If Username & Password Are Correct, Start Session

StackOverflow https://stackoverflow.com/questions/18381581

  •  26-06-2022
  •  | 
  •  

Question

I am working on a basic login system that allows registration / sign in storing users in a MySQL database. I have it so people can register, it stores the username and a hashed password in the DB. When someone logs in, it shows a success message or an error message depending on if the username and password matched up.

My problem lies in the login function. I need to create the user session and redirect them to the logged-in only section of the site, instead of displaying the success message that is currently there. I'm unsure of how to do that...

Here is my code:

Login / Register Functions

function login($username, $password) {
    $userpass = sha1($password);
    $result = mysqli_query($con, "SELECT * FROM members WHERE username='$username' AND password='$userpass'");
    while($row = mysqli_fetch_array($result)) {
        $success = true;
    }
    if($success == true) {
        echo 'Success!';
    } else {
        echo '<div class="alert alert-danger">Oops! It looks like your username and/or password are incorrect. Please try again.</div>';
    }
} // END LOGIN FUNCTION

function register($username, $password) {
    $userpass = sha1($password);

    // Check if Username Exists
    $result = mysqli_query($con,"SELECT * FROM members WHERE username='$username'");
    while($row = mysqli_fetch_array($result)) {
        $userexist = 1;
    }
    if($userexist > 0) {
        echo '<div class="alert alert-danger">Sorry, it looks like that username is already taken.</div>';
    } else {
        $newmember = "INSERT INTO members SET username='$username', password='$userpass'";
        if(mysqli_query($con,$newmember)) {
            echo '<div class="alert alert-success">Congrats! You can now log in using your username and password</div>';
        }
    }
}
Was it helpful?

Solution

think like this

function login($username, $password) {
    $userpass = sha1($password);
    $result = mysqli_query($con, "SELECT * FROM members WHERE username='$username' AND password='$userpass'");
    while($row = mysqli_fetch_array($result)) {
        $success = true;
    }
    if($success == true) {
        $_SESSION['username']= $username; 
        //redirect to home page
    } else {
        echo '<div class="alert alert-danger">Oops! It looks like your username and/or password are incorrect. Please try again.</div>';
    }
} // END LOGIN FUNCTION

OTHER TIPS

It very much depends how you are structuring the rest of your code. If you are just forming HTML pages and adding in PHP functions as and where, you might be able to use something as simple as this in various places in your code:

$loggedIn = login($username, $password)

Then you need to make login return true or false. Then your routing structure can make different decisions based on $loggedIn, and your pages can show different layouts and content.

This isn't a great style to adopt in terms of programming style, but it might give you an idea. If you add more detail on how you are structuring your code, you should get a better answer

   session_start();

    if($_SERVER["REQUEST_METHOD"] == "POST") {

$myusername=addslashes($_POST['username']);
$mypassword=addslashes($_POST['password']); 

    $sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'";
$result=mysql_query($sql);
    $row=mysql_fetch_array($result);


$active=$row['active']; 
    $count=mysql_num_rows($result); 
       if($count==1) {
              session_register("myusername"); 
                  $_SESSION['login_user']=$myusername;

              header("location: welcome.php"); 
         } 
       else { 
              $error="Your Login Name or
          Password is invalid";
            }
   }

To give you a variant of Usman Allam's answer, I thought it'd be much simpler to simply check to see if mysqli_num_rows($result) is >= 1

function login($username, $password) {
    $userpass = sha1($password);
    $result = mysqli_query($con, "SELECT * FROM members WHERE username='$username' AND password='$userpass'");
    if(mysqli_num_rows($result) >= 1) {
        $_SESSION['username'] = $username; 
        //redirect to home page
    } else {
        echo '<div class="alert alert-danger">Oops! It looks like your username and/or password are incorrect. Please try again.</div>';
    }
} // END LOGIN FUNCTION

Then you need to make login return true or false. Then your routing structure can make different decisions based on $loggedIn, and your pages can show different layouts and content.

This isn't a great style to adopt in terms of programming style, but it might give you an idea. If you add more detail on how you are structuring your code, you should get a better answer

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top