im currently struggling to get my PHP log in to work. Iv used a separations of concerns to structure my php.
Iv already set up in my database a Users table with id, username and password values.
I dont think that there is a problem connecting to my database as i've used the same code in other projects and it works there.
This is my user_repository.php:
<?php
require_once "database.php";
function authenticate_user($username, $password, &$error) {
$sql = "select * from Users where username= '${username}'";
$sql .=" and password='{password}'";
$result = query($sql);
if ($result->num_rows!=1) {
$error = "Username or password was incroeect.";
return null;
}
return $result-> fetch_assoc();
}
function get_user_by_id($id, &$error) {
$sql = "select * from Users where id={$id} limit 1;";
$result = query($sql);
return $result->fetch_assoc();
}
?>
This is my database.php:
<?php
define("SQLHOST", "localhost");
define("SQLUSER", "b3006796");
define("SQLDB", "b3006796_db3");
define("SQLPASSWORD", "*******");
function connect_to_database () {
$mysqli = new mysqli(SQLHOST, SQLUSER, SQLPASSWORD, SQLDB);
if($mysqli->connect_errno) {
echo "failed to connect to mysql: ".$mysqli->connect_errno;
exit();
}
return $mysqli;
}
function query ($sql) {
$mysqli = connect_to_database();
$result = $mysqli->query($sql);
if (!$result) {
echo "failed to run query: ".$mysqli->error;
exit();
}
return $result;
}
?>
This is my index.php:
<?php
session_start();
require_once "user_repository.php";
$error = null;
if (isset ($_POST["username"]) && isset($_POST["password"])) {
$username = $_POST ["username"];
$password = $_POST ["password"];
// Get the assoc array for the user.
$user = authenticate_user($username, $password, $error);
//No error means valid password here.
if (!$error) {
$_SESSION['currentUser'] = $user['id'];
header("location:account.php");
exit();
}
}
?>
<html>
<head>
<title> DIWA Login </title>
</head>
<body>
<h1>login</h1>
<form method="post">
Username:<input name="username"/>
Password:<input name="password" type="password"/>
<input type="submit"/>
<?php if ($error);?>
<p><?php echo $error; ?></p>
</form?
</body>
</html>
And this is my Account.php:
<?php
session_start();
require_once "user_repository.php";
$error = null;
if (!isset($_SESSION["currentUser"])) {
header ("Location: login.php");
exit();
}
$user = get_user_by_id($_SESSION["currentUser"], $error);
?>
<html>
<head>
<title> DIWA Account </title>
</head>
<body>
<h1> Account </h1>
<p> User ID: <?php echo $user["id"]; ?></p>
</body>
</html>
Thanks
If your problem is that you cannot log in, then there is at least one bug:
`$sql .=" and password='{password}'";`
you omitted "$" at 'password', it should be
$sql .=" and password='{$password}'";
Also:
$sql = "select * from Users where username= '${username}'";
should be:
$sql = "select * from Users where username= '{$username}'";
Related
I want after somone is logging in to display the user name on another page page , also is this a good way for login ?
<?php
session_start();
$database =mysqli_connect("localhost", "root", "", "login");
if (isset($_POST['login_bn'])) {
$usrname = mysqli_real_escape_string($db, $_POST['usrname']);
$pas = mysqli_real_escape_string($db, $_POST['pas']);
$sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
$result = mysqli_query($database, $sql);
if (mysqli_num_rows($result) == 1) {
header("location: home.php");
}
?>
And i want to display the username here on the nav bar somwhere
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<button onclick="'">Log Out </button>
<ul>
<!-- Here somehwere -->
<li> Home</li>
</ul>
sorry for newbie Question
Try this, should read this Session in php
set session in login page $_SESSION["usrname"] = $usrname; and get value in
home.php
<?php
session_start();
$database =mysqli_connect("localhost", "root", "", "login");
if (isset($_POST['login_bn'])) {
$usrname = mysqli_real_escape_string($db, $_POST['usrname']);
$pas = mysqli_real_escape_string($db, $_POST['pas']);
$sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
$result = mysqli_query($database, $sql);
if (mysqli_num_rows($result) == 1) {
$_SESSION["usrname"] = $usrname;
header("location: home.php");
}
?>
home.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<button onclick="'">Log Out </button>
<ul>
<!-- Here somehwere -->
<?php echo $_SESSION["usrname"]; ?>
<li> Home</li>
</ul>
i hope it will be helpful.
After selecting data from mysql
if (mysqli_num_rows($result) == 1) {
$_SESSION['uname'] = $result['usrname'];
header("location: home.php");
}
In home.php file just echo the username session wherever you want
<?php echo $_SESSION['uname'];?>
try this code :-
<?php
session_start();
if (isset($_POST['login_bn'])) {
$mysqli = new mysqli("example.com", "user", "password", "database");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$stmt = $mysqli->prepare("SELECT * FROM accounts WHERE usrname='".$usrname."' AND pas='".$pas."'");
$stmt->execute();
$res = $stmt->get_result();
$row = $res->fetch_assoc();
if(!empty($row))
{
$_SESSION["user_name"]=$row["first_name"]." ".$row["last_name"];//and access it anywhere after session_start(); as echo $_SESSION["user_name"]
header("location: home.php");
}
}
<?php
session_start();
$database =mysqli_connect("localhost", "root", "", "login");
if (isset($_POST['login_bn'])) {
$usrname = mysqli_real_escape_string($db, $_POST['usrname']);
$pas = mysqli_real_escape_string($db, $_POST['pas']);
$sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
$result = mysqli_query($database, $sql);
if (mysqli_num_rows($result) == 1) {
$_SESSION['userName']=/*user name here*/
header("location: home.php");
}
?>
than just call $_SESSION['userName'] anywhere in your application to get the name of logged in user
You can use PHP Sessions for this.
Change you first code snippet to
<?php
session_start();
$database =mysqli_connect("localhost", "root", "", "login");
if (isset($_POST['login_bn'])) {
$usrname = mysqli_real_escape_string($db, $_POST['usrname']);
$pas = mysqli_real_escape_string($db, $_POST['pas']);
$sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
$result = mysqli_query($database, $sql);
if (mysqli_num_rows($result) == 1) {
$_SESSION['usrname']=$usrname
header("location: home.php");
}
?>
Then you can access it from any page (as long as you do session_start();) by using $_SESSION['usrname']
For example if you want to print out out the username, then you just have to call
<?php echo $_SESSION['usrname']; ?>
I got 3 files which is connection.php, work.php, and login.php
I am currently working with log-in.
The name of my database is wildlife and it has a field of
wrd_username(for username) AND wrd_password(for password)
I am having a difficulty because the SQL is unable to detect the username and password.
MySQL is required for this PHP.
Please kindly help me.
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '', 'wildlife');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}?>
work.php
<?php
include('login.php');
?>
<html>
<head><title>howww</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>
login.php
enter code here
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$emp_username = $_POST['emp_username'];
$emp_password = $_POST['emp_username'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
whenever I try to input the username and password it always ended up with okay from login.php
Your error seems to be assigning the wrong $_POST variable to password variable:
$emp_password = $_POST['emp_username'];
It should be something lke:
$emp_password = $_POST['emp_password'];
Also, your code is vulnerable to SQL injections. Try learning to use prepared statements.
You need to do these changes into your login.php file
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$emp_username = $_POST['user']; //name as of html form
$emp_password = $_POST['pass']; //name as of html form
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
Your $user and $pass variable are empty always.I have update the login.php page below. Use the below code
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
I believe the problem is:
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
Should be:
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$emp_username' and emp_password='$emp_password'");
Looks like you just had some unused variables in your query to MySQL ($user and $pass weren't really assigned to anything). Other than that, everything looks good.
In just 3 lines, it should like this :
$user = $_POST['emp_username'];
$pass = $_POST['emp_password'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
In connection.php page no need to add database with mysql_connect('localhost', 'root', '','wildlife') as you use it in login.php page mysql_select_db("wildlife",$conn) and in your query just add proper variable in where condition emp_username='$emp_username' and emp_password='$emp_password'"
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}?>
work.php
<?php include('login.php'); ?>
<html>
<head><title>PLEASE GUMANA KA NA</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>
login.php
enter code here
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
if(isset($_POST['user']) && isset($_POST['pass'])){
$emp_username = $_POST['user'];
$emp_password = $_POST['pass'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$emp_username' and emp_password='$emp_password'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
$emp_username = $_POST['emp_username'];
$emp_password = $_POST['emp_username'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
This snippet should change to:
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
Because the form has user and pass parameter, not emp_username or emp_password
I'm trying to make Login system to my project, but I don't know how can I check if the password that the user typed is correct.
Login.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once("guest.php");
require_once("db.php");
$error = "";
global $tf_handle;
$gb = new guest();
if(isset($_POST['login']))
{
$u_email = mysqli_real_escape_string($tf_handle, $_POST['email']);
$u_password = mysqli_real_escape_string($tf_handle, $_POST['password']);
$check = $gb->email_exist($tf_handle,$u_email); // check if email exist in database
if($check) // if true
{
//check if the password is right
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
if($chpassword)
{
$error = "Thanks for loggin , you will be redirected...";
header( "refresh:3;url=index.php" );
}
else
{
$error = "Email Doesn't Exist";
}
}
else
{
$error = "Wrong information";
}
}
?>
<!doctype html>
<html>
<head>
<title>Login Page</title>
<link rel="stylesheet" href="css/styles.css" />
</head>
<body>
<div id="error" style="<?php if ($error !=""){?> display:block;<?php }?>"><?php echo $error;?></div>
<div id="wrapper">
<div id="menu">
Sign Up
Login
</div>
<div id="formDiv">
<form method="POST" action="Login.php">
<label>Email:</label><br/>
<input type="text" name="email" class="inputFields" required /><br/><br/>
<label>Password:</label><br/>
<input type="password" name="password" class="inputFields" required /><br/><br/>
<input type="checkbox" name="keep" />
<label>Keep me logged in</label><br/><br/>
<input type="submit" name="login" class="theButtons" value="Login!" />
</form>
</div>
</div>
</body>
</html>
guest.php
<?php
require_once('db.php');
class guest
{
function email_exist($email,$con)
{
$result = mysqli_query($con,"SELECT * FROM `users` WHERE `email` = '$email'");
if(mysqli_num_rows($result) == 1)
{
return true;
}
else
{
return false;
}
}
}
The problem is in the line below:
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
or the email_exist() function
It makes me log in, even if the password is wrong.
You used an if() statement. You're just declaring the variable $chpassword and thereby calling the SQL Query. This succeeds, so the condition is true. It doesn't really check if it's the same with the password from the database.
Take a look here
You would want something like this:
$query = mysql_query("select * from login where password='$password'
AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
...
}
According to the man page, mysqli_query will return a result even if there are no rows, you need to do something like the following:
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
if($chpassword->num_rows > 0) {
/* do your login stuff */
} else {
/* do not logged in stuff */
}
Also as a side note, I would not store passwords in plain text, I would use something like hash_pbkdf2 to store the passwords in an encrypted fashion.
Create a class that will handle that for you. You're writting too much code.
class users
{
private $mysqli;
public function __construct()
{
$this->mysqli = new mysqli('localhost', 'root', '', 'yourDatabase');
$this->mysqli->set_charset("utf8");
}
public function isLoginValid($email, $password)
{
$query = $this->mysqli->prepare("SELECT email
FROM users
WHERE email = ? AND password = ?");
$query->bind_param("ss", $email, $password);
$query->execute();
$query->store_result();
return ($query->num_rows >= 1 ? TRUE : FALSE);
}
}
Now the only thing you need to do is call the class and the function.
If (and I hope so) you use files to separate the classes do the following:
require_once('users.php');
$user = new users();
if($user->isLoginValid('stack#stackoverflow.com', '123456') == FALSE)
{
echo 'Hold on, there was a problem..';
return;
}
/*
* 1. Set the session
* 2. Set the cookie
* 3. Redirect the user
*/
I've been trying to create a login form for my website but the form seems unable to connect to the table or retrieve info from it. I even tried obtaining some sample code online, but it is still not being able to connect. Here's the code:
session_start();
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is empty";
} else {
$username=$_POST['username'];
$password=$_POST['password'];
$connection = mysqli_connect("localhost", "user", "pass");
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
$db = mysqli_select_db($connection, "cpses_company");
$query = mysqli_query("select * from login where password='$password' AND username='$username'", $connection);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection);
}
}
No matter what values I insert, I keep getting the error code "Username or Password is invalid". The table does contain values and I get this error even when I am inserting the values correctly. I am assuming that it is unable to connect to the database or the table. Any ideas?
edit: HTML (index.php)
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user']))
{
header("location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>PHP Login Session Example</h1>
<div id="login">
<h2>Login Form</h2>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
The problem exist here:-
$query = mysqli_query("select * from login where password='$password' AND username='$username'", $connection);
You need make $connection as first parameter like this:-
$query = mysqli_query($connection,"select * from login where password='$password' AND username='$username'");
Note:- try always to use mysql error reporting so that you will get rid of the problem like you are facing. for that you need to do like below very simple:-
$query = mysqli_query($connection,"select * from login where password='$password' AND username='$username'")or die(mysqli_error($connection));
Some other issue are there, so for your help, Please try like this:-
<?php
session_start();
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is empty";
} else {
//$username=$_POST['username'];
//$password=$_POST['password'];
$connection = mysqli_connect("localhost", "user", "pass","cpses_company"); // direct give db name here
// remove that two line what i said in comment also
$username = mysqli_real_escape_string($connection,$_POST['username']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$query = mysqli_query($connection,"select * from login where password='$password' AND username='$username'") or die(mysqli_error($connection));
//$rows = mysqli_num_rows($query);//comment this line
if ($query->num_rows > 0) {
$_SESSION['login_user']=$username;
header("location: profile.php");
exit;
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection);
}
}
?>
As mysqli_query need paramater like this:-
mysqli_query ( mysqli $link , string $query [, int $resultmode = MYSQLI_STORE_RESULT ] )
Read mysqli_query
So your mysqli_query would be:-
First parameter connection then query
$query = mysqli_query($connection,"select * from login where password='$password' AND username='$username'");
UPDATED
<?php
session_start();
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is empty";
} else {
$username=$_POST['username'];
$password=$_POST['password'];
$connection = mysqli_connect("localhost", "user", "pass","cpses_company"); // direct give db name here
// remove that two line what i said in comment also
$username = mysqli_real_escape_string($connection,$username);
$password = mysqli_real_escape_string($connection,$password);
$query = mysqli_query($connection,"select * from login where password='$password' AND username='$username'") or die(mysqli_error($connection));
//$rows = mysqli_num_rows($query);//comment this line
if ($query->num_rows > 0) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection);
}
}
?>
I am just learning so I would like to ask about the correct way of closing IF in PHP code:
Here is example one at the end of page
<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '$identification' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
$user_level = $user_info["privs"];
if ($user_level=='ADMIN'){}
else {
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
?>
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
<?php
}
mysqli_free_result($result);
mysqli_close($database);
?>
Here is example two before HTML body
<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '$identification' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
$user_level = $user_info["privs"];
if ($user_level=='ADMIN'){}
else {
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
}
mysqli_free_result($result);
mysqli_close($database);
?>
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
Whats is the correct way? At the top or at the end? Is a good idea to use the free result and close database connection? Is this the correct way? I am trying to learn.
Do you mean this?
<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '" . $identification . "' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
//Close your connection here, you dont need it anymore.
mysqli_free_result($result);
mysqli_close($database);
$user_level = $user_info["privs"];
//If $user_level is not equal to 'ADMIN'
if ($user_level != 'ADMIN'){
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
?>
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
//End the If
<?php } ?>
I would recommend putting your html code inside a php file and call it like so:
include('view/myView.php');
All your variables will be passed to this separate file.
so it could look like this:
<?php
session_start();
$identification = $_SESSION['session_name'];
include 'inc/database.php';
$query = "SELECT * FROM `members` WHERE `username` = '" . $identification ."' LIMIT 1";
$result = mysqli_query($database, $query);
$user_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
//Close your connection here, you dont need it anymore.
mysqli_free_result($result);
mysqli_close($database);
$user_level = $user_info["privs"];
//If $user_level is not equal to 'ADMIN'
if ($user_level != 'ADMIN'){
header('Location: security.php?error=missing correct privileges. user is not admin');
exit();
include('view/myView.php');
//End the If
} ?>
myView.php
<html>
<head>
<title>Zona de Pruebas</title>
</head>
<body>
Username: <?php echo $user_info['username']?>, can be here because is admin</div>
</body>
</html>
Which looks alot cleaner. Or is the HTML inside security.php ? if so then you dont need the include.