On Aug 24, 2007, at 12:15 PM, Daniel Brown wrote:
On 8/24/07, Jason Pruim <japruim@xxxxxxxxxx> wrote:
Hi Everyone,
I'm attempting to figure out the proper way to use sessions to log
someone into my system. The idea being, if they arn't logged in all
they can see is the login form, and if they are logged in, they and
have access to a database of addresses.
[snip!]
Not the end-all-be-all, of course, but here's the basics:
<?
session_start();
if(!$_SESSION['user']) {
if($_POST['user'] && $_POST['pass']) { // Keep in mind, PASSWORD
has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$sql = "SELECT * FROM users WHERE user='".$user."' AND
pass='".$pass."' LIMIT 0,1;";
$result = mysql_query($sql) or die("Wrong data supplied or
database error");
while($row = mysql_fetch_array($result)) {
$_SESSION['user'] = $row['user'];
// Do whatever else you need to do here....
}
} else {
// Show your login form here.
}
} else {
// The user is authenticated and logged in already.
}
?>
Keep in mind that, as always, this hasn't been bug-checked,
re-read, or otherwise validated.
Hey Dan,
Thanks for the response, I think I see and understand what you are
trying to say in there, but I am hitting a road block now... It won't
display the page. I have tried to both just include the page, and
copied the entire page and pasted it in the proper location.
Any ideas? Here's the code... And no I still haven't added
mysql_real_escape_string yet... Want to get 1 part working at a
time :) Fewer issues in my head then.
<?PHP
include 'defaults.php';
include 'dbconnect.php';
session_start();
if(!$_SESSION['user']) {
if($_POST['user'] && $_POST['pass']) { // Keep in mind, PASSWORD
has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$sql = "SELECT * FROM login WHERE loginid='".$user."' AND
email='".$pass."' LIMIT 0,1;";
$result = mysql_query($sql) or die("Wrong data supplied or
database error");
while($row = mysql_fetch_array($result)) {
$_SESSION['user'] = $row['user'];
// Do whatever else you need to do here....
echo "First Part";
include "index.php";
}
} else {
// Show your login form here.
echo "
<form method=\"post\">
Username : <input type=\"text\" name=\"user\"><br />
Password : <input type=\"password\" name=\"pass\"><br />
<input type=\"submit\" value=\"Login\">
</form>";
echo "Second Part";
}
} else {
// The user is authenticated and logged in already.
echo "Just before include";
include "index.php";
echo "Third part";
}
?>
The few echo's that are in there are only there for debugging, easier
to see how far I get :)
Thanks for looking! :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruim@xxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php