Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Mar 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    User Login: looking for a point in the right direction

    This is an ubernoober questions, but I am building a user login, have the form with username & password confirmation verification that processes correctly, returning the values when true and errors when false. My question is this, upon verifying the data as true, how do I define the user as Logged in? Following the if/else statement that checks for errors as the following...

    if(count($_POST)>0) {
    //lets process
    $errors =checkReg($_POST['un'],$_POST['pw'],$_POST['conf']);
    //are there any errors????
    if(count($errors)>0) {
    //I have errors
    foreach($errors as $error) {
    print "Please correct: $error<br />";
    }
    }
    else {
    //all is good
    foreach($_POST as $form_element=>$user_entry) {
    print $form_element." is ".$user_entry."<br />";
    }
    }
    }

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,502
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    You use PHP SESSIONS, which are like cookies, but stored on the server instead.
    They SESSION remains active until the user logs out or closes their browser.

    So, you have your two files,
    1) Your login form (like you already have).
    2) The form that checks for a valid user/pass.

    Usually, the usernames and passwords are stored in a database, and you
    check against those ... but you don't have a database, so not sure how
    you determine if the username and password are correct.
    What are you comparing the user's username and password to?

    So this is what your login script might look like:
    PHP Code:
    <?php
    session_start
    ();  // this has to be the first line of any script that uses SESSIONS.

    $username=$_POST['un'];
    $password=$_POST['pw'];

    // check username and password -- in this example, I have to define it manually.
    if($username == "johndoe" && $password == "abcdefg"){

    // both were correct, so set a SESSION variable ...
    $_SESSION['loggedin'] = '$username';
    header ("location: index.php");
    exit;
    }

    // if you get here, that means they did not log in correctly.
    // return back to your login page (or wherever you want) ...
    header ("location: login.php");

    ?>
    On every page that looks for the logged-in user, you do this at the top of your HTML:
    PHP Code:
    <?php
    session_start
    ();
    if(isset(
    $_SESSION['loggedin'])){
    // do nothing - user is logged in OK
    }
    else{
    // user is not logged-in, so you can either redirect or do something else.
    // in this example, you kick them out of this page ...
    header ("location: index.php");
    }
    ?>
    <html>
    .
    . your protected HTML page with the username showing ...
    . blah blah
    .
    <div>
    Welcome Back: <?=$_SESSION['loggedin']?> !
    </div>
    .
    .blah blah
    .
    </html>
    From now on (until they log out or close their browser), you can read their username,
    and the fact that the SESSION exists, means they are properly logged-in. Just knowing
    they are logged-in is all you really need to know.

    Here's the way to log them out ... by destroying the SESSION:
    PHP Code:
    <?php
    if(session_start()){  
    session_destroy();
    }
    header ("location: http://www.mywebsite.com");
    ?>


    .
    Last edited by mlseim; 03-06-2010 at 09:59 PM.

  • Users who have thanked mlseim for this post:

    CallumJohnson (03-07-2010)

  • #3
    New to the CF scene
    Join Date
    Mar 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    thanks

    Starting to make much more sense now. Thank you for this explanation. Had a little trouble wrapping my head around a generic session vs a session that had a variable assigned to it. As I understand it, a generic session will just set and track the browsers movements as it navigates a site whereas a session, assigned a variable is able to allow access or functionality that would be otherwise restricted to a client that does not meet the privileges allowed via a login.

    Again, thanks for the help.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •