i have a master page where all my menus are in and m unable to check if the user has logged in or no this is what i have so far
functions.php
<?php
ob_start();
function loggedin()
{
if(isset($_SESSION['user_id'])&&!empty($_SESSION['user_id']))
{
return true;
}else
{
return false;
}
}
?>
Masterpage.php
if(!loggedin()){
echo "log out";
}else{
echo "log in";
}
but this doesn't work for some reason i am always shown with the Logout option
i have tried changing the if statement but no success.
you have to start a session with session_start() before checking th session, and to make sure that the session has been opened with the correct name and value.
Also you can optimize your function to:
function loggedin(){
return !empty($_SESSION['user_id']);
}
Related
I want to make a simple PHP page where you can only access if you log in first. My code is something like this:
if (the user logged in correctly) {
session_start();
echo "THE HTML PAGE. (I did this in echo because I only want to show it for the logged in users.)";
} else {
header ("Location: index.html");
die();
session_destroy();
}
So my goal is that, when the user click onto the "Go back on page" button, the session gets destroyed, and only start a new after logged in. But now, if the user click onto the "Go back on page" button, than click onto the "Go forward on page" button. it says, Document Exired. It's cool, but if I refresh the page, I can access the page without login.
Here is a solution
// put on top of every page
session_start();
function is_logged_in(): bool
{
if (isset($_SESSION['email']) && isset($_SESSION['id']) && isset($_SESSION['is_logged_in'])) {
return true;
} else {
return false;
}
}
function is_auth()
{
if (!is_logged_in()) {
session_destroy(); // change happend here
header("Location: index.html");
die();
}
}
is_auth();
// add your code here
if(isset($_SESSION['email']) && isset($_SESSION['id']))
{
return true;
}
else
{
return false;
}
// and then call this function in header file to check.
header ("Location: index.html");
die();
session_destroy();
Regarding session destruction, you cannot do it that way. See below:
First you need to destroy the session.
Then you need to redirect the user.
Correct:
session_destroy();
header ("Location: index.html");
die();
sometimes unset function also works see unset and destroy are two seprate function,
unset is useful for unsetting the some values like email,id,name etc and destroy completely destroys session, so make sure destroying the session you again not need the session so try to use unset().
I have a login page and I want to achieve this effect:
If user fails to login, display error message. After user presses refresh button, the error message should not be visible anymore.
I dont want to pass $_GET variable, for example index?page=login$failure. I want to do this in invisible in url way.
<?php
if(isset($_POST['submit_form_register'])) {
...
if($login === false) {
$user->go_to('index.php?page=login'); //Redirects back, cleaning the $_POST data.
}
..
}
?>
Now how do I say for my form, that something before redirect went bad without addint it with $_GET?
Update. So using sessions, can I do like this?
<?php
if(isset($_POST['submit_form_register'])) {
...
if($login === false) {
$_SESSION['is_form_error'] = true;
$user->go_to('index.php?page=login'); //Redirects back, cleaning the $_POST data.
}
..
}
?>
And for HTML output:
<?php if(isset($_SESSION['is_form_error']) and ($_SESSION['is_form_error'] === true)) { ?>
<div>Your email or credential is invalid.</div>
<?php } unset($_SESSION['is_form_error']); ?>
But this one doesnt work for me. I bet its because something wrong with unset. Any tips?
SOLVED: Didn't have exit; after header(); in $user->go_to($url);
You could use Session for show and hide errors
When user enter wrong user/pass you set error session and use it in view and then delete session(after showed)
`//Set Session
if (!$success) {
$_SESSION['login_error'] = 1;
}
//show
if (isset($_SESSION['login_error'])) {
echo "Invalid Username/Password";
unset($_SESSION['login_error']);
}`
Don't forget to start code with session_start();
Using the following php script. How I make active the session till the user logout. Its logging out every 30 min(approximately). OR if logout user redirect to the last page visted.
<?PHP
require_once("./include/membersite_config.php");
if(!$fgmembersite->CheckLogin())
{ $loggedin="0";} else { $loggedin="1"; }
if ($loggedin=="1") {echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('You are already signed in. Please continue to use')
window.history.back();
</SCRIPT>");
exit; }
if(isset($_POST['submitted']))
{
if($fgmembersite->Login())
{
$fgmembersite->RedirectToURL("Upload.php");
}
}
?>
function CheckLogin()
{
session_start();
$sessionvar = $this->GetLoginSessionVar();
if(empty($_SESSION[$sessionvar]))
{
return false;
}
return true;
}
That's a PHP config issue. If you don´t have any access to the php.ini file or don´t wanna mess with it, what you can do is that every time you enter a page you save the current page in a table on the database (it should have a relation with the user table), and when the user log outs after the 30min limit, you just retrieve that value from the database.
You can get the current URL with $_SERVER['PHP_SELF']. To check if the user logout just save a session variable and everytime the page is load do:
if(!isset($_SESSION['userid'])){
// redirect to the page in the database table
header("Location: ".$field_from_db);
}
Hope it helps!
This is the code i have at the moment but will not work, displays log out button when logged in only on one page then logs user out automatically ?
<?php
if(!session_is_registered(myusername))
{
echo '<b>Log In</b>';
}
else
{
echo '<b>Log Out</b>';
}
?>
You had forgotten to do session_start() out of many things, and please make sure to share that, on every one of your pages, where you want to enable session protection.
<?php
session_start();
if(!isset($_SESSION['username']) && empty($_SESSION['username']))
{
echo '<b>Log In</b>';
}
else
{
echo '<b>Log Out</b>';
}
?>
session_is_registered is deprecated. Try using $_SESSION instead
if ($_SESSION["isLoggedIn"]) {
// Log out HTML goes here
} else {
// Log in HTML goes here
}
You'll need to include session_start() at the top of all of your files and you can set $_SESSION["isLoggedIn"] just like any other variable: $_SESSION["isLoggedIn"] = TRUE
Ok, having trouble here:
I created a login script, so after a person logs in then they will get direted to another page. And also, I have it redirecting them to the login page if they try and access one of those other pages.
My problem is, if a user is logged in and stumbles to the login page again --by accident-- I would like for it to recognize that the user is logged in and redirect them to that next page (which is index2.php) ?? Having troubles :-(
Here is my code so far:
require_once "inc/functions.class.php";
$quickprotect = new functions('inc/ini.php');
if (isset($_SESSION['goAfterLogin'])){
$goto = $_SESSION['goAfterLogin'];
unset($_SESSION['goAfterLogin']);
}
else $goto = $quickprotect->settings['DEFAULT_LOGIN_SUCCESS_PAGE'];
if (isset($_POST[username])) {
if($quickprotect->login($_POST[username], $_POST[password])) header ("Location: $goto");
}
Here is how I store a users session in the functions page
public function is_logged_in() {
//Determines if a user is logged in or not. Returns true or false;
if ($_SESSION['logged_in'] === md5($this->settings[ADMIN_PW])) {
return true;
}
else return false;
}
You don't mention how you store your users in your session, but something like this should do it for you:
if(isset($_SESSION['user']))
{
header("Location: index2.php");
exit;
}
This will check if you have a user in your session, and if so, redirect to index2.php.
You need to change 'user' according to your session key.