🔒 Closed PHP code, Using $_session in login page?

daredavil07 · Aug 25, 2018

Hi po, gumawa po ako ng simpleng login page at sinubukan ko po gumamit ng $_SESSION para mag store ng '$user' at '$rights', para ma secure din po yung ibang page ko pag di naka login at limit sa access. Yung '$user' na pasok ko sa $_SESSION pero yung '$rights' ayaw, di ko ma echo.

Ito po sa login ko:

PHP:

<?php
session_start();
include("connect.php");

$error = "";

if(isset($_POST["submit"]))
{
if(empty($_POST["user"]) || empty($_POST["pass"]))
{
$error = "both fields are required.";
}else
{
    $user = $_POST['user'];
    $password = $_POST['pass'];
        
    $query = mysqli_query($conn, "SELECT * FROM account.log WHERE user = '$user' and pass = '$pass' ");
    
    $rows = mysqli_num_rows($query);
    $rights=$rows['rights'];
    if ($rows == 1 ){
    $_SESSION['user']=$user;

        header("Location: main.php");
        }
    else
    {
     echo "<script>
     alert('Username & Password Incorrect!');
     window.location.href='log-out.php';
     </script>";
        }
    }
}
?>

Ito po nakalagay sa ibabaw ng bawat page ko:

PHP:

<?php
session_start();
error_reporting(0);
$rights=$_SESSION['rights'];
$user=$_SESSION['user'];
if($user==true){
?>

Ma echo ko po si '$user' sa bawat page. Ano po kaya kulang sa ginawa ko? Salamat po in advance!

Phcmjal · Aug 25, 2018

Parang ganito ba bossing

Sinong phc member ka muna ibamg axcount to eh haha

daredavil07 · Aug 25, 2018

Phcmjal said:
Parang ganito ba bossing

Sinong phc member ka muna ibamg axcount to eh haha

Di ko po makita yung attachment nyo sir? Para ma store ko rin po yung $rights (admin/user). Salamat po!

Phcmjal · Aug 25, 2018

Try mo add to sa baba ng
$_SESSION['user']=$user;

$_SESSION['rights']=$rights;

daredavil07 · Aug 25, 2018

Phcmjal said:
Try mo add to sa baba ng
$_SESSION['user']=$user;

$_SESSION['rights']=$rights;

ano po yung e-add ko sir? Salamat po

Phcmjal · Aug 25, 2018

daredavil07 said:
ano po yung e-add ko sir? Salamat po

Basa sir nasa taas

the_flash · Aug 25, 2018

send mo sakin yung full, yang php code pati html code tas yugn sa database para matry ko rin

daredavil07 · Aug 25, 2018

Phcmjal said:
Basa sir nasa taas

Nasubukan ko po sir. Di rin po makapasok.

PHP:

$rows = mysqli_num_rows($query);
    $rights=$rows['rights'];
    if ($rows == 1 ){
    $_SESSION['user']=$user;
    $_SESSION['rights']=$rights;

Phcmjal · Aug 25, 2018

Ahaha ayaw ba kasi mali nmn ung coding mo po mali dinsa session hanap ka ng code sa net may buo na edit mo nlng

F A L L E N · Aug 25, 2018

daredavil07 said:

Nasubukan ko po sir. Di rin po makapasok.

PHP:

$rows = mysqli_num_rows($query);
    $rights=$rows['rights'];
    if ($rows == 1 ){
[color=red]session_start(); // <--try mo to ilagay :)[/color]
    $_SESSION['user']=$user;
    $_SESSION['rights']=$rights;

daredavil07 · Aug 25, 2018

Hello Sir bluesharkboy_05, ito po yung ginagawa ko sir. Thank you.

DB:

Code:

CREATE DATABASE `account` (
CREATE TABLE `log` (
  `id` int(11) NOT NULL,
  `user` varchar(50) NOT NULL,
  `pass` varchar(50) NOT NULL,
  `rights` varchar(50) NOT NULL,

Login Page:

HTML:

<html>
<body>
        <form method="post" action="">
        <strong>Username: </strong><input type="text" id="user" name="user" placeholder="Enter here.."/><br>
        <strong>Password: </strong><input type="password" id="password" name="password" placeholder="Enter here.."/><br><br>       
        <input type="submit" id="submit" name="submit" value="Login" class="button"/>   
        </form>
        </div>                       
</body>
</html>

PHP:

<?php
session_start();
$conn = mysqli_connect("localhost", "root", "", "account");
if (mysqli_connect_errno())
  {
  echo "Failed connecting to database: " . mysqli_connect_error();
  }

$error = "";

if(isset($_POST["submit"]))
{
if(empty($_POST["user"]) || empty($_POST["pass"]))
{
$error = "both fields are required.";
}else
{
    $user = $_POST['user'];
    $password = $_POST['pass'];
        
    $query = mysqli_query($conn, "SELECT * FROM account.log WHERE user = '$user' and pass = '$pass' ");
    
    $rows = mysqli_num_rows($query);
    $rights=$rows['rights'];
    if ($rows == 1 ){
    $_SESSION['user']=$user;

        header("Location: main.php");
        }
    else
    {
     echo "<script>
     alert('Username & Password Incorrect!');
     window.location.href='log-out.php';
     </script>";
        }
    }
}
?>

main.php

Code:

<?php
session_start();
error_reporting(0);
$role=$_SESSION['role'];
$username=$_SESSION['username'];
if($username==true){
?>
<html>
<body>       
     <!-- <object width="100%" height="400px" data="home.php"></object> -->
        <strong style="color: blue;">Your username! </strong><?php echo $_SESSION['username']; ?>
        <strong style="color: blue;">Your role! </strong><?php echo $_SESSION['role']; ?>
</body>
</html>

F A L L E N · Aug 26, 2018

if ($rows == 1 ){

session_start(); <----- dito mo ilagay
$_SESSION['user']=$user;

header("Location: main.php");
}

codyscott · Aug 26, 2018

Code:

<?php
session_start();
$conn = mysqli_connect("localhost", "root", "", "account");
if (mysqli_connect_errno()) {
  echo "Failed connecting to database: " . mysqli_connect_error();
 }

$error = "";

if(isset($_POST["submit"])) {
      if(empty($_POST["user"]) || empty($_POST["pass"])) {
           $error = "both fields are required.";
       }else{
           $user = $_POST['user'];
           $password = $_POST['pass'];
           $query =  "SELECT * FROM account.log WHERE user = '$user' and pass = '$pass'  LIMIT 1";
           $result = mysqli_query($conn, $query);
 
    if($result){
         $row = mysqli_num_rows($result);
         $username = $row['user'];
         $rights = $row['rights'];
              if ($rights == '1' ){
                   $_SESSION['user']=$username;
                   $_SESSION['user_right'] = $rights;
                   header("Location: main.php");
             } else {
                 echo "<script>
                 alert('Username & Password Incorrect!');
                 window.location.href='log-out.php';
                </script>";
        }
    }
}
?>

Tapos doon sa main.php....try mo i-echo para lang masiguro na gumana.

Code:

<?php
  session_start();
  echo $_SESSION['username'];
  echo $_SESSION['user_right'];
?>

****TAKE NOTE: pag nag store ka ng password, gumamit ka ng encryption bago mo i-store sa database ang password. Do not store password in plain text. (Read about BLOWFISH, MD5, CRYPT and SALT...related lahat mga yan)

daredavil07 · Aug 26, 2018

codyscott said:

Code:

<?php
session_start();
$conn = mysqli_connect("localhost", "root", "", "account");
if (mysqli_connect_errno()) {
  echo "Failed connecting to database: " . mysqli_connect_error();
 }

$error = "";

if(isset($_POST["submit"])) {
      if(empty($_POST["user"]) || empty($_POST["pass"])) {
           $error = "both fields are required.";
       }else{
           $user = $_POST['user'];
           $password = $_POST['pass'];
           $query =  "SELECT * FROM account.log WHERE user = '$user' and pass = '$pass'  LIMIT 1";
           $result = mysqli_query($conn, $query);
 
    if($result){
         $row = mysqli_num_rows($result);
         $username = $row['user'];
         $rights = $row['rights'];
              if ($rights == '1' ){
                   $_SESSION['user']=$username;
                   $_SESSION['user_right'] = $rights;
                   header("Location: main.php");
             } else {
                 echo "<script>
                 alert('Username & Password Incorrect!');
                 window.location.href='log-out.php';
                </script>";
        }
    }
}
?>

Tapos doon sa main.php....try mo i-echo para lang masiguro na gumana.

Code:

<?php
  session_start();
  echo $_SESSION['username'];
  echo $_SESSION['user_right'];
?>

****TAKE NOTE: pag nag store ka ng password, gumamit ka ng encryption bago mo i-store sa database ang password. Do not store password in plain text. (Read about BLOWFISH, MD5, CRYPT and SALT...related lahat mga yan)

Hi po Sir codyscott , nasubukan ko po sir. Di po ako ma validate para makapasok, "Username & Password Incorrect" agad, sa dito po ata

PHP:

if ($role == '1' ){

. Salamat sa tulong Sir

Phcmjal · Aug 26, 2018

Nbgyan kta ng code san mo ba muna gagamitin?

daredavil07 · Aug 26, 2018

Phcmjal said:
Nbgyan kta ng code san mo ba muna gagamitin?

Hi Sir Phcmjal , sinusubukan ko po gumawa ng personal data archive ko Sir, may maliit na server lab kasi ako sa bahay.. Wala kasi akon mahanap na software na akma, kaya gagawa nalang ako sana.. Di kona kasi masyadong maalala mga tinuro dati nung nag-aaral pa ako 6yrs ago..

the_flash · Aug 26, 2018

okay na, napapakita na yung rights..

login.php

PHP:

<html>
<body>
        <form method="post" action="#">
        <strong>Username: </strong><input type="text" id="user" name="user" placeholder="Enter here.."/><br>
        <strong>Password: </strong><input type="password" id="password" name="pass" placeholder="Enter here.."/><br><br>      
        <input type="submit" id="submit" name="submit" value="Login" class="button"/>  
        </form>
        </div>                      


<?php
session_start();
$conn = mysqli_connect("localhost", "root", "", "account");
if (mysqli_connect_errno())
  {
  echo "Failed connecting to database: " . mysqli_connect_error();
  }

$error = "";

if(isset($_POST["submit"]))
{
if(empty($_POST["user"]) || empty($_POST["pass"]))
{
$error = "both fields are required.";
}else
{

    $user = $_POST['user'];
    $pass = $_POST['pass'];


mysql_connect("localhost", "root", "") or
    die("Could not connect: " . mysql_error());
mysql_select_db("account");
     $result= mysql_query("SELECT rights FROM log");
 while($row = mysql_fetch_array($result,MYSQL_NUM)){
      echo $row[0];
       $_SESSION['rights']=$row[0];
 }
       
    $query = mysqli_query($conn, "SELECT * FROM account.log WHERE user = '$user' and pass = '$pass' ");
         session_start();
    $rows = mysqli_num_rows($query);
 
    if ($rows >= 1 ){
 
    $_SESSION['user']=$user;


        header("Location: main.php");

 
       }
    else
    {
     echo "<script>
     alert('Username & Password Incorrect!');
     window.location.href='log-out.php';
     </script>";
        }
    }
}
?>

</body>
</html>

-
-

main.php

PHP:

<?php
session_start();
error_reporting(0);
$role=$_SESSION['rights'];
$username=$_SESSION['user'];
//if($username==true){
echo "
   
     <!-- <object width='100%' height='400px' data='home.php'></object> -->
        <strong style='color: blue;'>Your username: </strong>".$username."<br>
        <strong style='color: blue;'>Your role: </strong>".$role."
";
//}
?>

codyscott · Aug 26, 2018

heto, complete and 100% working (and kasama na rin yung password encryption).
Ikaw na lang maglagay ng validation sa form.

ITO YUNG database TABLE structure ko (dinagdag ko lang yung First Name and Last Name, pampaganda)

Code:

CREATE TABLE `users` (
  `id` int(11) NOT NULL,
  `firstname` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `lastname` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `username` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `encrypted_password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `privilege` tinyint(1) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

ITO YUNG login in page (isang FORM para sa login, at isang FORM para sa creation ng new user)
Filename ko lang "index.php"

Code:

<?php
session_start();

/**
* Database connection
*/
define('SERVER', "localhost");
define('USERNAME', "root");
define('PASSWORD', "root");
define('DATABASE', "crud_db");
$connection = new mysqli(SERVER,USERNAME,PASSWORD,DATABASE);

if($connection->connect_error){
    die("Connection failed: " . $conn->connect_error);
} else {
    $_GLOBALS['dbcon'] = $connection; //optional style
    echo "Connected successfully";
}
/** end of database connection **/

/**
* This code will insert a new user into the database
* Take note of the password_hash (it encrypt password before storing to database)
*/
if(isset($_POST['createuser'])){
    $firstName = $_POST['firstname'];
    $lastName = $_POST['lastname'];
    $username = $_POST['username'];
    $password = $_POST['password'];

    //encryption option 1 (PHP 5.5)
    $password = password_hash($password,PASSWORD_DEFAULT);

    //encryption option 2 (PHP 5.5)
    //$password = password_hash($password,PASSWORD_BCRYPT, ['cost'] => 10);

    $query = "INSERT INTO users (firstname,lastname,username,encrypted_password) ";
    $query .= "VALUES ('$firstName','$lastName','$username','$password')";
    $result = mysqli_query($connection,$query);
}
/** end of user creation/insertion **/


/**
* Logging in prompt
* To test.
*/
if(isset($_POST['login'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    $query = "SELECT * FROM users WHERE username='$username' ";
    $result = mysqli_query($connection, $query);

    if($result){
        while($row=mysqli_fetch_assoc($result)){
            if( password_verify($password,$row['encrypted_password']) ){
                $_SESSION['username'] = $row['username'];
                $_SESSION['privilege'] = $row['privilege'];
                header("Location: main.php");
            }
        }
 
    }
}

?>
<!DOCTYPE html>
<html>
<head>
    <title>Login page</title>
</head>
<body>

    <p>Log in:</p>
    <form action="index.php" method="POST">
        USERNAME:<input type="text" name="username">
        <br>
        PASSWORD:<input type="password" name="password">
        <br>
        <input type="submit" name="login">
    </form>

<br><br>

    <p>Create User:</p>
    <form action="index.php" method="POST">
        First Name<input type="text" name="firstname">
        <br>
        Last Name<input type="text" name="lastname">
        <br>
        Username<input type="text" name="username">
        <br>
        Password:<input type="password" name="password">
        <br>
        <input type="submit" name="createuser">
    </form>


</body>
</html>

ITO NAMAN yung redirection page KUNG valid yung user name ang password (header location page)
Para lang ma-test kung nakukuha niya yung username and rights from database.
Filename ko "main.php"

Code:

<?php
session_start();
echo 'Welcome, ' . $_SESSION['username'];
echo '<br>';
echo 'You have level '. $_SESSION['privilege'] . ' rights.';
?>

<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>

</body>
</html>

***TAKE NOTE: session_start() needs to be ALWAYS on the very top of the code. Siya lagi yung unang unang code. Kung hindi, hindi gagana ang session.
***Ikaw na lang maglagay ng validation sa HTML form at saka sa php code.

***INVITATION KO SA LAHAT****
JOIN "SeriouslyJava" group kung gusto matuto ng Java Object Oriented Programming...lalo na kung nangangamote kayo sa Java.

Phcmjal · Aug 26, 2018

sundan mo to eto lahat need mo dadagdagan mo nalang username lang eecho nito

You do not have permission to view the full content of this post. Log in or register now.

sa part ng session.php

mag add ka sa baba nito

$login_session = $row['username'];
$right= $row['right'];

$row['username']; = dibale ung username na word yan dapat nasa database mo kung usto mo mag add
$row['name na gusto mo add']; = sample fname or lname tapos sa part ng

welcome.php

<h1>Welcome <?php echo $login_session; pede ka dito mag add
echo $fname;

?></h1>

dibale username at fname lalabas jan depende sa gusto mo na nasa database

daredavil07 · Aug 26, 2018

bluesharkboy_05 said:

okay na, napapakita na yung rights..

login.php

PHP:

<html>
<body>
        <form method="post" action="#">
        <strong>Username: </strong><input type="text" id="user" name="user" placeholder="Enter here.."/><br>
        <strong>Password: </strong><input type="password" id="password" name="pass" placeholder="Enter here.."/><br><br>     
        <input type="submit" id="submit" name="submit" value="Login" class="button"/> 
        </form>
        </div>                     


<?php
session_start();
$conn = mysqli_connect("localhost", "root", "", "account");
if (mysqli_connect_errno())
  {
  echo "Failed connecting to database: " . mysqli_connect_error();
  }

$error = "";

if(isset($_POST["submit"]))
{
if(empty($_POST["user"]) || empty($_POST["pass"]))
{
$error = "both fields are required.";
}else
{

    $user = $_POST['user'];
    $pass = $_POST['pass'];


mysql_connect("localhost", "root", "") or
    die("Could not connect: " . mysql_error());
mysql_select_db("account");
     $result= mysql_query("SELECT rights FROM log");
 while($row = mysql_fetch_array($result,MYSQL_NUM)){
      echo $row[0];
       $_SESSION['rights']=$row[0];
 }
      
    $query = mysqli_query($conn, "SELECT * FROM account.log WHERE user = '$user' and pass = '$pass' ");
         session_start();
    $rows = mysqli_num_rows($query);
 
    if ($rows >= 1 ){
 
    $_SESSION['user']=$user;


        header("Location: main.php");

 
       }
    else
    {
     echo "<script>
     alert('Username & Password Incorrect!');
     window.location.href='log-out.php';
     </script>";
        }
    }
}
?>

</body>
</html>

-
-

main.php

PHP:

<?php
session_start();
error_reporting(0);
$role=$_SESSION['rights'];
$username=$_SESSION['user'];
//if($username==true){
echo "
  
     <!-- <object width='100%' height='400px' data='home.php'></object> -->
        <strong style='color: blue;'>Your username: </strong>".$username."<br>
        <strong style='color: blue;'>Your role: </strong>".$role."
";
//}
?>

Hello Sir bluesharkboy_05 , sinubukan ko po sir..at nag update ng kunting

Code:

mysql

to

Code:

mysqli

kasi nagka-error sakin.. Makapag-echo naman po ng 'user', pero di parin po kasama yung 'rights'.

Login Page:

Code:

<html>
<body>
        <form method="post" action="#">
        <strong>Username: </strong><input type="text" id="user" name="user" placeholder="Enter here.."/><br>
        <strong>Password: </strong><input type="password" id="password" name="pass" placeholder="Enter here.."/><br><br>     
        <input type="submit" id="submit" name="submit" value="Login" class="button"/> 
        </form>
        </div>                     


<?php
session_start();
$conn = mysqli_connect("localhost", "root", "", "account");
if (mysqli_connect_errno())
  {
  echo "Failed connecting to database: " . mysqli_connect_error();
  }

$error = "";

if(isset($_POST["submit"]))
{
if(empty($_POST["user"]) || empty($_POST["pass"]))
{
$error = "both fields are required.";
}else
{

    $user = $_POST['user'];
    $pass = $_POST['pass'];


mysqli_connect("localhost", "root", "", "account") or die ("Could not connect: " . mysqli_error()); //Updated due to 'Fatal error:call to undefined function mysql_connect'
     $result= mysqli_query("SELECT rights FROM log");
 while($row = mysqli_fetch_array($result,MYSQLI_NUM)){
      echo $row[0];
       $_SESSION['rights']=$row[0];
 }
      
    $query = mysqli_query($conn, "SELECT * FROM account.log WHERE user = '$user' and pass = '$pass' ");
    session_start();
    $rows = mysqli_num_rows($query);
 
    if ($rows >= 1 ){
 
    $_SESSION['user']=$user;


        header("Location: main.php");

 
       }
    else
    {
     echo "<script>
     alert('Username & Password Incorrect!');
     window.location.href='log-out.php';
     </script>";
        }
    }
}
?>

</body>
</html>

main.php

Code:

<?php
session_start();
error_reporting(0);
$rights=$_SESSION['rights'];
$user=$_SESSION['user'];
//if($user==true){
?>
<!DOCTYPE html>
<html>
<body>       
        <strong style="color: blue;">Username: </strong><?php echo $_SESSION['user']; ?></br>
        <strong style="color: blue;">Rights: </strong><?php echo $_SESSION['rights']; ?>
</body>
</html>

Di ako sure sir bakit ayaw lumabas ng 'rights' sakin, si 'user' lang..

🔒 Closed PHP code, Using $_session in login page?

Journeyman

Eternal Poster

Attachments

Journeyman

Eternal Poster

Journeyman

Eternal Poster

Forum Expert

Journeyman

Eternal Poster

Forum Veteran

Journeyman

Forum Veteran

Honorary Poster

Journeyman

Eternal Poster

Journeyman

Forum Expert

Honorary Poster

Attachments

Eternal Poster

Journeyman

About this Thread

Trending Topics

Online now

Forum statistics