I was working on my login - register system when i realized i made a problem yet i don't know what it :/
In the index.php page the header should show a welcome guest and link to the login and register page ... and if the gust login show Welcome $username for example.
Yet when i test it ... if i log in it redirect me to the index.php page as i typed in the code yet the msg wont change ...
Here is the codes :
index.php / header.php:
<?php
error_reporting(E_ALL ^ E_NOTICE);
error_reporting(0);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<LINK REL=StyleSheet HREF="css/test-style.css" TYPE="text/css">
</head>
<body id="body">
<div id="header">
<div id="Greeting">
<?php
if ($userid && $username) {
echo "<p>Welcome <b>$username</b></p></p><a href='logout.php'>Logout</a></p>";
} else {
echo "<p>Welcome Guest <br><a href='login.php'>Log in</a> | <a href='register.php'>Register</a></p>";
}
?>
</div>
<div id="logo"><h2>Testing website</h2></div>
</div>
<div id='cssmenu'>
<ul>
<li><a href='#'><span>Test link 1</span></a></li>
<li><a href='#'><span>Test link 2</span></a></li>
<li><a href='#'><span>Test link 3</span></a></li>
<li><a href='#'><span>Test link 4</span></a></li>
</ul>
</div>
<div>
and here is the login.php page :
<?php
error_reporting(E_ALL ^ E_NOTICE);
error_reporting(0);
include 'includes/header.php';
?>
<div id="login">
<h2>Log in</h2>
<?php
if ($_POST['loginbtn']) {
$user = $_POST['user'];
$password = $_POST['pass'];
if ($user) {
if ($password) {
require ("core/connect.php");
$query= mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['username'];
$dbpass = $row['password'];
$dbactive = $row['active'];
if ($password == $dbpass){
if ($dbactive == 1) {
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
header('Location: index.php');
} else {
echo "<font color='red'>You must activate your account to login.</font>";
}
}else {
echo "<font color='red'>You've entered an invalid username or password.</font>";
}
}else{
echo "<font color='red'>You've entered an invalid username or password.</font>";
}
mysql_close();
}else{
echo "<font color='red'>You must enter a password.</font>";
}
} else {
echo "<font color='red'>You must enter a username.</font>";
}
}
?>
<form action="index.php" method="POST">
<font color="black">Username: </font><br><input type="text" name="user"><br><br>
<font color="black">Password: </font><br><input type="password" name="pass"><br><br>
<input type="submit" value="Login" name="loginbtn" />
<br><br>
<font color="black">Don\'t have an account ? Register</font>
</form>
</div>';
<?php include 'includes/footer.php'; ?>
Thanks for reading.
In your login.php you're using this:
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
right after session_start()
You should initialize them before, like this:
$userid = $dbid;
$username = $dbuser;
and them you can set your $_SESSION:
$_SESSION['userid'] = $userid;
$_SESSION['username'] = $username;
In login.php replace
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
to
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;
You actually never set the session variables. Those two line above do that.
Your script needs a lot of work but I just answer the question. Keep learning that's the only way!
Related
So I'm making a Login - Successful Login page with PHP, and using MySQL Database. My code successfully checked the Username and Password and only allowed me to head to the next page once they are correct.
However, I cannot print out the Username on Successful Login page. So I'm not sure if my session is running properly or not.
login.php
<!DOCTYPE HTML>
<html>
<?php
session_start();
?>
<head>
<title>Login</title>
</head>
<body>
<!--<form action ="SuccessfulLogin.php" method = "get"> --> // If I put this in my code, the whole program stops checking Username and Password, and just put me to the next page
<?php
//define variables and set to empty values
$nameErr = $loginErr = "";
$Username = $website = $Password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Username"])) {
$nameErr = "Name is required";
} else {
$Username = test_input($_POST["Username"]);
}
if (empty($_POST["Password"])) {
$passErr = "Password is required";
} else {
$Password = test_input($_POST["Password"]);
}
//continues to target page if all validation is passed
if ( $unameErr ==""&& $passErr ==""){
// check if exists in database
$dbc=mysqli_connect('localhost','testuser','password','Project')
or die("Could not Connect!\n");
$hashpass=hash('sha256',$Password);
$sql="SELECT * from Members WHERE Username ='$Username' AND Password='$hashpass';";
$result =mysqli_Query($dbc,$sql) or die (" Error querying database");
$a=mysqli_num_rows($result);
if ($a===0){
$loginErr="Invalid username or password";
}else{
$_SESSION["Username"]=$Username;
header('Location: /SuccessfulLogin.php');
}
}
}
// clears spaces etc to prep data for testing
function test_input($data){
$data=trim ($data); // gets rid of extra spaces befor and after
$data=stripslashes($data); //gets rid of any slashes
$data=htmlspecialchars($data); //converts any symbols usch as < and > to special characters
return $data;
}
?>
<h2 style="color:yellow" align="center"> Login </h2>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" align="center" style="color:#40ff00">
User Name: <input type="text" name="Username" value="<?php echo $Username;?>"/>
<span class="error">* <?php echo $unameErr;?></span>
<br/><br/>
Password:
<input type="text" name="Password" value=""/>
<span class="error">* <?php echo $passErr;?></span>
<br/><br/>
<span class="error">* <?php echo $loginErr;?></span>
<input type="submit" name="submit" value="Login"/>
</form>
<!--</form>--> // closing tag of form action SuccessfulLogin.php
</html>
SuccessfulLogin.php
<!doctype html>
<html>
<?php
session_start();
$Username=$_GET['Username'];
$_SESSION['Username']=$Username;
?>
<head>
<meta charset="utf-8">
<title>Login Form</title>
<link rel="stylesheet" href="RegisterLogin.css">
</head>
<body>
<!--<form action ="MemberMenu.php" method = "get">-->
<h2><?php echo "User $Username LOGGED IN"; ?></h2> // Doesn't print out the $Username
<p align="center"> Click here to be redirected to the menu page </p>
<!--</form>-->
</footer>
</body>
</html>
you need to check session isset or not.
Change
<?php
session_start();
$Username=$_GET['Username'];
$_SESSION['Username']=$Username;
?>
With
<?php
session_start();
if (isset($_SESSION['Username'])) {
$Username=$_SESSION['Username'];
echo $Username;
}
?>
You're using $_GET["Username"] which will be empty in this example, and then setting $_SESSION["Username"] to the empty variable.
Also this is a very odd way to do user auth.
Change this line of code
<?php
session_start();
$Username=$_SESSION['Username'];
$_SESSION['Username']=$Username;
?>
Into:
<?php
session_start();
$Username=$_SESSION['Username'];
?>
Read more about PHP session here
When a user logs in, how can I check whether another person is logged in already with the same username and display an error such as "This user is already logged in"?
LogIn_form.php
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Insert title here</title>
<link rel="stylesheet" href="NewFile.css">
</head>
<body>
<div id=warper>
<?php include 'Menu.php'; ?>
<div class="box">
<form method="POST" id="formReg">
<div id="account">
<div id="accountN">Account:</div>
<div id="accountV"><input type="text" name="account"></div>
</div>
<div id="pass">
<div id="passN">Password:</div>
<div id="passV"><input type="password" name="password"></div>
</div>
<input type="submit" value="submit" name="submit">
<?php
if (isset ($_POST ['submit'])) {
include 'LogIn_database.php';
}
?>
</form>
</div>
</div>
</body>
</html>
LogIn_database.php
<?php
session_start();
$username = htmlspecialchars($_POST ['account'], ENT_QUOTES, 'UTF-8');
$password = htmlspecialchars($_POST ['password'], ENT_QUOTES, 'UTF-8');
$password_sha1 = sha1($password);
if ($username && $password_sha1) {
//-------------------------------------------------------------------------------------------------------------
include 'MySQL_connect.php';
//------------------------------------------------------------------------------------------------------------------
$query = mysqli_query($conn, "SELECT * FROM portofoliu_table WHERE account= '$username' ");
$numrows = mysqli_num_rows($query);
if ($numrows != 0) {
while ($row = mysqli_fetch_assoc($query)) {
$db_account = $row['account'];
$db_password = $row['password'];
}
if ($username == $db_account && $password_sha1 == $db_password) {
#$_SESSION['account'] = $username;
$_SESSION["logged"] = true;
header("location: AboutMe.php");
exit();
} else
echo "<div id='err'>Your password is incorrected</div>";
$_SESSION["logged"] = false;
exit();
} else
die("<div id='err'>That user don't exists</div>");
} else
die("<div id='err'>Please enter a username and password</div>");
Logout.php
<?php
session_start();
session_destroy();
header("location: AboutMe.php");
?>
I apologize for the wall of text but I've been banging my head against the wall around this problem for awhile so I'm gonna try to provide as much information as possible.
I'm not quite sure if the problem I'm getting has to do with user sessions (I'm new to PHP), but that's what it seems to me.
I ask a user to enter his login information (id and password) to enter the system in ask_login.php:
<div class="login_box">
<h1>Login</h1>
<form method="POST" action="login.php">
<p><input type="text" name="username" placeholder="UserID"></p>
<p><input type="password" name="password" placeholder="Password"></p>
<input type="submit" name="submit" value="Login"></p>
</form>
</div>
If the login details (id and password) are found in the database the user gets logged in to his user portal (login.php) where he can check his details, exams dates, etc..
My problem is whenever I login, if I click for example on the details button to check the user details, it redirects me to my ask_login.php page asking for my login details again saying that I didn't enter any ID/Password details.
I've tried removing the code where it checks if the login forms were submitted blank, and it eventually started working and I was able to click the 'Details' button or any other button, without getting redirected to ask_login.php.
But now when I click on the 'Details' button my "Welcome, username" line doesn't show the username, which makes me think that it has something to do with php sessions. Furthermore, any query that I make won't show the result.
Here's my login.php code:
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if($username && $password) {
$conn_error = 'Could not connect.';
$mysql_db = '------';
if(!mysql_connect('localhost', '------', '') || !mysql_select_db($mysql_db)) {
die($conn_error);
}
$query = mysql_query("SELECT * FROM users WHERE id='$username' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows!== 0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['id'];
$dbpassword = $row['password'];
}
if($username==$dbusername && $password==$dbpassword) {
//echo "You are logged in!";
#$_SESSION['id'] = $username;
}
else {
echo "<script>alert('Username/Password are incorrect');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Wrong username/password!");
}
}
else {
echo "<script>alert('User doesn't exist.');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("That user doesn't exist!");
}
}
else if(empty($username) || empty($password)) {
echo "<script>alert('You didn't enter an ID/Password');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Please enter an ID and password!");
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Logged in | FCUL</title>
<link rel="stylesheet" href="css/stylesheet_loggedin.css" type="text/css"/>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link rel="shortcut icon" href="img/vitor-20130904-favicon.ico"/>
</head>
<body>
<div id="header">
<br/>
<img src="/img/fcul_cent_logo_001.png" width="510" height="70"/>
</div>
<div id="loggedinas">
<br/>
Welcome,
<?php
$result = mysql_query("SELECT nome FROM users WHERE id='$username'");
while($row = mysql_fetch_assoc($result)) {
echo $row["nome"];
}
?>
( <?php echo $username; ?> )
<br/>
<div id="logout">
<font size="2"><u>[Logout]</u></font></a>
</div>
<hr/>
</div>
<?php
//FETCH USER'S BI
if(isset($_POST['username'] )) {
$ID = $_REQUEST['username'];
$query = "SELECT bi FROM users WHERE id='$ID'";
//if query is successful
if($query_run = mysql_query($query)) {
//if it returns 0 rows
if(mysql_num_rows($query_run)==NULL) {
echo "<script>alert('Unexpected Error 004');</script>";
echo "<script language='javascript'>window.location = 'index.php';</script>";
}
while($query_row = mysql_fetch_assoc($query_run)) {
$bi = $query_row['bi'];
//echo $bi;
}
}
}
?>
<br/>
<center>
<div id="buttons">
<form method="POST" action="login.php">
<input type="submit" name="details" value="details">
</form>
<?php
//**print user's BI if he clicks on 'Details' button**
if($_POST['detalhes']){
echo '<div id="content">' . $bi . '</div>';
}
?>
</div>
</center>
</body>
</html>
you cannot access session on first time you insert it in $_SESSION['id'] = $username variable.
you can only access it on the second run of session_start();
try this.
1. make login.php
2. make welcome.php
try to separate the module where login.php will only process for checking
the login process then if this condition success then
<?
if($username==$dbusername && $password==$dbpassword) {
//echo "You are logged in!";
$_SESSION['id'] = $username;
header("location: welcome.php");
}
?>
in welcome.php
<?
session_start();
// this is for the checking if user is loged in
if (!$_SESSION['id']) {
header("location: ask_login.php");
exit;
}
?>
You are not checking if the user is already logged, so, after receiving your post from ask_login.php, when you click anything in your page $username and $userpassword will be null.
Just wrap all your code after session_start with
if($_SESSION['id'] === false)
{
//Your code
$username = $_POST['username'];
$password = $_POST['password'];
if($username &&...
}
wrap your code with this
if ($_SESSION['id']){
//your login checking here
};
e.g
if ($_SESSION['id']){
if($username && $password) {
$conn_error = 'Could not connect.';
$mysql_db = '------';
if(!mysql_connect('localhost', '------', '') || !mysql_select_db($mysql_db)) {
die($conn_error);
}
$query = mysql_query("SELECT * FROM users WHERE id='$username' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows!== 0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['id'];
$dbpassword = $row['password'];
}
if($username==$dbusername && $password==$dbpassword) {
//echo "You are logged in!";
#$_SESSION['id'] = $username;
}
else {
echo "<script>alert('Username/Password are incorrect');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Wrong username/password!");
}
}
else {
echo "<script>alert('User doesn't exist.');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("That user doesn't exist!");
}
}
else if(empty($username) || empty($password)) {
echo "<script>alert('You didn't enter an ID/Password');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Please enter an ID and password!");
}
}
?>
So I'm trying to make a website but I'm stuck on the login no matter what I try I login go to the home page and immediately get logged out please help I really want to get this website up and running by the end of next year
login.php
<?php
SESSION_START();
$_SESSION['uname'] = $uname; // Set the user's name.
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$pass = md5($pass);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
header("Location: home.php");
echo "You are now logged in.";
exit();
}else{
echo "Wrong username and password combination.";
}
}else{
$form = <<<EOT
<form action = "login.php" method = "POST">
Username: <input type = "text" name="uname"> <br />
Password: <input type = "password" name = "pass" /> <br />
<input type = "submit" name = "submit" value = "Login"/>
</form>
EOT;
}
echo $form;
?>e
Home.php
<?php
SESSION_START();
$_SESSION['uname'] = $uname; // Set the user's name.
if($uname){
echo $uname;
}
?>
<?php
if(!$uname){
?>
Register
Login
<?php
}
?>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>ArcheWorlds</title>
</head>
<body bgcolor="black">
<div class = "HomeNav">
Register<!--class = "HomeNavButton"-->
|
Login
</div>
<p>Hello and welcome to Archeworlds!</p>
</body>
<div class="footer" style="border-top: 1px solid #FFFFFF padding-bottom: 10px margin-top: 150px"> <img `src="Pictures/Studio 8 (small).png">`
login_form.php
<?php
session_start();
if (isset($_SESSION['uname'])) {
$username = $_SESSION['uname'];
echo $username;
exit(); # Ready to go!
}
?>
<form action = "login.php" method = "POST">
Username: <input type = "text" name="uname"> <br />
Password: <input type = "password" name = "pass" /> <br />
<input type = "submit" name = "submit" value = "Login"/>
</form>
login.php
<?php
session_start();
$username = mysql_escape_string($_POST['uname']);
$pass = md5(mysql_escape_string($_POST['pass'])); ## This is *INCREDIBLY* insecure
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
$_SESSION['uname'] = $username;
header("Location: home.php"); # Ready to go!
exit();
}
else {
header('login_form.php'); # Failed
}
The simplest way to come up with a more secure password hash is to generate a salt for the database and then come up with an implementation of PBKDF2 using the PHP Manual Page for it
I think you need to make few changes in code: login.php
<?php
if( isset( $_GET['action'] ) && $_GET['action'] == "logout") {
session_unset();
}
if(isset($_POST['submit'])){
SESSION_START();
$_SESSION['uname'] = $_POST['uname']; // Set the user's name.
require('config.php');
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$pass = md5($pass);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
header("Location: Home.php");
exit();
}else{
echo "Wrong username and password combination.";
}
} ?>
& Home.php will be like :
<?php
if( false == isset( $_SESSION['uname'] ) ) {
header("Location: login.php");
exit();
} ?>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>ArcheWorlds</title>
</head>
<body bgcolor="black">
<div class = "HomeNav">
Register|Logout
</div>
<p>Hello and welcome to Archeworlds!</p>
<div class="footer" style="border-top: 1px solid #FFFFFF padding-bottom: 10px margin-top: 150px"> <img src="Pictures/Studio 8 (small).png">
</body>
Note: I haven't tested this code, But will work for you.
I recommend you to study this. http://www.homeandlearn.co.uk/php/php14p1.html. they have examples on Login Database with sessions for users..
I'm creating a website that contains a login page, profile page and logout page. I'm using sessions but I have a problem with dealing with sessions and I cannot understand what the error is or where it is to fix it.
The error I get is in the profile.php **(("you need to be loged in to view profiles"))line 8**
anyone have an idea or a solution plz tel me
login.php
<?php
require_once('for members/scripts/global.php');
$message = "";
if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
//error handeling
if((!$email)||(!$pass)){
$message = "please insert both fields";
}else{
// secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = "the information was incorrect!";
}else{
//start the sessions
$_SESSION['pass']=$pass;
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
/* to create a cookie on the HDD OF THE user
if($remember == "yes"){
//create the cookies
setcookie("id_cookie", $id, time()+60*60*24*100,"/");
setcookie("pass_cookie", $pass, time()+60*60*24*100,"/");
}
*/
header("Location:profile.php");
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style/stylesheet.css"rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="container center">
<p><?php print("$message") ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="Email Adress" /><br />
<input type="password" name="pass" placeholder="Password" /><br />
<input type="submit" name="login" value="Login" />
<strong> Register</strong>
</form>
</div>
</body>
</html>
profile.php
<?php
ob_start();
session_start();
require_once('for members/scripts/global.php');
if($logged == 0){
echo("you need to be loged in to view profiles");
exit();
}
if(isset($_GET['id'])){
$id=$_GET['id'];
$id= preg_replace("#[^0-9]#","",$id);
}else{
$id=$_SESSION['id'];
}
//collect member information
$query = mysql_query("SELECT * FROM members WHERE id='$id'LIMIT 1") or die("could not collect user information ");
$count_mem = mysql_num_rows($query);
if($count_mem == 0){
echo("the user does not exit");
exit();
}
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$fname = $row['firstname'];
$lname = $row['lastname'];
$profile_id= $row['id'];
if($session_id == $profile_id){
$owner = true;
}else{
$owner = false;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php print("$fname"); ?> <?php print("$lname"); ?>'s profile</title>
<link href="style/stylesheet.css" type="text/css"/>
</head>
<body>
<div class="container center">
<h1><?php print("$username"); ?></h1>
<?php
if($owner == true ){
header("Location: profile.php");
?>
<!--
edit profile<br />
account settings<br />
-->
<?php
}else{
header("Location: index.php");
?>
<!--
private message<br />
add as friend<br />
-->
<?php
}
?>
</div>
</body>
</html>
<?php flush(); ?>
logout.php
<?php
session_start();
session_destroy();
/*
if(isset($_COOKIE['id_cookie'])){
setcookie("id_cookie", "", time()-50000,"/");
setcookie("pass_cookie", "", time()-50000,"/");
}
*/
if(isset($_SESSION['username'])){
echo("we could not log out try again!");
exit();
}else{
header("Location: home.php");
}
?>
global.php
<?php
if(!isset($_SESSION))
{
session_start();
}
require_once('connect.php');
//checking if sessions are set
if(isset($_SESSION['username'])){
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['pass'];
$session_id = $_SESSION['id'];
//check if the member exist
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
while($row = mysql_fetch_array($query)){
$session_username = $row['username'];
}
//create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;
}else{
header("Location: logout.php");
exit();
}
}
$logged = 0;
/*
elseif(isset($_COOKIE['id_cookie'])){
$session_id = $_COOKIE['id_cookie'];
$session_pass = $_COOKIE['pass_cookie'];
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count > 0){
//loged in stuff here
$logged = 1;
}else{
header("Location: logout.php");
exit();
}
//if user is not log in
}
*/
?>
You're using $_SESSION without properly starting the session with line session_start() in your login.php page.
There are a few thing that can be wrong with what you have written. The $logged == 0 is defined in global.php I suppose. Is it starting the session in it as well (i.e., do you have session_start() in global.php)?
As far as I can see $logged could be whatever and thus you get the error. Starting the session in logging.php also should be fixed if not in global.php.
ok. Take everything out of global.php. If you want leave only session_start() but remove it from login.php and profile.php.
Then you have to move the sql query that checks the password and the username against the database to login.php instead of global.php and have it like this.
//check if the member exist
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
header("Location: profile.php");
while($row = mysql_fetch_array($query)){
$session_username = $row['username'];
}
//create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;
}else{
$logged = 0;
header("Location: logout.php");
exit();
}
you do not need these in login.php (replace them with the code above)
$message = "";
if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
//error handeling
if((!$email)||(!$pass)){
$message = "please insert both fields";
}else{
// secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = "the information was incorrect!";
}else{
//start the sessions
$_SESSION['pass']=$pass;
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;