1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:25 pm May 1, 2026

Forum Moderators: coopster

Message Too Old, No Replies

problem in maintaining a session of logged in user

         

lindaonline15

5:48 pm on Sep 13, 2008 (gmt 0)

10+ Year Member



Im trying to create a login page all in php, that checks if there existed a session, will still show the welcome page, if not, should show the form to login.
it also should create a session so user can proceed to next pages which matches his/her level access.

this is the code for my login:

<html>
<head><title>Login</title>
</head>
<body>

<?php
if ($_SESSION['logged_in']){
print("Welcome $username!");
include "logout-button.php";
}
else{
//if(isset($_POST['html']))
echo stripslashes($_POST['html']);
}
?>

<form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
<table width="134" border="0" align="center"> <!--DWLayoutTable-->
<tr><tr class="user">
<td><span style="font-size:10pt;">Username:</span></td></tr>
<tr> <td><input name="username" type="text" size="14" maxlength="20" class="textfield_effect" onFocus="this.value=''"></td></tr>
<tr><td><span style="font-size:10pt;">Password:</span></td></tr>
<tr><td><input name="password" type="password" size="14" class="textfield_effect" onFocus="this.value=NUL"> </td></tr>

<tr><tr height="40"><td><p align="left"><input type="submit" name="submit" value="submit" class="button"> </p></td></tr>
</table></td>
</tr><tr> </tr>
</table>
</form>

<?php

//Connect to database

if(isset($_POST["submit"])){

include_once "connection.php";
include_once 'common.php';

session_start();
//ob_start();

$uid = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username'];
$pwd = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password'];

$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);

$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";

if ($_POST[username]&&$_POST[password]) $result=mysql_query($query);

if (mysql_num_rows($result) == 0) {
unset($_SESSION['username']);
unset($_SESSION['password']);
echo "Bad Login";
include "not-login-warning.html";

} else {
$row = mysql_fetch_assoc($result);
$_SESSION['logged_in'] = TRUE;
print("Welcome $username!");
include_once "logout-button.php";
}
}
?>

</body>
</html>

then i have a checklogin page that checks users login accesses.
the thing is, the $session['logged_in'] seems not working. because when logging in, it shows the form and bottom of it the welcome. means it just passes the if, and shows the welcome that is being ECHOed in last lines of the code after analyzing the login data.

I'm quite blur in suing sessions. should use something to get the session data file? because I saw this somewhere:

// get session id of an existing session
$sid = $_GET['sid'];

// start the old session to retrieve $_SESSION data
session_id($sid);
session_start();

eelixduppy

4:56 am on Sep 15, 2008 (gmt 0)



You need to start the session before you check for existence. It would be something like this: 

session_start();
if (iseet($_SESSION['logged_in'])){
# etc...

Try to make that change and see if it works. You'll also need to remove the session_start() function call later in the script for this to work properly.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:25 pm May 1, 2026