So I'm trying to make a website but I'm stuck on the login no matter what I try I login go to the home page and immediately get logged out please help I really want to get this website up and running by the end of next year login.php
<?php
SESSION_START();
$_SESSION['uname'] = $uname; // Set the user's name.
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$pass = md5($pass);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
header("Location: home.php");
echo "You are now logged in.";
exit();
}else{
echo "Wrong username and password combination.";
}
}else{
$form = <<<EOT
<form action = "login.php" method = "POST">
Username: <input type = "text" name="uname"> <br />
Password: <input type = "password" name = "pass" /> <br />
<input type = "submit" name = "submit" value = "Login"/>
</form>
EOT;
}
echo $form;
?>e
Home.php
<?php
SESSION_START();
$_SESSION['uname'] = $uname; // Set the user's name.
if($uname){
echo $uname;
}
?>
<?php
if(!$uname){
?>
<a href="register">Register</a>
<a href="login">Login</a>
<?php
}
?>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>ArcheWorlds</title>
</head>
<body bgcolor="black">
<div class = "HomeNav">
<a href = "register.php">Register</a><!--class = "HomeNavButton"-->
|
<a href = "login.php">Login</a>
</div>
<p>Hello and welcome to Archeworlds!</p>
</body>
<div class="footer" style="border-top: 1px solid #FFFFFF padding-bottom: 10px margin-top: 150px"> <img `src="Pictures/Studio 8 (small).png">`
login_form.php
<?php
session_start();
if (isset($_SESSION['uname'])) {
$username = $_SESSION['uname'];
echo $username;
exit(); # Ready to go!
}
?>
<form action = "login.php" method = "POST">
Username: <input type = "text" name="uname"> <br />
Password: <input type = "password" name = "pass" /> <br />
<input type = "submit" name = "submit" value = "Login"/>
</form>
login.php
<?php
session_start();
$username = mysql_escape_string($_POST['uname']);
$pass = md5(mysql_escape_string($_POST['pass'])); ## This is *INCREDIBLY* insecure
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
$_SESSION['uname'] = $username;
header("Location: home.php"); # Ready to go!
exit();
}
else {
header('login_form.php'); # Failed
}
The simplest way to come up with a more secure password hash is to generate a salt for the database and then come up with an implementation of PBKDF2 using the PHP Manual Page for it
I think you need to make few changes in code:
login.php
<?php
if( isset( $_GET['action'] ) && $_GET['action'] == "logout") {
session_unset();
}
if(isset($_POST['submit'])){
SESSION_START();
$_SESSION['uname'] = $_POST['uname']; // Set the user's name.
require('config.php');
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$pass = md5($pass);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
header("Location: Home.php");
exit();
}else{
echo "Wrong username and password combination.";
}
} ?>
& Home.php will be like :
<?php
if( false == isset( $_SESSION['uname'] ) ) {
header("Location: login.php");
exit();
} ?>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>ArcheWorlds</title>
</head>
<body bgcolor="black">
<div class = "HomeNav">
<a href = "register.php">Register</a>|<a href = "login.php?action=logout">Logout</a>
</div>
<p>Hello and welcome to Archeworlds!</p>
<div class="footer" style="border-top: 1px solid #FFFFFF padding-bottom: 10px margin-top: 150px"> <img src="Pictures/Studio 8 (small).png">
</body>
Note: I haven't tested this code, But will work for you.
I recommend you to study this. http://www.homeandlearn.co.uk/php/php14p1.html . they have examples on Login Database with sessions for users..
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.