Developing Hybrid App I know it is possible to use php session. Anyone know how it works? I would like to display all the info of the user logged-in on their home page like, fullname, contact no., address, etc.
The login: (login.html) This is the code with ajax:
function handleData(responseData) {
var response = JSON.parse(responseData);
var access = response.user_access;
if (access == "real") {
alert("Welcome");
location.href = "home.html"; //should redirect and auto display all the info.
} else {
alert("Your username and password didn\'t match.");
}
}
So the login page send request to the server to log-in.
Now the server side(PHP) code.
if(isset($_POST['input_email']) && isset($_POST['input_password'])){
$post = $_POST;
array_walk_recursive($post, 'clean');
//SQL query here- check if email/password match
$using = 'real';
}
if($user['user_status'] == 'active'){
$_SESSION['user_id'] = $user['user_id'];
$_SESSION['user_email'] = $user['user_email'];
$_SESSION['user_fullname'] = $user['user_fullname'];
}else{
$using = 'notmatch';
}
Declare variable for session:
$user_fullname = $_SESSION['user_fullname'];
$user_id = $_SESSION['user_id'];
$user_email = $_SESSION['user_email'];
$result_array = array( user_id => $user_id, user_fullname => $user_fullname, user_email => $user_email, user_access => $loggedinusing);
echo json_encode($result_array);
}
Login was working well and redirected to the home page when login credentials are right. My home.html for now don't have any code. I need for now is to display the user info in home page with PHP session. I don't know where to start.
Related
I am trying to learn php and I am trying to login with this user;
When user1 logs in and a new window user2 logs in, when I refresh the user1 page, the user1 information disappears and the user2 information comes.
There is no such problem with the videos I watch on the internet.
Is there a way to do this without using javascript session storage?
$mail = strip_tags(trim($_POST['mail']));
$pass= strip_tags(trim($_POST['pass'])) ;
$control = $db->prepare("SELECT * FROM users WHERE BINARY usermail = :mail and userpass = :pass");
$control->execute(array(
"mail" => $mail,
"pass" => $pass
));
if($control->rowCount()){
$user = $control->fetch(PDO::FETCH_ASSOC);
$_SESSION['user'] = $user;
header("location:usercontrol");
}else{
$error['login'] = "...";
}
you need to check is the is set session is set using the super $_SESSION global variable like so
if (isset($_SESSION['user'])) {
echo '<script type="text/JavaScript">
sessionStorage.clear()</script>';
} else {
session_start();
// your code
}
I want to add a condition where if the email is admin#example.com and password is admin, then the admin will be redirected to admin.html, which is different to what a normal user will be redirected to (user.html). P.S. the admin and users are in the same table. Thanks in advance.
<?php
require_once ('../../connect.php');
$user_email = $_POST['user_email'];
$user_password = $_POST['user_password'];
if ($user_email != NULL AND $user_password != NULL)
{
$login = "SELECT * FROM tblusers where user_email = '$user_email' AND user_password = '$user_password' AND user_type=0";
$result = mysqli_query($dbc, $login);
if (mysqli_num_rows($result) >0 )
{
setcookie('user_email', $user_email);
setcookie('user_password', $user_password);
echo '<script type="text/javascript"> window.location ="register.php"; </script>';
}
else
{
echo '<script type="text/javascript"> alert("The email or password you have entered may be incorrect"); window.location ="login.html"; </script>';
}
}
else ($user_email != NULL AND $user_password != NULL)
{
$login = "SELECT * FROM tblusers where user_email = '$user_email' AND user_password = '$user_password' AND user_type=1";
$result = mysqli_query($dbc, $login);
if (mysqli_num_rows($result) >0 )
{
setcookie('user_email', $user_email);
setcookie('user_password', $user_password);
echo '<script type="text/javascript"> window.location ="members.php"; </script>';
}
else
{
echo '<script type="text/javascript"> alert("The email or password you have entered may be incorrect"); window.location ="login.html"; </script>';
}
}
else
{
echo '<script type="text/javascript"> alert("Please enter your email and password in the relative fields"); window.location ="login.html"; </script>';
}
mysqli_close($dbc);
?>
Hmm, your post makes it really difficult to properly provide an answer, but I will try. Before that, know that #RiggsFolly really has made the most important point - get a better tutorial. I would use comments because there are some things that could be clarified but my reputation does not allow me to do that yet. So here goes an attempt at an answer.
What exactly is the logic you are trying to implement? It seems to roughly be:
if (user provides credentials AND credentials exist in database AND credentials are for user_type == 0) {
save credentials;
send user to registration page;
} else if (user provides credentials AND credentials exist in database AND credentials are for user_type == 1) {
save credentials;
send user to members page;
} else {
send user to login page;
}
We can streamline this logic a bit:
if (user has provided credentials) { // if this fails, user is sent to login page
// Now check if credentials exist in database
// Notice I am using comments? Use them to make your code more readable and to better explain what you're doing/what you did!!!
// Query the database only for matching username and password first.
$login = "SELECT * FROM tblusers where user_email = '$user_email' AND user_password = '$user_password'";
$result = mysqli_query($dbc, $login);
// If this returns a match, then check for user_type. Otherwise, prompt user to provide correct credentials.
if (mysqli_num_rows($result) > 0 ) {
// Obtain the results of the query in an associative array so that you can easily access the value of 'user_type'
$row = mysqli_fetch_assoc($result);
// We have confirmed that the credentials exist. So we can save them
// But as RiggsFolly correctly points out, PLEASE look for alternatives more secure than cookies
save credentials;
// Now check the value of user_type and respond accordingly
if ($row["user_type"] == 1) { // admin
send user to admin page; // which seems to be members.php;
} else { // user
// I assume there is no other user_type.
// If there is, make this an elseif statement that checks if user_type == 0
send user to user page; //which seems to be register.php
}
} else {
display message that credentials are incorrect;
send user to login page;
}
} else {
send user to login page;
}
Again, read ALL the links provided by #RiggsFolly and implement them. As he pointed out, we try to improve your code not to write it for you, which is why I tried to stick to the code you provided.
I do hope this helps you. Wish you the best as you learn.
Why my facebook log in code not ask user for permission ?
Normally facebook lo ing on other website. when user log in with facebook on first time. It's will show ask permission box. But my facebook login code not show ask permission box. (still log in success)
How can i do for show ask permission box
<?php
include("connect.php");
session_start();
ob_start();
define('APP_ID', 'xxxxxxxxxxxxxxx'); // Your Facebook Application ID goes in here
define('APP_SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); // Your Facebook Application Secret goes in here
define('LOGIN_PAGE_URL', 'https://www.example.com/'); // The URL to your login page ending with a slash goes in here. Example: https://www.vasplus.info/demos/login_with_fb/
include 'vpb_fb/facebook.php';
//Facebook Application Details
$facebook_application_info = new Facebook(array('appId' => APP_ID, 'secret' => APP_SECRET));
//Get Facebook user id
$vpb_get_user = $facebook_application_info->getUser();
/**************************************************************************************************
* This script is brought to you by Vasplus Programming Blog by whom all copyrights are reserved.
* Website: www.vasplus.info
* Email: vasplusblog#gmail.com or info#vasplus.info
* Do not remove this information from the top of this page please.
***************************************************************************************************/
//Be sure that the user id is not an empty field before you can proceed
if ($vpb_get_user && !empty($vpb_get_user))
{
try { $vpb_fetch_data = $facebook_application_info->api('/me'); } // This user is authenticated therefore, proceed
catch (FacebookApiException $ex)
{
error_log($ex);
$vpb_get_user = null;
}
//Be sure user data from Facebook is not empty
if (!empty( $vpb_fetch_data ))
{
$uid = $vpb_fetch_data['id'];
$first_name = $vpb_fetch_data['first_name'];
$last_name = $vpb_fetch_data['last_name'];
$full_name = $vpb_fetch_data['name'];
$user_name = $vpb_fetch_data['username'];
$email = $vpb_fetch_data['email'];
$gender = $vpb_fetch_data['gender'];
$birthday = $vpb_fetch_data['birthday'];
$location = $vpb_fetch_data['location'];
$bio = $vpb_fetch_data['bio'];
$vpb_fb_logout = array('next' => LOGIN_PAGE_URL.'logout.php');
$logout_url = $facebook_application_info->getLogoutUrl($vpb_fb_logout);
$_SESSION['complete_logout'] = $logout_url;
// Be sure that the most important user info are in place then proceed
if(!empty($uid))
{
$_SESSION['Username'] = $username_user;
$_SESSION['admin'] = '0';
}
else
{
// There was an error therefore, take the user back to the login page
header('location: index.php?facebook_error=1'); // If the user denies the application access to his or her account
}
}
else
{
// There was an error therefore, take the user back to the login page
header('location: index.php?facebook_error=2'); // If something go wrong
}
}
else
{
// There was an error therefore, take the user to login via Facebook again with permission info
$vpb_login_url = $facebook_application_info->getLoginUrl(array('scope' => 'email, user_birthday, user_location, user_photos', 'redirect_uri' => LOGIN_PAGE_URL.'facebook_redirect_to_index.php'));
header("location: " . $vpb_login_url);
}
?>
I've finally got the courage to make a user login system after who knows how long of putting it off. My only problem is that when I submit the login form it reloads the page and it says that I am logged in, great.
However if I reload the page or go to another page and come back to the original page it forces me to login again. Can anyone help with this? I have a session_start() in the base file that is included in all other page files before the database connection.
I then have the following code for my user login side of things, which as I said, works the first time around, but after that any other interaction will essentially log me out. Any help with this?
The user page which logs you in and creates the session...
Please note that this isn't a live environment so security is being put on the bench for now. However I am aware I will need some security measures in place in the future though.
// Check if the user is logged in or not
if((!empty($_SESSION['loggedin'])) && (!empty($_SESSION['username']))) {
$loggedin = true; // The user IS logged in
} else {
if(isset($_POST['login'])) {
// The login form has been submitted
if((empty($_POST['username'])) || (empty($_POST['password']))) {
// If either username or password fields are blank
$loginfail = true; // If the user could not be logged in
if(empty($_POST['username'])) { $nousername = true; }
if(empty($_POST['password'])) { $nopassword = true; }
} else {
// Username and password field were filled in okay
$username = $_POST['username'];
$password = $_POST['password'];
$checklogin = mysqli_query($sql, "SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die($checklogin . "<br/>" . mysqli_error($sql));
if(mysqli_num_rows($checklogin) == 1) {
// If the login details match up, log them in
$loggedin = true; // The user IS NOT logged in
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
} else {
// If the login details don't match up, don't login
$loginfail = true; // If the user could not be logged in
}
}
}
}
Thanks!
I am new to php and I am making a basic login script.
All I want to do is log in and have the cookie for my user_id stored.
It works on all of my other pages, except my index page which is one directory up.
So on my index page, I have this if statement:
<?php
if (!isset($_COOKIE['user_id'])) {
sign_in();
} else {
echo "You're already logged in!";
}
?>
No matter what I do, the sign_(); function always shows.
But here's the kicker:
On my login script, the whole thing goes through as if I successfully logged in.
I send it back to this page using:
header("Location: ../index.php");
(It is up one directory)
However, when I make it link to a page in the same directory, it registers the cookie and everything is alright.
header("Location: show_user.php");
If you want a hands on view, you can go to http://patti-bee2.dcccd.edu/coleman/wonder%20penguin/php/signup.php to make your account. And http://patti-bee2.dcccd.edu/coleman/wonder%20penguin/php/show_user.php to view it. And notice how the index page doesn't register the cookie.
How I tried to set the cookie:
if (isset($_POST['usernamelogin'])) {
$user_login = $_REQUEST['usernamelogin'];
$pass_login = $_REQUEST['passwordlogin'];
$pass_login = trim(crypt($pass_login, $user_login));
$login_query = sprintf("SELECT username, user_id FROM user WHERE username = '%s' and password = '%s';", mysql_real_escape_string($user_login), mysql_real_escape_string($pass_login));
$loginresult = mysql_query($login_query, $dbConn);
echo $login_query;
if (mysql_num_rows($loginresult) == 1) {
$userinfo = mysql_fetch_array($loginresult);
$username = $userinfo['username'];
$userid = $userinfo['user_id'];
setcookie('username', $username);
setcookie('user_id', $userid);
header("Location: show_user.php");
exit();
} else {
echo "Couldn't find your account!";
}
}
Please excuse my unrefined page and amateur mistakes. I have a lot to learn.
Any ideas?
Thank you for your time.
Check if you have the cookie with the following
<?php
var_dump($_COOKIE);
//if (!isset($_COOKIE['user_id']))
if (empty($_COOKIE['user_id']))
{
sign_in();
}
else {
echo "You're already logged in!";
}
?>