<?php
session_start();
if(isset($_SESSION['login']))
{
include_once('includes/header.php'); ?>
<!DOCTYPE html>
<html>
<body>
<div id="mainframe">
<img src="img/header.png">
<div id="menu">
<?php include_once('includes/navbar.php'); ?>
</div>
<div id="content">
<h3>Shopping Cart</h3>
</div>
</div>
<?php include_once('includes/footer.php'); ?>
</body>
</html>
<?php }
else
{
header('location: login.php');
}
?>
Here is my small PhP code I've got at the moment, my login session is $_SESSION['login'].
And I'd like to display : Logged in As on my page when they are logged in, I've tried several things but it didn't work out.
Does anyone know a simple method / solution for this?
Put this somewhere in your if statement.
It will show Logged in as User at right top corner of page
<div style="position:absolute; right:0px; top:0px;">
<?php echo "Logged In as". $_SESSION['login']; ?>
</div>
U need to pass username using SESSION variable for the same
write a simple sql query to get the username from any variable you are taking from user to make sure that the particular user is the correct user.i am taking password.
$query = "SELECT name FROM users WHERE password='$password'";
$username = mysql_result(mysql_query($query),0);
$_SESSION['username'] = $username;
than proceed as you are doing
<?php
session_start();
if(isset($_SESSION['login']) && isset($_SESSION['username']))
{
echo "logged in as".$_SESSION['username'];
}
Related
I'm doing a pop-up login in home page (home.php). It can log in at first but after I clicked on the logout button the whole page went blank says"localhost redirected you too many times" and now the home.php cannot be access unless removing the php code. Both login and logout are at the same page (home.php). Can anyone explain to me what's wrong? I'm still new to php.
Here's the code:
outside html
<?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header("location: home.php");
}
if (isset($_GET['logout'])) {
unset($_SESSION['username']);
header("location: home.php");
}
?>
<!DOCTYPE html>
inside body
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<!-- logged in user information -->
<?php if (isset($_SESSION['username'])) : ?>
<p>Welcome <strong><?php echo $_SESSION['username']; ?></strong></p>
<p> logout </p>
<?php endif ?>
this bug happens when the browser stuck in redirect loop. it's because of this code:
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header("location: home.php");
}
If user not logged in the user will redirect to home.php , then the page will run again and the browser because of not logged in must redirect again to same page.
You can use many solutions to solve this , But i think the best solution is use another php file for login actions.
Please try following code:
<?php
session_start();
if (empty($_SESSION['username']))
{
$_SESSION['msg'] = "You must log in first";
header("location: home.php");
}
if (isset($_GET['logout']))
{
unset($_SESSION);
session_destroy();
header("location: home.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<?php
if(!empty($_SESSION['username']))
{
//Print Some session values
}
else
{
//Login page code
}
?>
</body>
</html>
The issue maybe while destroying the session.
I am using this sessions logic if user is not admin so he don't have to get access admin page function is it good sessions logic? approach or should i use another one please guide me further.LOOK this index page i have some links have to access the other member then admin and all links for admin please tell me what links is in url component you are using
<?php
include "config.php";
session_start();
if( (!isset($_SESSION['username'])) && (!isset($_SESSION['type'])) ){
header('location:login.php');
}
if($_SESSION['type'] != 'Administrator')
{
header('location:index.php');
}
?>
index.php
<?php
include "config.php";
session_start();
if(!isset($_SESSION['username']))
{
header('location:login.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-3">
<div class="list-group">
Article
Categories
<?php
if($_SESSION['type']=='Administrator'){
?>
Media
tempelate
Setting
<?php
}else{
?>
Profile
<?php
}
?>
Logout
</div>
</div>
</body>
</html>
Since you want the user to not get access to the admin page, a slightly more robust check would be to probably first ascertain whether the current page is indeed admin.php. If yes, then type can be verified so as to know if it's indeed set to Administrator, before the access can be granted.
If it is not set or is set to something else, then the user may be taken back to index.php page.
<?php
include "config.php";
session_start();
$url_components = explode('/', $_SERVER['SCRIPT_NAME']);
$current_url = $url_components[count($url_components) - 1];
if(!isset($_SESSION['username'])){
header('location:login.php');
}
if(!($current_url == 'admin.php'
&& isset($_SESSION['type'])
&& $_SESSION['type'] == 'Administrator')){
header('location:index.php');
}
?>
This is my php code
<?php
require_once('../includes/config.php');
// include file to check, If current user loggedin or not
include('log-security.php');
require_once('../cs/includes/header.php');
if(in_array(cms_username, $allowedUsers))
{
$allowedUsers=['john', 'akhil'];
<div id="view8"></div>
}
?>
This is my div id code
<div id="view8" class="tabcontents">
<h3>Creation of files</h3>
</div>
Im new to PHP, Please help me to correct the code if its wrong .
while login only it should restrict the user.when allowed user is entered then the viewid should displayed for others it should not.
Try something like that :
<?php
require_once('../includes/config.php');
require_once('../cs/includes/header.php');
include('log-security.php');
$allowedUsers = array('john', 'akhil');
?>
<?php if (in_array('cms_username', $allowedUsers)): ?>
<div id="view8" class="tabcontents">
<h3>Creation of files</h3>
</div>
<?php endif; ?>
I need some links (related to user account) to appear on the index page for the user who logged in. i have a session variable'email'.
i did this but it didn't work.
<div id="left">
left div content
</div>
<div id=-"right">
<?php
if(isset($_SESSION['email']))
{
?>
//show user some links to his account.
<?php
}
else
{
?>
//show login and register forms
<?php
}
?>
</div>
<?php
session_start(); // add this line
if(isset($_SESSION['email']))
{
?>
Link to php manual.
your first statement within the
<?php
session_start();
//followed by rest of the code.
?>
should be
session_start();
Then the further code.
I have a login page which records the username that the user enters and adds it to a variable of $uname. However when the page after the login page loads, I cannot echo the $uname. For example, when i type
Welcome <?php echo $uname; ?>
it does not insert the username.
below is a copy of my login-validation code. but I am not sure if the $_SESSION variable is working correctly, or how to reference it in my profile.php file.
<?php
session_start();
$_SESSION['uname'] = $uname;
// Grab User submitted information
$uname = $_POST["uname"];
$pass = $_POST["pass"];
// Connect to the database
$con = mysql_connect("mysql.*********.co.uk","******","************");
// Make sure we connected succesfully
if(! $con)
{
die('Connection Failed'.mysql_error());
}
// Select the database to use
mysql_select_db("onedirectionaffection_members",$con);
$result = mysql_query("SELECT uname, pass FROM users WHERE uname = $uname");
$row = mysql_fetch_array($result);
if($row["uname"]==$uname && $row["pass"]==$pass)
header("Location: ../../profile/profile.php");
else
echo"Sorry, your credentials are not valid, Please try again.";
?>
If anyone could help I would be hugely thankful. Also, I am an absolute beginner at all of this so if you need anymore details I'll try my best to answer.
profile.php
<?php
session_start();
echo $_SESSION['uname'];
?>
<html>
<head>
<title>1D Affection</title>
<link rel="stylesheet" Type="text/css" href="../css/stylesheet.css" />
<link rel="stylesheet" Type="text/css" href="../css/font.css" />
<link rel="stylesheet" Type="text/css" href="../css/profile.css" />
</head>
<body bgcolor="white">
<div id="wrapperhead">
<div id="headcont">
<div class="logo">
<img src="../images/1DA logo ripped.png" height="150px">
</div>
<div class="subheading">
<img src="../images/1d subheading.png" height="150px">
</div>
</div>
</div> <!--END OF HEADER-->
<div id="nav">
<div class="navigation">
<ul>
<li><a class="nav" href="../index.html">Home</a></li>
<li><a class="nav" href="#">News</a></li>
<li><a class="nav" href="#">Fan-fiction</a></li>
<li><a class="nav" href="#">Gallery</a></li>
<li><a class="nav" href="#">Testimonials</a></li>
<li><a class="nav" href="http://www.onedirectionstore.com/" target="_blank">Store</a></li>
</ul>
</div> <!-- END OF MENU-->
<!-- END OF NAVIGATION-->
</div>
<div id="wrappercontent">
<div class="content">
<div class="maincont">
<div class="profcust">
<div class="profpic">
</div>
<div class="profinfo">
</div>
</div>
<div class="username">
Welcome <?php session_start(); echo $uname; ?>
</div>
<div class="story">
</div>
</div>
<div class="sidenav">
Coming Soon
</div>
</div><!--end of content-->
</div>
</body>
</html>
Seems like you haven't added session_start(); on top of your profile.php page.
Try like this
//profile.php
<?php
session_start();
echo $_SESSION['uname'];
This is probably a good part of the issue.
$_SESSION['uname'] = $uname;
$uname = $_POST["uname"];
Your setting your session's uname to blank on every load of that page. Put $_SESSION['uname'] = $uname; at the end of the code when it's validated.
1) You need to add a value to $uname first, then assign its value to $_SESSION element, so it's better be like this:
$uname = $_POST['uname'];
$_SESSION['uname'] = $uname;
or even like this:
$_SESSION['uname'] = $_POST['uname'];
2) As already mentioned, At profile.php you should also have session_start();
3) Make a clean exit like this:
header("Location: ../../profile/profile.php");
exit();
My bet is that it should be working fine after.
Some how, this is now working. From what I can figure out, the solution was to call in the $_SESSION variable, and then wrap that inside another variable. so
<?php
session_start();
$uname = $_SESSION['uname'];
?>
Thanks for all the help :D
session_start(); needs to be inside all pages using sessions.
I tested the following:
<?php
session_start(); // page_2.php
echo "Welcome " . $_SESSION['uname'];
?>
In conjunction with my test page: page_a.php
<?php
session_start();
$uname = "FRED";
$_SESSION['uname'] = $uname;
?>
CLICK
Echo'ed Welcome FRED on page 2.
I also noticed you have another instance of session_start(); in your page profile.php, remove it because you will be starting a new session while overwriting your first.
<div class="username">
Welcome <?php session_start(); echo $uname; ?>
</div>
Therefore you should be using:
$uname = $_SESSION['uname'];
in conjunction with:
<div class="username">
<?php echo "Welcome " . $_SESSION['uname']; ?>
</div>
As berkes stated in this comment you have a security issue:
$uname = $_POST["uname"];
$pass = $_POST["pass"];
Change it to:
$uname = mysql_real_escape_string($_POST['uname']);
$pass = mysql_real_escape_string($_POST['pass']);
MySQL_ functions are deprecated, therefore using MySQLi_ with prepared statements is highly suggested or PDO.
Do read the following articles:
How can I prevent SQL injection in PHP?
On owasp.org