Login using Sessions in PHP

Page 1 of 1

12 Replies - 1729 Views - Last Post: 29 March 2015 - 08:49 PM

#1 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1658
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Login using Sessions in PHP

Posted 18 August 2007 - 02:07 PM

Description: 1) Add the first snippet to a page named login_check.php

2) Add the 2nd snippet to a page named login.php

3) Add the 3rd snippet to any page that needs to be secured

4) Make sure you login form's form tag looks like this


You can change the database query, this is just the way I chose to do itThis is some code for "securing" your pages using Sessions in PHP. By securing I mean pages that can only viewed by a logged in user

This "snippet" actually consists of 3 snippets, first is what to put in login_check.php, second is what to put in login.php, third is what to put in each page in your site that must be secured (only a logged in user can view)
/* Snippet #1 */
<?php
// login_check.php
define("server", "your_server");
define("user", "your_name");
define("password", "your_pass");
define("name", "your_dbname");

var $connection;
$this->connection = mysql_connect(server,user,pass) or die(mysql_error());
mysql_select_db(name, $this->connection) or die(mysql_error());

function is_logged_in () {
  if (!($_SESSION["id"]) || ($_SESSION["id"] == "") || ($_SESSION["id"] == 0)) {
    Header("Location: ./login.php");
    exit();
  }
}
function login_check ($forms) {
  $error = "";
  $username = $forms["username"];
  $password = $forms["password"];
  if (trim($username) == "") $error .= "<li>Your username is empty.</li>";
  if (trim($password) == "") $error .= "<li>Your password is empty.</li>";
  /* from here, do your sql query to query the database to search for existing record with correct username and password */
  $query = "SELECT password, username FROM users WHERE username = '$username' AND password = '$password'";
  $result = mysql_query($query, $this->connection);
  if(!$result || (mysql_numrows($result) < 1)) {
     $error = "Invalid username or password";
  }else
      {
        $error = "";
      }
  if (trim($error)!="") return $error;
}

function login ($forms) {
  $username = $forms["username"];
  $password = $forms["password"];
  /* do your sql query again, but now returning the id of member */
  $query = "SELECT member_id FROM users WHERE username = '$username' AND password = '$password'";
  $result = mysql_query($query, $this->connection);
  $result = mysql_query($query, $this->connection);
  if(!$result || (mysql_numrows($result) < 1)) {
     $id = 0;
  }else
      {
        $id = $result;
      }
  return $id;
}
?> 

/* Snippet #2 */
<?php
// login.php
session_start();
include ("login_check.php");
if ($_POST) {
  $error = login_check($_POST);
  if (trim($error)=="") {
    $_SESSION["id"] = login($_POST);
    Header("Location: ./index.php") /* Redirect validated member */
    exit();
  } else {
    print "Error:$error";
  }
}
?>

/* Snippet #3 */
<?php
  // index.php
  include("login_check.php");
  session_start();
  is_logged_in();
?>


Is This A Good Question/Topic? 0
  • +

Replies To: Login using Sessions in PHP

#2 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1658
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: Login using Sessions in PHP

Posted 18 August 2007 - 02:07 PM

Description: 1) Add the first snippet to a page named login_check.php

2) Add the 2nd snippet to a page named login.php

3) Add the 3rd snippet to any page that needs to be secured

4) Make sure you login form's form tag looks like this


You can change the database query, this is just the way I chose to do itThis is some code for "securing" your pages using Sessions in PHP. By securing I mean pages that can only viewed by a logged in user

This "snippet" actually consists of 3 snippets, first is what to put in login_check.php, second is what to put in login.php, third is what to put in each page in your site that must be secured (only a logged in user can view)
/* Snippet #1 */
<?php
// login_check.php
define("server", "your_server");
define("user", "your_name");
define("password", "your_pass");
define("name", "your_dbname");

var $connection;
$this->connection = mysql_connect(server,user,pass) or die(mysql_error());
mysql_select_db(name, $this->connection) or die(mysql_error());

function is_logged_in () {
  if (!($_SESSION["id"]) || ($_SESSION["id"] == "") || ($_SESSION["id"] == 0)) {
    Header("Location: ./login.php");
    exit();
  }
}

function clean_input($input) {

  $clean = array("\",'<','>','`',':',';','/','(',')','{','}','[',']');
  //$with = array();
  return str_ireplace($clean,'', $input);
}

function login_check ($forms) {
  $error = "";
  $username = clean_input($forms["username"]);
  $password = clean_input($forms["password"]);
  if (trim($username) == "") $error .= "<li>Your username is empty.</li>";
  if (trim($password) == "") $error .= "<li>Your password is empty.</li>";
  /* from here, do your sql query to query the database to search for existing record with correct username and password */
  $query = "SELECT password, username FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'";
  $result = mysql_query($query, $this->connection);
  if(!$result || (mysql_numrows($result) < 1)) {
     $error = "Invalid username or password";
  }else
      {
        $error = "";
      }
  if (trim($error)!="") return $error;
}

function login ($forms) {
  $username = clean_input($forms["username"]);
  $password = clean_input($forms["password"]);
  /* do your sql query again, but now returning the id of member */
  $query = "SELECT member_id FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'";
  $result = mysql_query($query, $this->connection);
  $result = mysql_query($query, $this->connection);
  if(!$result || (mysql_numrows($result) < 1)) {
     $id = 0;
  }else
      {
        $id = $result;
      }
  return $id;
}
?>

/* Snippet #2 */
<?php
// login.php
session_start();
include ("login_check.php");
if ($_POST) {
  $error = login_check($_POST);
  if (trim($error)=="") {
    $_SESSION["id"] = login($_POST);
    Header("Location: ./index.php") /* Redirect validated member */
    exit();
  } else {
    print "Error:$error";
  }
}
?>

/* Snippet #3 */
<?php
  // index.php
  include("login_check.php");
  session_start();
  is_logged_in();
?>

Was This Post Helpful? 0
  • +
  • -

#3 no2pencil  Icon User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6544
  • View blog
  • Posts: 30,650
  • Joined: 10-May 07

Re: Login using Sessions in PHP

Posted 18 February 2008 - 11:24 AM

Sessions is one of the harder concepts to server side programming. Thank you for your snippet, I'm sure a lot of readers will find this information useful!
Was This Post Helpful? 0
  • +
  • -

#4 realwish  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 3
  • View blog
  • Posts: 47
  • Joined: 29-January 08

Re: Login using Sessions in PHP

Posted 18 November 2008 - 12:15 PM

thanks a lot
Was This Post Helpful? 0
  • +
  • -

#5 capoenkz  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 30-January 09

Re: Login using Sessions in PHP

Posted 30 January 2009 - 06:29 AM

it's useful 4 me
Was This Post Helpful? 0
  • +
  • -

#6 goodmuyis  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 13-September 08

Re: Login using Sessions in PHP

Posted 04 March 2009 - 10:28 AM

that just what i neeg more grease to your elbow
Was This Post Helpful? 0
  • +
  • -

#7 goodmuyis  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 13-September 08

Re: Login using Sessions in PHP

Posted 04 March 2009 - 10:30 AM

that just what i neeg more grease to your elbow
Was This Post Helpful? 0
  • +
  • -

#8 tauseke  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 0
  • Joined: 20-May 09

Re: Login using Sessions in PHP

Posted 20 May 2009 - 09:05 AM

i use you code,got some errors.. Parse error: parse error in C:\xampp\htdocs\Assignment2\login_check.php on line 14 this is what in line 14 var $connection; any help?
Was This Post Helpful? 0
  • +
  • -

#9 hadi_php  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 10
  • View blog
  • Posts: 382
  • Joined: 23-August 08

Re: Login using Sessions in PHP

Posted 03 October 2009 - 08:29 PM

yes....its showing error!!!!
Was This Post Helpful? 0
  • +
  • -

#10 Gamegoofs2  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 159
  • Joined: 15-April 09

Re: Login using Sessions in PHP

Posted 29 April 2010 - 06:58 PM

Line 52. if(!$result || (mysql_numrows($result) < 1)) should be mysql_num_rows($result)
Was This Post Helpful? 0
  • +
  • -

#11 Fredex  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 86
  • Joined: 16-January 12

Re: Login using Sessions in PHP

Posted 27 January 2012 - 03:05 AM

I have no knowledge and I have'nt try PHP programming but now I'm interested to learn. Thanks for your snippets,.
Was This Post Helpful? 0
  • +
  • -

#12 Crown Clown  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 25-February 15

Re: Login using Sessions in PHP

Posted 25 February 2015 - 11:42 PM

Thanks youuuuuu, that was amazingly helpful. :clap: :clap:
Was This Post Helpful? 0
  • +
  • -

#13 benanamen  Icon User is offline

  • D.I.C Head

Reputation: 13
  • View blog
  • Posts: 119
  • Joined: 28-March 15

Re: Login using Sessions in PHP

Posted 29 March 2015 - 08:49 PM

This code uses deprecated (obsolete) Mysql code. No one should use this code as is. It needs to be updated to PDO or Mysqli.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1