Hi

I have a login 'box' up in the top right hand corner of my web page. When someone logs in i want this to disappear and show a message and logout link. I have got this so far, but i cant seem to get it to work.

Login form

<div id="login">
<?
if(!$_SESSION['valid_user'] == 1) // If the user IS NOT logged in, forward them back to the login page
{
echo'<form method="post" action="login.php">
<fieldset>
<label for="email">Email:</label>
<input type="text" name="email" id="email" size="15" value="" />
<label for="password">Password:</label>
<input type="password" name="password" id="password" size="15" value="" />
<input type="submit" id="login-submit" value="Login" /><br />
<a href="#">Register</a>
<a href="#">Forgotten Password?</a>
</fieldset>
</form>';
}
else
{
echo "<p>Welcome you are logged in
<a href=\"logout.php\">Logout</a><p>";
}
?>
</div>

Login.php

<?php
$dbhost = "localhost"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "cocampdb"; // the name of the database that you are going to use for this project
$dbuser = "root"; // the username that you created, or were given, to access your database
$dbpass = ""; // the password that you created, or were given, to access your database

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
// set session variable that identifies valid user to 0 until user submits
// valid username and passwordusername
$_SESSION['valid_user'] = 0;

// a variable that will hold error message if needed
$msg = '';

// check wheter user has submitted a username and/or password
if(isset($_POST['email']) or isset($_POST['password'])) {

    // if both username and password are submitted and not empty
    if(isset($_POST['email']) and !empty($_POST['email']) and
       isset($_POST['password']) and !empty($_POST['password'])) {

        // asign posted values to variables and trim possible spacess before and
        // after the strings
		$email = mysql_real_escape_string($_POST['email']);
		$password = md5(mysql_real_escape_string($_POST['password']));	

        // prepare query to select a user with submitted username and hashed
        // submitted password (to check for the match)
		$result = mysql_query("SELECT email, password2 FROM person WHERE email='$email' AND password2='$password'");
		$num = mysql_num_rows($result);

        // if mysqli_query was successful and if one row was returned from query
        // we have a match, the username and password are OK
        // (if no rows returned username and password did not match, if more than
        // 1 row returned we have entered one user more times which is incorrect
        if($num == 1) {

            // set session variable that identifies valid user to 1
            $_SESSION['valid_user'] = 1;

            // redirect user to login_success.php page
            header("location:index.php");

            //just in case anything goes wrong from here end the script
            die();
        }

        // if no rows are returned username and password did not match
        // (or if more than 1 row returned we have entered one user many times
        // which is incorrect)
        else {

            // again set session variable that identifies valid user to 0
            $_SESSION['valid_user'] = 0;

            // prepare error message
            $msg = 'Please enter correct email and password!';
        }
    }

    // if only username or only password was submitted
    else {

        // again set session variable that identifies valid user to 0
        $_SESSION['valid_user'] = 0;

        // prepare error message
        $msg = 'Please enter correct email and password!';
    }
}
?>

logout.php

<?php 
session_start();
session_destroy();
header("Location:index.php"); 
?>
Member Avatar for diafol

Is this your own script? If not, go to the author.

Is anything actually being set to your session? Use var_dump to check your session variables have values:

var_dump($_SESSION);

If they have then try changing

if(!$_SESSION['valid_user'] == 1)

to:

if(!isset($_SESSION['valid_user']) || $_SESSION['valid_user'] !=1)
<?php
error_reporting(E_ALL ^ E_NOTICE);
if(isset($_POST))
{
$uname = "admin";          // Default usename, password set , you may change this as your style
$pword = "admin";
$username = $_POST;
$password = $_POST;
if($username == $uname && $password == $pword)
{
session_start();
$_SESSION = $username;
}
else
{
$msg = 'Log In Failed';
}}
if(isset($_GET))
{
unset($_SESSION);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>


<body>
<?php
if(!isset($_SESSION))
{
?>
<form action="<?php $_SERVER; ?>" method="post"> <?php // change this for as per your changes or as login menu?>
<table align="center" cellspacing="10">
<tr>
<th align="left">Log In</th>
</tr>
<tr>
<td colspan="2" align="center"><?php echo $msg; ?></td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="LogIn" /></td>
</tr>
</table>
</form>
<?php
}
else
{
?>
<p style="background:#0099FF; float:left; color:#FFFFFF; font-weight:bold; font-family:Georgia, Tahoma, sans-serif;">Hai gunnerone this the simple page , the user was logged in  and his name is - <?php echo $_SESSION; ?></p>
<p style="float:right; background:#FF9900;"><a href="login.php?logout" style="text-decoration:none; color:#000000; font-family:Georgia, Tahoma, sans-serif;">Logout</a></p>
<?php } // i created this as a simple page for easy 2 understand?>
</body>
</html>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.