PHP - How can i keep my user logged in?
Question
I'm using a function for login.
But when i change the page from my website, i have to login again.
how can i keep my user logged in when i change my page?
Here my code:
<?php
error_reporting(0);
if($_POST['login']=="") {
?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" >
<label><a>Utilizador</a><input type="text" name="login" id="s-user"></label>
<label><a>Senha</a><input type="text" name="password" id="s-pass"></label>
<input type="submit" class="submit" value="Entrar">
</form>
<?php
}
else {
?>
<?php
include("classes/Utilizadores/Cliente.class.php");
if($_REQUEST['login']!="") {
if($_REQUEST['password']!="") {
$clientes = new Cliente();
if($clientes->verificarCliente($_REQUEST['login'], $_REQUEST['password'])) {
echo "<br>";
} else {
echo "<br><a>Login ou senha errados, caso não tenha, <a href='criarconta.php'> registre-se</a>, <a>ou</a> <a href='index.php'>volte a tentar.</a></a><br>";
}
$clientes->endCliente();
} else {
echo "ERRO: Deve introduzir a sua password...<br>";
}
} else {
echo "ERRO: Deve introduzir o seu login...<br>";
}
}
?>
My function code:
function verificarCliente($login, $password) {
$sql = "SELECT * FROM users WHERE login LIKE '$login' AND password LIKE '$password'";
if(($rs=$this->bd->executarSQL($sql))){
if(mysql_fetch_row($rs)==false) {
return false;
} else {
echo "<br><b> <a>Bem-Vindo <font size=2>" .mysql_result($rs,0,"login")."</font></b></a><br><br><br>";
return true;
}
}
else {
return false;
}
}
3 answers
solution1
4 2013-12-14 16:16:43
Use $_SESSION Variables. http://www.php.net/manual/en/reserved.variables.session.php . They help you store variables you can access them from any other part of the website.
On login success:
1) Query basic info like first name, last name, sex, birthday etc.
2) Save them in variables such as $first_name, $last_name etc.
3) Assign those variables to sessions like this:
$first_name = $_SESSION['first_name'];
$birthday = $_SESSION['birthday'];
On logout, simply destroy the session with session_destroy().
So $_SESSION['first_name'] would be the first name of the user that can be manipulated from anywhere on the code.
EDIT : I quoted php.net instead of W3 school because a lot of people don't seem to like it.
solution2
2 2013-12-14 16:16:20
You are not saving the state of a user. You should save the state of a user in a session and retrieve on the next page.
Please review http://www.w3schools.com/php/php_sessions.asp
solution3
2 ACCPTED 2013-12-14 16:23:28
First off I would highly recommend not using the LIKE operator, use the = operator instead. Also I would recommend using parametrized quires. Also I would recommend hashing your user's passwords, salting them is a very good idea too.
Give these pages a read. There is good information here:
How can I prevent SQL injection in PHP?
Secure hash and salt for PHP passwords
crackstation.net supplies a free library for multiple languages and a good explanation.
But you need to keep track of the logged in user:
function verificarCliente($login, $password) {
$sql = "SELECT * FROM users WHERE login = '$login' AND password = '$password'";
if(($rs=$this->bd->executarSQL($sql))){
if(mysql_fetch_row($rs)==false) {
return false;
} else {
session_start();
$the_username = // grab the username from your results set
$_SESSION['username'] = $the_username;
// put other things in the session if you like
echo "<br><b> <a>Bem-Vindo <font size=2>" .mysql_result($rs,0,"login")."</font></b></a><br><br><br>";
return true;
}
}
else {
return false;
}
}
Now on other pages that require a user to be logged in
session_start();
if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {
// redirect to your login page
exit();
}
$username = $_SESSION['username'];
// serve the page normally.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.