PDA

View Full Version : Problems with login script


Mark_W
08-09-2007, 12:49 AM
Hello,

I have been at this piece of code for a few hours now and it is doing my head in.

This is my code.

<?php

if (!$_POST['submit'])
{
?>

<form action="<?php $_SERVER['PHP_SELF'];?>" enctype="multipart/form-data" method="post">

<input name="username" type="text" class="forminput" id="username" onblur="if(this.value == '') {this.value = 'Username';}" onclick="if(this.value == 'Username') {this.value = '';}" value="Username" />

<input name="password" type="password" class="forminputb" id="password" onBlur="if(this.value == '') {this.value = 'Password';}" onClick="if(this.value == 'Password') {this.value = '';}" value="Password" />

<input name="submit" type="submit" class="formsubmit"value="Login" />

</form>

<a href="register.php">Sign Up!</a>
<?php

}
else
{
if ($userid && $password) {
///////////////////////////////////////////////
$query = sprintf("SELECT * FROM members where user_name='$userid' and user_password='$password'");
$result = @mysql_query($query);
$rowAccount = @mysql_fetch_array($result);
///////////////////////////////////////////////
}

if ($rowAccount){
$_SESSION['id'] = $rowAccount['user_id'];

echo "YES";

}elseif($submitted){
$echostring = "You are not authorised to enter";
}
}
?>This is the code which appears above the html

session_start();
include("includes/security.php");

$id = $_SESSION['id'];

///Page Variables///
$userid = $_POST['username'];
$password = $_POST['password'];
$submitted = $_POST['submit'];
////////////////////

Now that code works fine..up to a certain point.

What I want to happen is for the user to provide their user name and password and the login box to change into a control panel. (for testing purposes at the moment when they log in it only says 'YES') This works fine.

However, I also want the user to stay logged in until they click log out, at the moment when the user changes page the form goes back to asking for the user name and password.

I've created a login script before, however I'm doing it differently to how I did it before because the other way isn't how I want it to work for this one.

Thank you for your help once again.

Mark

davidj
08-09-2007, 05:56 AM
hi mate

your using a...


if (!$_POST['submit']) //<< if $_POST is not set...


the login form will appear all the time as when you return to the page the $_POST isnt set.

The best thing would be to use your session id like this...


if (!$_SESSION['id']){
?>
//////// form here

dont use the $_POST

Mark_W
08-09-2007, 11:39 AM
Oh of course, that makes perfect sense now. Just need to clean a bit of it up now.

Thanks David.