|
Subject:
|
Login form question
|
|
Posted By:
|
Jams30
|
Post Date:
|
12/3/2003 9:07:49 AM
|
Hi
I have created a login form for users to access a site. It checks the user name submitted in a form for a match in the database - on correct submission the user is then presented with 'Logged in as $user_name of $co_name, you have logged in $login_no times' - this all works fine. The login form and the welcome message are all in one page login.php.
My question is, how do I stop the user from refreshing the page and thus incrementing the value of $login_no? Here are my thoughts - 1) Create a separate page for the welcome message (plus other information from the database that will be appended to this message) from the login form OR 2)Use sessions - I haven't played around with sessions enough yet to know whether or not they would be any use in this situation.
This is the function that is called depending on the case of a switch statement:
function welcome()
{
$connection = sql_connect();
db_connect();
global $table_name, $user_name, $user_password, $agent_name;
if (empty($user_name))
{
echo "<font color='red' size='2'>Please enter your User Name</font><BR>";
login();
exit();
}
elseif (chk_user_name($user_name))
{
echo "<font color='red' size='2'>Your user name was not recognized! Please re-enter it!</font><BR>";
login();
exit();
}
elseif (empty($user_password))
{
echo "<font color='red' size='2'>Please enter your password!</font><BR>";
login();
exit();
}
elseif (in_use($user_password))
{
echo "<font color='red' size='2'>Your password is incorrect! Please re-enter it!</font><BR>";
login();
exit();
}
else
{
global $table_name;
$query = "SELECT * FROM $table_name WHERE user_name = '$user_name'";
$result = mysql_query($query);
$query_data = mysql_fetch_array($result);
extract ($query_data);
$login_no ++;
$query2 = "UPDATE $table_name SET login_no=$login_no WHERE user_name = '$user_name'";
$result = mysql_query($query2);
echo "<font color='red' size='2'>Logged in as $agent_name of $co_name, you have logged in $login_no times</font><BR>";
}
}
Presumably, if I need to use sessions, I can add them to my code at a later point?
Note that the form action is set as <?php echo $PHP_SELF ?>.
Any advice would be appreciated
Many thanks
Jamal
|
|
Reply By:
|
richard.york
|
Reply Date:
|
12/4/2003 11:10:07 AM
|
<?php
function welcome()
{
$connection = sql_connect();
db_connect();
global $table_name, $user_name, $user_password, $agent_name;
if (empty($user_name))
{
echo "<span style='color: red; font-size: 10pt;'>Please enter your User Name</span><br />";
login();
exit();
}
else if (chk_user_name($user_name))
{
echo "<span style='color: red; font-size: 10pt;'>Your user name was not recognized! Please re-enter it!</span><br />";
login();
exit();
}
else if (empty($user_password))
{
echo "<span style='color: red; font-size: 10pt;'>Please enter your password!</span><br />";
login();
exit();
}
else if (in_use($user_password))
{
echo "<span style='color: red; font-size: 10pt;'>Your password is incorrect! Please re-enter it!</span><br />";
login();
exit();
}
else
{
global $table_name;
$query = "SELECT * FROM $table_name WHERE user_name = '$user_name'";
$result = mysql_query($query);
$query_data = mysql_fetch_array($result);
extract($query_data);
$_SESSION["logged_in"] = mysql_num_rows($result);
if ($_SESSION["logged_in"] == 1 && !isset($_SESSION["login_count"]))
{
$login_no++;
$query2 = "UPDATE $table_name SET login_no=$login_no WHERE user_name = '$user_name'";
$result = mysql_query($query2);
$_SESSION["login_count"] = true;
}
if ($_SESSION["logged_in"] == 1)
echo "<span style='color: red; font-size: 10pt;'>Logged in as $agent_name of $co_name, you have logged in $login_no times</span><br />";
}
}
?>
Well it isn't too difficult to add sessions into the mix here. For sessions to work you must make a call to session_start() at the very beginning of whatever page needs to use session data. No whitespace, no output, no anything before the opening <?php delimiter. And you also need to pass the session id.. the server will pass that id via cookies by default or you can pass the session id via url embedded arguments, which IMO is best because then you aren't relying on the user having cookies enabled.
See this thread:
http://p2p.wrox.com/topic.asp?TOPIC_ID=7205
And it would be best to avoid using deprecated HTML tags, like <font> and <br> here is a thread that discusses why:
http://p2p.wrox.com/topic.asp?TOPIC_ID=4028
: )
Rich
:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
|
|
