method="post" action="apply.html">
							<div class="form-group">
								<input style="width: 100%" name="apply" type="submit" class="btn btn-primary" value="Apply for an account">
							</div>
						</form>
						<?php
							if($count == 0) {
							echo "Wrong username or password.";
							}
						?>
						
					</div>
					</center>
				</div>
				<!-- <div id="error"><img src="https://dl.dropboxusercontent.com/u/23299152/Delete-icon.png" /> Your caps-lock is on.</div> -->
				</center>
			</div>
		</div>
		<script src='[url]http://codepen.io/assets/libs/fullpage/jquery_and_jqueryui.js'[/url]></script>
		<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
        	<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js" type="text/javascript"></script>
        	<script src="../../js/AdminLTE/app.js" type="text/javascript"></script>
        	<script src="../../js/AdminLTE/demo.js" type="text/javascript"></script>  
	</body>
</html>
    checklogin.php (Bit that checks if the details are valid)
    PHP:
    <?php
    ob_start    ();
    $host="localhost"// Host name 
    $username="serverpanel"// Mysql username 
    $password="ServerPanel123"// Mysql password 
    $db_name="serverpanel"// Database name
    $tbl_name="users"// Table name 

    // Connect to server and select databse.
    $con mysqli_connect("$host""$username""$password""$db_name")or die("cannot connect"); 

    // username and password sent from form 
    $user=$_POST['username']; 
    $pass=$_POST['pass']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $user stripslashes($user);
    $pass stripslashes($pass);
    $user mysqli_real_escape_string($con$user);
    $pass mysqli_real_escape_string($con$pass);
    $sql="SELECT * FROM $tbl_name WHERE user_name='$user' and user_pass='$pass'";
    $result=mysqli_query($con$sql);

    // Mysql_num_row is counting table row
    $count=mysqli_num_rows($result);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){

    // Register $myusername, $mypassword and redirect to file "login_success.php"
    $_SESSION['user'] = $user;
    $_SESSION['pass'] = $pass;
    header("location:login_success.php");
    }
    else {
            header("location:index.html");
    }
    ob_end_flush();
    login_success.php (Once the login is successful)
    PHP:
    <?php
    session_start    ();
    if(!isset(    $_SESSION['user'])){
    header("location:dashboard.html");
    }
    ?>
    Note: I changed the $email var and 'email' in the form to $user and 'username' since posting this thread (Which is why the code I just posted is slightly different in that way).

    Side question: I'm also trying to get it so that on the page that login_success.php redirects to it displays the username the person logged in with. I used the following code to try and achieve it:
    PHP:
    <?php echo $user ?>
    However this just prints nothing. It makes me assume that the variable $user isn't being passed through, why might this be happening and what may I do to fix it?

    Thanks in advance - I'd really appreciate help with both of these if anyone has the time and knowledge.
     
    Vortix, Sep 28, 2014
    #5
  6. alexanderk

    alexanderk a Legend

    Try $_SESSION['user']; instead.

    Or you can try doing <?php global $user; echo $user; ?> but that isn't really recommended practice.
     
    alexanderk, Sep 28, 2014
    #6
  7. Vortix

    Vortix Moderator Staff Member Moderator Legend Clockwork Customer

    Unfortunately it doesn't seem to work, the same thing happens - it doesn't print it.
     
    Vortix, Sep 28, 2014
    #7
  8. alexanderk

    alexanderk a Legend

    Zip the files up and send them my way, I'll take a gander.
     
    alexanderk, Sep 28, 2014
    #8
  9. trurascalz

    trurascalz C16 Developer Legend

    PHP:
    if($count==1){
     
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    // \/\/\/\/\/\/\/\/\/
    // Start Session Here
    // /\/\/\/\/\/\/\/\/\
    $_SESSION['user'] = $user;
    $_SESSION['pass'] = $pass;
    header("location:login_success.php");
    }
    else {
                header("location:index.html");
    }
    You should really start a session before anything happens.
     
    trurascalz, Sep 28, 2014
    #9
  10. Vortix

    Vortix Moderator Staff Member Moderator Legend Clockwork Customer

    Alright, moved the session start from login_success to checklogin. Thanks, though it still doesn't work. :(
     
    Vortix, Sep 28, 2014
    #10
  11. Vortix

    Vortix Moderator Staff Member Moderator Legend Clockwork Customer

    Nevermind! Me being an idiot and misinterpreting what you said. I thought you were phrasing it as in that I should start it before rather than after, so I deleted the session start on the other page. Stupid me. I Google'd and found that session start needs to be on both pages - Thanks, that is a massive help.

    EDIT: The website I got the log in script got it wrong - They checked if the session was not set, however it was working because the session wasn't set properly. Adding the session start to the checklogin.php file and then removing the exclamation mark makes it work perfectly.
    EDIT 2: Still unable to echo $_SESSION['user'].
    Here is the history of that bit of information:
    1. It starts off in the index.html, where the user inputs his username and password.
    2. It gets sent through to the next file, checklogin.php, where this happens: $user=$_POST['username'];
    3. Then this: $user = stripslashes($user);
    4. And this: $user = mysqli_real_escape_string($con, $user);
    5. A check is made to see if the username and password is correct, then, if they are:
    6. session_start(), and then: $_SESSION['user'] = $user;
    7. The page is directed away again, header("location:login_success.php");
    8. In login_success.php, the session is started, then it moves on to check if $_SESSION['user'] is set. If it is: header("location:dashboard.html");
    9. In dashboard.html, this happens: <?php echo $_SESSION['user'] ?>
    And that's where I'm stuck. It prints out nothing at all, even though it seems to me it should be working.
     
    Vortix, Sep 29, 2014
    #11

Previous Readers (Total: 0)