So i have made a simple log in system in php how would i go on making a function on php to check if someone is online also can it be done in php
login system
<?php
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Please Enter a username and password';
} else if (user_exists($username) === false) {
$errors[] ='Sorry but the user you entered dose not exist';
} else if (user_active($username) === false) {
$errors[] ='You have not activated your account please check your email to activate your account';
} else {
if (strlen($password) > 32){
$errors[] ='Passwords to long !';
}
$login = login($username, $password);
if ($login === false) {
$errors[] ='incorrect username or password';
} else {
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
} else {
$errors[] = 'No information received';
}
echo output_errors($errors);
?>
You can use sessions for this:
http://php.net/manual/en/book.session.php
Simple usage of sessions:
// Start the session
if(!session_id())
session_start();
$_SESSION["the_user"] = true;
// To check if the session is alive
if(!empty($_SESSION["the_user"]))
echo "User is online !";
else
echo "User isn't online!";
// Delete the session
unset($_SESSION["the_user"]);
Note that this is just a simple usage of the session, the session will be alive even if the user went of the site. but it will be for a few minutes. (session's expire time)
Related
I have a login system for a member/admin site. The login is working perfectly, but I want to verify the user and give error messages if it's not the correct user or password. So far, with what I have, it will not give any error messages although I'm not getting any errors either.
function error_message(){ $error = '';
$loginName = isset($_REQUEST['loginName']) ? $_REQUEST['loginName'] : "";
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : "";
{$results = connect($loginName);
$loginName === $results['email'];
$passwords = password_verify($password,$results['password']);
if(!$results) {$error = 'Username not found'; echo $error; header ('Location: home.php');} //if no records returned, set error to no username
else //if found {if ((isset($password)) !== (isset($passwords))) //check password, if matched log him in
{ $error = 'Password is wrong'; echo $error; header('Location: home.php');} //if not matched then set error message
}
}
if(isset($error)) {echo $error; }//if there is an error print it, this can be anywhere in the page
}
This is my connection and how it is logging in:
function connect($loginName) {
global $db;
$query = "SELECT email, level, password FROM members WHERE email ='$loginName'";
$result = $db->query($query);
$results = $result->fetch(PDO::FETCH_ASSOC);
return $results;
}
Login:
function login($loginName, $password) {
$results = connect($loginName);
if(!$results) {
header('Location: /tire/admin/home.php?err=1');
}
if ($loginName === $results['email'] && password_verify($password,$results['password'])) {
$_SESSION['loginName'] = $loginName;
if ($results['level'] === 'a') { // 1 == Administrator
$_SESSION['level'] = 'Administrator';
header('Location: /tire/admin/home.php');
} elseif ($results['level'] === 'm') { // 1 == Member
$_SESSION['level'] = 'Member';
header('Location: /tire/member/home.php');
exit;
}
}
header('Location: /tire/admin/home.php');
}
Wow, that's some nasty code we have here. Let's get started:
Let's first take a look in the connect function:
Gets the row where the email matches the loginName provided.
Return the array with the desired row.
That's correct.
Now let's take a look to the login function:
Retrieves the row where the email matches loginName.
If there is no row (email does not match any user), redirects to home.php of ¿ADMIN? with the variable $err = 1.
Recheck the email (what for?) and verify the password.
If password is correct, it checks permissions and redirects to the correspondent home.php.
Notice that if there is no matches for a permission, it redirects you to admin home.php.
Notice that if the password is incorrect, you do nothing.
I will improve this code:
function login($loginName, $password) {
$results = connect($loginName);
if(!$results) {
header('Location: /tire/error.php?code=1');
}
if (password_verify($password,$results['password'])) {
$_SESSION['loginName'] = $loginName;
if ($results['level'] === 'a') { // 1 == Administrator
$_SESSION['level'] = 'Administrator';
header('Location: /tire/admin/home.php');
} elseif ($results['level'] === 'm') { // 1 == Member
$_SESSION['level'] = 'Member';
header('Location: /tire/member/home.php');
exit;
}
} else {
header('Location: /tire/error.php?code=2');
}
}
And then in error.php (or whatever place you would like to show the errors, it's just an example):
switch($_GET['code']){
case 1:
$error = "Email invalid";
break;
case 2:
$error = "Password invalid";
break;
}
print $error
That being said, I will strongly recommend you to read about exceptions and implement the logic based on that. It's far more clean than the code above, but I didn't want to change your code so drastically.
See: http://php.net/manual/en/language.exceptions.php
Is there something wrong about my code? It works but its not redirecting to my index.php it always ended up in the login.php where the form is located.
<?php
include 'core/ini.php';
if (empty($_POST) === false) {
$username = $_POST ['username'];
$password = $_POST ['password'];
if (empty ($username) === true || empty ($password) === true ) {
$errors[] = 'You need to enter a username and password!';
} else if (user_exists($username) === false) {
$errors[] = 'We can\'t find that username. Have you registered?';
} else if (user_active($username) === false) {
$errors[] = 'You haven\'t activated your account! ';
} else {
$login = login($username, $password) ;
if ($login === false) {
$errors[] = 'That username/password combination is incorrect ';
} else {
$_SESSION['user_id'] = $login;
header('Location :index.php');
exit();
}
}
print_r($errors);
}
?>
thanks!
EDIT *
this is my login.php
<?php
include 'core/ini.php';
if (empty($_POST) === false) {
$username = $_POST ['username'];
$password = $_POST ['password'];
if (empty ($username) === true || empty ($password) === true ) {
$errors[] = 'You need to enter a username and password!';
} else if (user_exists($username) === false) {
$errors[] = 'We can\'t find that username. Have you registered?';
} else if (user_active($username) === false) {
$errors[] = 'You haven\'t activated your account! ';
} else {
$login = login($username, $password) ;
if ($login === false) {
$errors[] = 'That username/password combination is incorrect ';
} else {
$_SESSION['user_id'] = $login;
header('Location :index.php');
exit();
}
}
print_r($errors);
}
?>
this is where the process go. I don't know where should I put my start session but I don't know why it works without having an error.
change header('Location :index.php'); to header('Location: index.php'); That space might be the cause.
I guess you missed the session_start(); on top of the page since you are storing session. Initiate the session_start();.
Also does your login() function returns TRUE? Echo something to check whether the function returns TRUE as expected.
You hae to use session_start on top of page and I think you should remove exit after headerlocation..
my error handling does not seem to work when i click the submit button without entering any of the fields,i can still login what exactly am i missing ?? its seems my validation is not working,
this is my code below
login.php
<?php
include 'core/init.php';
if (empty($_post) === false) {
$username = $_post['username'];
$password = $_post['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false ) {
$errors[] = 'Username not found';
} else if (user_active($username) === false ){
$errors[] = 'You haven\' activated your account';
} else {
if (strlen($password) > 32){
$errors[] = 'Password too long';
}
$login = login($username, $password);
if($login === false){
$errors[] = 'That username/password combination is incorrect';
} else {
$_session['user_id'] = $login;
header('location: index.php');
exit();
}
}
} else {
$errors[] = 'No data recieved';
}
include 'includes/overall/header.php';
if (empty($errors) === false){
?>
<h2> we tried to log you in, but...</h2>
<?php
echo output_errors($errors);
}
include 'includes/overall/footer.php';
?>
my init.php
<?php
session_start();
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$errors = array();
?>
general.php
<?php
function sanitize($data){
return mysql_real_escape_string($data);
}
function output_errors($errors) {
return '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>';
}
?>
Use $_POST instead of $_post, they both are different variable, as php is case-sensitive for variable names.
I've made a website that users can now successfully login to but depending on which group the user is in, I would like to redirect them to different pages after logging in. I have a database with a row "training_group" and if for example, they are in group 2013_1, they would be directed to homepage_20131.php after logging in.
I've been looking for tutorials online and have found a possible solution with a switch function? but I am unsure of how/where to implement this. I just started learning php and would be grateful for any advice given!
Right now, my login page looks like this:
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'please input a username and password first! ';
} else if (user_exists($username) === false) {
$errors[] = 'We could not locate you in our database.';
}
$login = login($username, $password);
if ($login === false) {
$errors [] = 'That username/password combination is incorrect';
}
else {
$_SESSION['user_id'] = $login;
header('Location:logged_in/templates/logged_in_home.php');
exit ();
}
}
else {
$errors [] = 'No data received';
}
include 'includes/overall/header.php';
if (empty ($errors) === false) {
?>
<h2>We tried to log you in, but...</h2>
<?php
echo output_errors($errors);
}
include 'includes/overall/footer.php';
?>
Here are a couple snippets that might get you going in the right direction.
function login($username, $password){
//... your login code .. database call
if($validLogin){
$user_id = id from database;
$group_id = id from database;
$return = array('user_id' => $user_id, 'group_id' => $group_id);
}
else{
$return = false;
}
return $return;
}
$userinfo = login($username, $password);
if ($userinfo === false) {
$errors [] = 'That username/password combination is incorrect';
}
else {
$_SESSION['user_id'] = $userinfo['user_id'];
$_SESSION['group_id'] = $userinfo['group_id'];
$page = 'homepage_' . str_replace('_', '', $userinfo['group_id'] . '.php';
header('Location:' . $page);
exit ();
}
When email activate this error message "We had problems activating your account"
any problems my activate code..???
code give below..
'activate.php'
<?php
include 'core/init.php';
logged_in_redirect();
include 'includes/overall/header.php';
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
?>
<h2>Thanks, we've activated your account....</h2>
<p>You're free to Log in!</p>
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email = trim($_GET['email']);
$email_code = trim($_GET['email_code']);
if (email_exists($email) === false) {
$errors[] = 'Oops, something went wrong and we could\'t find that email address';
} else if (activate($email, $email_code) === false) {
$errors[] = 'We had problems activating your account';
}
if (empty($errors) === false) {
?>
<h2>Ooops...</h2>
<?php
echo output_errors($errors);
} else {
header('Location: activate.php?success');
exit();
}
} else {
header('Location: index.php');
exit();
}
include 'includes/overall/footer.php';
?>
Email link code given below:
*'user.php'*
The activate function returns false. Make sure you call it in the correct way and that it works as expected.