Questions of this sort have been asked before, though i am still having issues, also is this the most current up to date syntax for PHP.
i'm not sure if im logging in correctly, it seems as though whenever i login it runs though the if(isset) as well as if(!authorized)
any help in the right direction would be very grateful.
login . php
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
checklogin . php // In PHP this is the way to do comments, also reopening PHP. DEFINE ('DB_USER', 'root'); // Defining database user. DEFINE ('DB_PSWD', ''); // Defining database password. DEFINE ('DB_HOST', 'localhost'); // Defining database host. DEFINE ('DB_NAME', 'photo'); // Defining database name.
$tbl_name="userpass"; // Table name
$dbcon = mysql_connect(DB_HOST, DB_USER, DB_PSWD, DB_NAME); // Connecting to mySQL with defined above.
if (!$dbcon){ // If error in connecting, mySQL error.
die('Could Not Connect: ' . mysql_error()); // Give mySQL error.
}
$db_selected = mysql_select_db(DB_NAME, $dbcon); // Selecting Database based on name.
if (!$db_selected){ // If error in connecting, mySQL error.
die('Could Not Use: ' . DB_NAME . ' : ' . mysql_error()); // Give mySQL error.
}
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM " . $tbl_name." WHERE user='".$myusername."' and password='".$mypassword."'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_start();
$_SESSION['$myusername'];
$_SESSION['$mypassword'];
header("location:loggedin.php");
}
else {
session_unset();
session_destroy();
$_SESSION = array();
session_start();
}
loggedin . php
// Check if session is not registered, redirect back to main page.
// Put this code in first line of web page.
$authorized=false;
@session_start();
if(isset($_SESSION['myusername'],$_SESSION['mypassword']))
{
$authorized = true;
}
if(!authorized)
{
header('location:login.php');
exit();
}
Login Successful
