Check the login status and save the login sessions(PHP)

StackOverflow https://stackoverflow.com/questions/17940462

  •  04-06-2022
  •  | 
  •  

Domanda

I am working on a log-in system, Whenever the user tries to access the non-authorized page then he should return on the login page to login, how can I perform it

Below is my log-in script

<?php

session_start();
$host="localhost"; // Host name 
$db_username="root"; // Mysql username 
$db_password=""; // Mysql password 
$db_name="designshop"; // Database name 
$tbl_name="member"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$db_username", "$db_password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$member_username=$_POST['member_username']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$member_username = stripslashes($member_username);
$password = stripslashes($password);
$member_username = mysql_real_escape_string($member_username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE member_username='$member_username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['member_username']=$_POST['member_username'];
$_SESSION['password']=$_POST['password'];

header("location:login_success.php");
}
else {
header("location:try_again.html");
}
?>
È stato utile?

Soluzione 2

Just put this at the top underneath session_start()...

   if(!empty($_SESSION['member_username'])){header("location: login_success.php");}

Like so...

session_start();

 if(!empty($_SESSION['member_username'])){
 header("location: login_success.php");}

 $host="localhost"; // Host name 
 $db_username="root"; // Mysql username 
 $db_password=""; // Mysql password 
 //REST OF CODE

Altri suggerimenti

All you have to do is to check for the existence (and non-emptiness) of $_SESSION['member_username']. If it is set, that means that your user is logged in, and therefore, there is no need for him to relog.

Notes:

  • There is no need to store the user's password in session: in fact, its better not to.
  • You do your authentication through MySQL, which means that you store the password in cleartext: this is a bad practice. It would be better to retrieve both username and password from the database based only on the username, and do the comparaison in your PHP code: this would allow you, for example, to store sha1'd password.

start code with session_start() and check if the session is set whenever any user trying to access the page, if session is set then redirect to the page otherwise redirect to login page

you can check using isset()

follow this code... 

 <?php session_start();
    include('conn.php');
    $Name = $_POST['login_id'];
    $Pass = $_POST['password'];
    $select="select * from admin_login where admin_name='$Name' AND admin_pwd='$Pass'";
    $query=mysql_query($select) or die($select);
    $rows=mysql_fetch_array($query);
    $row=mysql_num_rows($query);


    if($row != 0)
    {
        $_SESSION['admin_name']=$rows['admin_name'];
        echo "<script>window.location.href='index.php'</script>";

    }else
    {
        $message = 'Invalid Username Or Password';
         echo '<script type="text/javascript">alert("'.$message.'")</script>'; 
        echo "<script>window.location.href='login.php'</script>";

    }
    ?>

put this code to the top of the every page

<?php session_start();
if(isset($_SESSION["admin_name"])=='') print('<script>window.location.href="login.php"</script>');
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top