Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > PHP How-To
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
PHP How-To Post your "How do I do this with PHP?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the PHP How-To section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #11 (permalink)  
Old March 5th, 2004, 12:27 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

would it matter that im using localhost?

Reply With Quote
  #12 (permalink)  
Old March 5th, 2004, 01:25 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

dont worry about trying to fix it iv'e done it. It was that there was no exclamation mark in the if statement!! dont actually know what that does but read up on if statements and everyone has it , and now my script works!

thank you very much for the help, you are a star!
ASH:D

how would i log out of the system making it impossible to get into the system?
like a logout button that terminates the session?would that wrk?


Reply With Quote
  #13 (permalink)  
Old March 5th, 2004, 02:58 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 5 Times in 5 Posts
Default

The exclaimation mark is the 'not' operator. So for exapmle...

Code:
if (!foo())
{
   // In English -- if not foo()
   // Foo must be false
}

if ($foo != 1)
{
    // $foo can be anything but 1
}
else
{
   // $foo is 1
}

if (!$foo)
{
   // Same thing as the function
   // 'not' can be a short-hand for the empty() construct
   // Or in other words it is checking for 
   // 0,'0',NULL,FALSE,'FALSE','' values... (the absense of value)
   // One difference between empty() and 'not' is a variable 
   // doesn't have to exist first to use empty() whereas under 
   // error_reporting E_ALL (show all errors, warnings and notices) 
   // it must already exist to use the 'not' operator.
   // see http://www.php.net/empty
}
else
{
  // $foo contains a value other than NULL, FALSE, or empty (the presence of value).
}

http://www.php.net/manual/en/languag...comparison.php

Yeah design a logout button that once pressed goes to a script like the following...

<?php
   session_start();

   session_unset();   // kill all session variables
   session_destroy(); // kill the session itself

   header("Location: im/logged/out.php");
?>
I guess you don't have to redirect. That's up to you.

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
  #14 (permalink)  
Old March 6th, 2004, 08:48 AM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

well this must mean that my code doesnt actually work then? i'll post the code im using:

LOGINCHECK.PHP
<?php
session_start();

$dbc = mysql_connect('localhost', 'Ashleek007', '') or die ('Could not connect to MySQL :' .mysql_error());
      mysql_select_db('login') or die('Could not connect to database :' .mysql_error());

      $username = $_POST['username'];
      $password = $_POST['password'];

      $query = "Select * From userlogin Where USERNAME = '$username' And PASSWORD = '$password'";
      $result = mysql_query($query);


       if($row = mysql_fetch_array($result, MYSQL_ASSOC))
       {
           $_SESSION['logged_in'] = true;//doesnt seem to set this session?
           header('Location: index.php?sid='.session_id());
       }
       else
       {
            $_SESSION['logged_in'] = false;
            echo "Incorrect Username/password";
//it still checks the username and password correctly though
       }
       mysql_close();
?>


INDEX.PHP
<?php
session_start();
if(!$_SESSION['logged_in'] == true)
{?>
<a href="logout.php">logout </a>//secure code here
<?PHP
}
else
{
  header('Location: login.php');
}
?>

if you look at the green line in the index.php this must mean that if session equals false because of the '!' ?! therefore meaning there is no such session set?

i kno that there is no session set to TRUE because when i run the logout script then type the URL localhost/index.php it still lets me view it!

have you any ideas?
CHEERS
ASH

Reply With Quote
  #15 (permalink)  
Old March 6th, 2004, 11:02 AM
Friend of Wrox
 
Join Date: Nov 2003
Location: , , .
Posts: 1,285
Thanks: 0
Thanked 1 Time in 1 Post
Default

I use isset() myself.

I make the session variable 'username' if the login info is correct and if it isn't I dont make 'username' at all.

When I want to know if the user is logged in:

if(isset($_SESSION['username']))
//the user is logged in
else
//the user needs to log in

Let me know if you need more info.

----------
---Snib---
----------
Reply With Quote
  #16 (permalink)  
Old March 6th, 2004, 05:33 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 5 Times in 5 Posts
Default

Yeah that doesn't make any sense.

This ought to be correct syntactically -- but logically speaking ought to make your head spin!

if(!$_SESSION['logged_in'] == true)

I think your login authentication part is failing..

<?php
    $foo = false;

    if (!$foo == true)
    {
    echo 'Namaste!';
    }
?>

This script evaluates as TRUE. Its like saying if $foo is FALSE is TRUE... execute this... (Nik, correct me if I'm wrong on this!). That being the case that means that $_SESSION['logged_in'] is FALSE if you are seeing secure pages. If $_SESSION['logged_in'] == TRUE you ought to be getting sent back to the login page.

For your secure page I would use something like this:
if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == TRUE)

If $_SESSION['logged_in'] is set (exists) and contains a true value.. show secured page.

Now back to the authentication scheme itself..
if($row = mysql_fetch_array($result, MYSQL_ASSOC))

This ought to work correctly - though its not an approach I've seen before. mysql_fetch_array() returns FALSE if it isn't able to return any rows, or when it has run out of rows to return. Since you aren't doing anything with the result set though I would recommend using mysql_num_rows instead, to avoid the waste :).

if(mysql_num_rows($result) == 1)
{
    $_SESSION['logged_in'] = true;//doesnt seem to set this session?
    header('Location: index.php?sid='.session_id());
}
else
{
    $_SESSION['logged_in'] = false;
    echo "Incorrect Username/password";
    //it still checks the username and password correctly though
}

Also, just to be safe..
$result = mysql_query($query) or die(mysql_error());

Let me know what happens!

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
  #17 (permalink)  
Old March 7th, 2004, 09:21 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

Its still not working, and i think its still the session.

Instead of redirecting back to the login.php ive got it to output an error message if the session is not equal to true. it does this and displays a sessionID in the address bar, as below:-

http://localhost/index.php?sid=e25fc...b9834d76ffcbfa

does that mean a session has been made?
it still shows me the error message though! not the secure content!

is there a different way i can do this? like totally start a fresh?
or could you each page ive got?

its really stressfull!!

ill post the code ive got so far AGAIN!!

login.php
contains the username and password which are checked against the database and put into variables $username and $password once submitted to the logincheck.php

logincheck.php
<?php
session_start();

$dbc = mysql_connect('localhost', 'Ashleek007', '') or die ('Could not connect to MySQL :' .mysql_error());
      mysql_select_db('login') or die('Could not connect to database :' .mysql_error());

      $username = $_POST['username'];
      $password = $_POST['password'];

      $query = "Select * From userlogin Where USERNAME = '$username' And PASSWORD = '$password'";
      $result = mysql_query($query) or die(mysql_error());


      if(mysql_num_rows($result) == 1)
{
    $_SESSION['logged_in'] = true;//doesnt seem to set this session?
    header('Location: index.php?sid='.session_id());

}
else
{
    $_SESSION['logged_in'] = false;
    echo "Incorrect Username/password";
    //it still checks the username and password correctly though
}
       mysql_close();
?>

index.php
<?php
session_start();

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true)
{
?> <a href="logout.php">logout </a><?PHP
}
else
{
  echo 'error';
}
?>

all it does is output the error from the else statement above! its like it doesnt know about the session ive set in the logincheck.php ive even tried just if(isset blahblah....) without checking the value and it still throws out the error?!

do i need to tell the thing that ive used sessions or that im goin to use sessions?

im feeling grim

thanks for your persistance with this pain in ur ass!
ASH


Reply With Quote
  #18 (permalink)  
Old March 8th, 2004, 12:04 PM
Friend of Wrox
 
Join Date: Nov 2003
Location: , , .
Posts: 1,285
Thanks: 0
Thanked 1 Time in 1 Post
Default

Instead of setting it to false on failure, try not setting it at all.

Then just ask if it is set to tell if the user is logged in.

Hope this works,

----------
---Snib---
----------
Reply With Quote
  #19 (permalink)  
Old March 8th, 2004, 02:57 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

hey, ive just found out the code ive used works perfectly. I was using PHPtriad, an apache server on localhost and my computer has a divided harddrive (C) and(D) the apache was installed on (C) and the website was on the (D). This must have caused an error somewhere. I racked my brain to try and figure out where i was goin wrong. I decided to upload it to a domain name (WWW) and it worked.......all of it!!!

thanks very much rich, i definatley couldnt have done it without ya!

im sure ill be back on here, so make sure to look out for me......and make a mental note to steer clear!!haha!

cheers again, id buy u a pint if you were ever in the UK
ASH

Reply With Quote
  #20 (permalink)  
Old March 8th, 2004, 04:54 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 5 Times in 5 Posts
Default

Quote:
quote:Originally posted by Snib:

Instead of setting it to false on failure, try not setting it at all.
Then just ask if it is set to tell if the user is logged in.
That wouldn't have an effect on anything;)
I beleive the better approach is to always assign the variable a value.

Quote:
quote:Originally posted by Ashlee

thanks very much rich, i definatley couldnt have done it without ya!
im sure ill be back on here, so make sure to look out for me......and make a mental note to steer clear!!haha!
cheers again, id buy u a pint if you were ever in the UK
Right on! I'm glad to hear it works. I was racking my brain to think of what could be going awry with that. Certainly something in the configuration. I just discovered that new installs of PHP don't create a session data directory or upload temp directory (explains some of the strange posts related to session errors I've seen lately). If I make it to the UK I'll take you up on that (God knows I could always use a pint)!

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
login script: user can't hit "return" for login dmerrill Java Basics 13 July 14th, 2006 08:25 PM
login verification katie456 Access ASP 3 October 16th, 2005 02:47 PM
Newbie Help. Login to unique login page per user Kainan Classic ASP Professional 10 May 3rd, 2005 08:47 AM
login failed for user nt authority\anonymous login rj1406 Classic ASP Databases 1 October 24th, 2004 10:15 AM



All times are GMT -4. The time now is 05:53 AM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.