i have a html login form on my site that submits to login.php.
within login.php is a header redirect with a session message which echo's out onto the next page home.php.
what i am trying to do is make it so that this message only runs once and doesnt show again until the user logs in again. at the moment what is happening is the message is showing on each page refresh.
can someone please show me what i can do to sort this, thanks.
code in login.php:
<?php
if (logged_in())
{
$_SESSION['login_message']="<div class=\"login-overlay\">
<h1>Login You In Securely</h1>
</div>";
header("Location:home.php");
}
?>
code in home.php:
<?php session_start();
if(isset($_SESSION['login_message'] ))
echo $_SESSION['login_message'];
unset($_SESSION['loginframe2']) ;
?>
Simply unset the login message once it has been displayed.
if(isset($_SESSION['login_message'] )) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
Now if a user has seen the message, it won't be in the session anymore. And once he logs in again, login.php will set the variable again.
Just use and track a variable like $_SESSION['message_displayed']. Set it to true when you first display the message, and only display it if !array_key_exists('message_displayed', $_SESSION)
Related
<?php
session_start();
if(isset($_SESSION['login_user'])) {
require_once('logged.html');
} else {
require_once('notlogged.html');
}
?>
This code works fine when I login directly from the login page, but when I start from the homepage, then a href to the login page, login, it still shows the notlogged.html.
But when I start from the login page, I can login and get to logged.html, go to the signout page and destroy my session, which lands me to the notlogged.html, then login again to the logged.html.
So basically, it works perfectly when I enter from login.php, but not when I enter from index.php. Any idea why this might be?
question isn't clear, 1st of all check whether session created while login from any page, its simple after creating session variable, make alert using JS
alert("$_SESSION['login_user']");
how do i create the below php that the user stays on the index page after logging in ? It seems it will direct the user to the logonprocess.php after clicking the submit button.
I'm also trying to find out how will the logout button appear after the user login successfully. The logout will also need to work the same as login which will stay on the same page.
I have read that ajax was one way but i have not yet read or understand ajax. I'm still trying to learn on the php portion first.
Index.php
<?php
ini_set("session.save_path", "sessionData");
session_start();
?>
<?php if (!isset($_SESSION['uName'])) { ?>
<form method="post" action="logonProcess.php">
<div>Username <input type="text" name="userName" placeholder="Username"></div>
<div>Password <input type="password" name="pwd" placeholder="Password"></div>
<div><input type="submit" value="Logon"></div>
</form>
<?php } else { }?>
<?php if (isset($_SESSION['uName'])) {
$username = $_SESSION['uName'];
echo "<p>Welcome $username</p>\n";
?>
Logout
<?php } else { }?>
Logout.php
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
header("Location: index.php"); // Redirecting To Home Page
}
?>
At the end of your logonProcess.php file:
header('Location: index.php');
If you login from different pages use the $_SERVER['HTTP_REFERER'] variable.
header('Location: ' . $_SERVER['HTTP_REFERER']);
If you want to redirect somewhere after a certain script has been executed you could ofcourse always use PHP's header() function which allows you to specify a Location which would look like this
header('Location: index.php');
After that your part two of the question is "How do I remove the logout button when the user login successfully?" I think with login you must mean logout since you'll want to be able to actually logout once logged in.
To do this you check wether or not a $_SESSION
A $_SESSION in PHP is simply an array containing values that are remembered across page reloads so as you can imagine - it is a very good place to store your user ID.
The reason that usually just an ID is saved is so that while a hacker might still be able to compromise your users' cookie he / she will not be able to see any data he / she shouldn't have like a password, email address, phone number etcetera so all damage done will be on the website itself, not the users personal life ^.^
When you create a $_SESSION in PHP you simply set it in your logonProces.php file after all the authentication checks for the user passed.
This would look something like this (semi-psuedo code)
if ($user_verified_in_db) {
$_SESSION['user'] = $user['ID']; //note - non of this will probably exist yet in your script, DONT use it its an EXAMPLE.
header('Location: index.php');
}
The above snippet should be placed somewhere appropiate in the procesLogon.php file so that the session will be set.
Now in HTML you'll have a link somehwere right?
Logout
Imagine that is your link being displayed somewhere on the page, now what you want to do is check if the $_SESSION['user'] is set using isset().
Your code would look something like this:
<?php if (isset($_SESSION['user'])) { ?>
Logout
<?php } ?>
this will check if the session is set or not, if it isn't set it won't display the link, if it is it will since you'll need an option to logout.
NOTE this is psuedo code - you still have to build this construction using your variables and your login script, my tiny piece of code doesn't do anything for you at that except show you an example of how this is commonly handled.
Good luck!
EDIT (5-11-2015)
As per the comment of the OP,
If you want to hide items in general, like the logout link example above, all you have to do is wrap the divs you want to hide in the if statement.
e.g.
<?php if (isset($_SESSION['user'])) { ?>
<!-- this can be any HTML element showing stuff for logged in users. -->
<?php } ?>
when you wrap elements within this if statement - if you check the expression: isset($_SESSION['user']) - it will evaluate to true if $_SESSION['user'] is set which you are in your login script.
You can keep reusing this check whenever and wherever you need to show / hide elements from the user.
if you would put a ! (exclamation mark) in front of the expression so that it turns out like this: !isset($_SESSION['user']) you reverse the process so if you have the following statement
<?php if (isset($_SESSION['user'])) { ?>
<!-- everything here is shown when user is logged in -->
<?php } else { ?>
<!-- everything here is shown when user is logged out -->
} ?>
this is the positive if check checking if your user is logged in or not, you can decide to put in the else for what to do when the user isn't logged in but you can also modify the expression slightly to reverse or invert the situation e.g.
<?php if (!isset($_SESSION['user'])) { ?>
<!-- everything here is shown when user is logged out -->
<?php } else { ?>
<!-- everything here is shown when user is logged in -->
} ?>
for instance. This will allow you to gain control over what users see on your webpages, use them whenever you need to show or hide something.
Also note that the else clause is ofcourse, optional and doesn't have to be included, you can use the ! example without the else as well as the one without the exclamation mark.
You can put this code end of php file logonprocess.php too.
echo "<script>window.location='index.php'</script>"
You will have to add the echo "<script>window.location=\'index.php\'</script>" to an if/else statement within your logonProcess.php so that once they "submit" the information it processes and redirects to index.php.
When I signed in and click on logout button, it successfully logs me out and returns back to normal, i.e. with login form presented. Perfect!
However, if I sign in and go to another page (which contains session_start();) and then click on a link to return me back to the login page, and then click on the logout button, but this time it even though it logs me out, but username and logout button still stays on the page until I hit refresh.
Logout:
<?php
session_start();
session_unset();
session_destroy();
header('Location: login.php');
exit();
?>
Login page:
<?php session_start();
if(empty($_SESSION['email'])) ?>
...html form...
}else { echo 'logout';
}
I'm not too sure where the problem lies since logout works perfectly when I'm on the same page, but when I return it partially works.
EDIT: I even tried adding header("Refresh:0; url=login.php"); in logout but somehow it doesn't work. I need to manually click on refresh button to change back the webpage to logged out view.
This is probably a caching problem. Even after the redirect to index.php, if index.php was cached by the browser, it will display the same info. So in your index.php put:
header('Cache-Control: no-cache,must-revalidate',true);
To make the browser not cache it.
The php manual recommends this process:
session_start();
$_SESSION = array();
session_destroy();
header( "location: index.php");
when the user logs in, their name gets saved into a session variable called 'name'. All pages should display the user's name if logged in, or a link to log in if the user is not logged in. I have tried the following code in the pages that require this feature, however I am just shown a white screen and I cant figure out where the error may be.
<?php if ( isset( $_SESSION['name'] )){ ?>
<p>Welcome back <?php echo $_SESSION['name'];?></p>
<?php} else{?>
Login <?php } ?>
EDIT: session has been started on the pages
Seems an erro at Line 3. You have missed spaces after open php tag
<?php } else{ ?>
^ ^
Have you added session_start() at start of your page?
This problem could be caused by not using session_start() before accessing $_SESSION[''].
I have a site that displays two different versions of a navigation section depending on if a user is logged in or not.
<?php
if(isset($_SESSION['myusername'])){
echo 'Log Out';
}else{
echo 'Sign Up';
}
?>
The problem happens when a user is logged in and then closes the browser without logging out (and assuming they don't clear cache/cookies on browser exit).
When they open their browser later and come back to the site, the navigation displays as if they're not logged in. If they then click a link elsewhere on the site, i.e. My Account, the navigation then changes to show that they are logged in.
Any ideas what could be causing this? I'd like the navigation to show that they're logged in immediately upon coming back to the site.
First thing, check session_start() appears on your pages before any html, even the !DOCTYPE rule.
Now, on your index page add this:
<?php
session_start();
if(isset($_SESSION['username'])){
header("location: home.php"); // or whatever page you want your users to be redirected to...
}else {
?>
// here your html page should start
<html><head></head><body>
// all the DOM elements on your page
</body></html>
<?php
} // closing end of the else block started above
?>
Must be as below.
ob_start();
session_start();
//code to check session and other
ob_start() is for omitting header already sent error.