zeer simpele php login werkt niet...
Ik heb een simpel php login script maar ik weet niet hoe ik een sessie kan maken.
De actie van mijn form is login.php
login.php:
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
ob_start();
include 'config.php';
$tbl_name="members"; // Table name
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
ob_start();
include 'config.php';
$tbl_name="members"; // Table name
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
Nu wil ik dat alleen ingelogde leden login_succes.php kunnen zien.
<html>
<head>
<title>logged in</title>
</head>
<body>
Login Successful
</body>
</html>
Ik dacht aan zoiets maar dit stuurt mij nadat ik ingelogt ben terug naar de index.
Vergeet verder ook niet om elk script waarin je sessievariabelen gebruikt, te beginnen met session_start(). Anders zal het niet werken...
Is dat niet precies hetzelfde als ik ook al zei?
Blanche schreef op 17.12.2008 23:11:
Is dat niet precies hetzelfde als ik ook al zei?
Nu ik het nalees wel ja, ik had jouw post eerlijk gezegd niet doorgelezen, zag alleen dat je het over session_register() had :-P.
En ob_start() en ob_end_flush() ff wegkeilen.
login.php:
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?php
ob_start();
include 'config.php';
$tbl_name="members"; // Table name
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
$_SESSION['username'] = '$username';
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
ob_start();
include 'config.php';
$tbl_name="members"; // Table name
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
$_SESSION['username'] = '$username';
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
login_succes.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<?php
session_start();
if($_SESSION['username'] == 'true'){
?>
<html>
<head>
<title>logged in</title>
</head>
<body>
Login Successful
</body>
</html>
<?
}
else{
header('Location: index.php');
}
?>
session_start();
if($_SESSION['username'] == 'true'){
?>
<html>
<head>
<title>logged in</title>
</head>
<body>
Login Successful
</body>
</html>
<?
}
else{
header('Location: index.php');
}
?>
Normaal zou ik login succesfull moeten zien maar hij gaat naar de else en stuurt me terug naar de index...
Gewijzigd op 01/01/1970 01:00:00 door Jelle Sturm
Ik maak de sessie
als de username en pass overeenkomen met die in de database
in login_succes controleer ik die met
Wat doe ik fout?
$_SESSION['username'] = '$username';
Nooit een $var tussen enkele quotes zetten.
$_SESSION['username'] = $username;
Edit: En true ook nooit tussen quotes zetten.
Gewijzigd op 01/01/1970 01:00:00 door - SanThe -
het werkt nu... :D
Alleen als ik nu naar login_succes.php ga zonder in te loggen krijg ik een
Code (php)
1
2
3
2
3
Notice: Undefined index: username in /customers/buxonline.net/buxonline.net/httpd.www/login_success.php on line 7
Warning: Cannot modify header information - headers already sent by (output started at /customers/buxonline.net/buxonline.net/httpd.www/login_success.php:7) in /customers/buxonline.net/buxonline.net/httpd.www/login_success.php on line 22
Warning: Cannot modify header information - headers already sent by (output started at /customers/buxonline.net/buxonline.net/httpd.www/login_success.php:7) in /customers/buxonline.net/buxonline.net/httpd.www/login_success.php on line 22
login_succes.php:
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
// rest
session_start();
if($_SESSION['username'] == true){
?>
<html>
<head>
<title>logged in</title>
</head>
<body>
Login Successful
</body>
</html>
<?
}
else{
header('Location: index.php');
}
?>
error_reporting(E_ALL);
ini_set("display_errors", 1);
// rest
session_start();
if($_SESSION['username'] == true){
?>
<html>
<head>
<title>logged in</title>
</head>
<body>
Login Successful
</body>
</html>
<?
}
else{
header('Location: index.php');
}
?>
Zo belangrijk is dit niet, maar is er toch een oplossing om dan gewoon terug naar de index te sturen?
Wordt:
if(isset($_SESSION['username']) and ($_SESSION['username'] == true)){
Ik zie nu not allowed to be here als ik heb ingelogt...
Login.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
// rest
ob_start();
include 'config.php';
$tbl_name="members"; // Table name
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
$_SESSION['username'] = $username;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
error_reporting(E_ALL);
ini_set("display_errors", 1);
// rest
ob_start();
include 'config.php';
$tbl_name="members"; // Table name
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "login_success.php"
$_SESSION['username'] = $username;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
Login_succes.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
// rest
session_start();
if(isset($_SESSION['username']) and ($_SESSION['username'] == true)){
?>
<html>
<head>
<title>logged in</title>
</head>
<body>
Login Successfull
<br />
<a href="logout.php">Logout!</a>
</body>
</html>
<?
}
else{
echo "Not allowed to be here";
//header('Location: index.php');
}
?>
error_reporting(E_ALL);
ini_set("display_errors", 1);
// rest
session_start();
if(isset($_SESSION['username']) and ($_SESSION['username'] == true)){
?>
<html>
<head>
<title>logged in</title>
</head>
<body>
Login Successfull
<br />
<a href="logout.php">Logout!</a>
</body>
</html>
<?
}
else{
echo "Not allowed to be here";
//header('Location: index.php');
}
?>
Logout.php (heeft het hier mischien met te maken?)
In login.php zie ik geen session_start();
Script werkt perfect!!
Danku!!
Evert schreef op 17.12.2008 23:49:
En ob_start() en ob_end_flush() ff wegkeilen.