Hey guys at DaniWeb! I have spent a lot of time debugging this PHP/AJAX page, and it finally (sort of) works. Index.php can read and write to processLogin.php so I have a page that can log you in without refreshing the page. However, I cant figure out how to set a php session via the index.php page. I want to be able to process the login, if it is correct, then go to a new page that can read the php session again to authenticate if the person is logged in. Can you give me an idea how to do this? Here is my code for the two pages:

index.php:

<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
<title>
PHP Hardcoded Login Script!
</title>
<script>
function processLogin(form) {
	var user = form.user.value;
	var pass = form.pass.value;
	var url = "processLogin.php?user=" + user + "&pass=" + pass;
	
	if (window.XMLHttpRequest)
		{// code for IE7+, Firefox, Chrome, Opera, Safari
		xmlhttp=new XMLHttpRequest();
		}
	else
		{// code for IE6, IE5
		xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
		}
	
	xmlhttp.open("GET",url,false);
	xmlhttp.send(null);
	document.getElementById('loginStatus').innerHTML=xmlhttp.responseText;
	}
</script>
</head>
<body>

<a href="http://www.thatcompdude.com">ThatCompDude PHP Login</a>
<h1 class="pagetitle">Please enter your login information:</h1>
<form name="loginForm" action="" method="post">
<h3>User: </h3><input type="text" name="user" />
<h3>Pass: </h3><input type="password" name="pass" />
<br/>
<INPUT TYPE="button" NAME="submitButton" Value="Submit" onClick="processLogin(this.form)">
</form>
<div id="loginStatus"></div>
</body>
</html>

And here is the processLogin.php:

<?php
//processLogin.php
//Will return welcome message if login is correct, incorrect message if incorrect and set a cookie. 
?>
<html>
<body>
<?php
$user = $_GET["user"];
$pass = $_GET["pass"];

if($user == "admin" && $pass == "pass") {
	echo "<font color=\"green\">Correct Password!</font>";
	}
else {
	echo "<font color=\"red\">Incorrect!</font>";
	}

?>
</body>
</html>

Any help would be greatly appreciated!

In the form action you will have to have checklogin.php (this will check to see if a member has logged in successfully, then transfer to a login_sucess.php

Here is an example of the checklogin.php

<?php
ob_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

Here is an example of the login_success.php

<?
session_start();
if(!session_is_registered(myusername)){
header("location:somewhere.php");
}
?>

<html>
<body>

<?php

$user = $_GET["user"];

$pass = $_GET["pass"];

 
if($user == "admin" && $pass == "pass") {

echo "<font color=\"green\">Correct Password!</font>";

}

else {

echo "<font color=\"red\">Incorrect!</font>";

}
 

?>
</body>
</html>

Try this and tell me if it works : )

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.