Hi
I have a login 'box' up in the top right hand corner of my web page. When someone logs in i want this to disappear and show a message and logout link. I have got this so far, but i cant seem to get it to work.
Login form
<div id="login">
<?
if(!$_SESSION['valid_user'] == 1) // If the user IS NOT logged in, forward them back to the login page
{
echo'<form method="post" action="login.php">
<fieldset>
<label for="email">Email:</label>
<input type="text" name="email" id="email" size="15" value="" />
<label for="password">Password:</label>
<input type="password" name="password" id="password" size="15" value="" />
<input type="submit" id="login-submit" value="Login" /><br />
<a href="#">Register</a>
<a href="#">Forgotten Password?</a>
</fieldset>
</form>';
}
else
{
echo "<p>Welcome you are logged in
<a href=\"logout.php\">Logout</a><p>";
}
?>
</div>
Login.php
<?php
$dbhost = "localhost"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "cocampdb"; // the name of the database that you are going to use for this project
$dbuser = "root"; // the username that you created, or were given, to access your database
$dbpass = ""; // the password that you created, or were given, to access your database
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
// set session variable that identifies valid user to 0 until user submits
// valid username and passwordusername
$_SESSION['valid_user'] = 0;
// a variable that will hold error message if needed
$msg = '';
// check wheter user has submitted a username and/or password
if(isset($_POST['email']) or isset($_POST['password'])) {
// if both username and password are submitted and not empty
if(isset($_POST['email']) and !empty($_POST['email']) and
isset($_POST['password']) and !empty($_POST['password'])) {
// asign posted values to variables and trim possible spacess before and
// after the strings
$email = mysql_real_escape_string($_POST['email']);
$password = md5(mysql_real_escape_string($_POST['password']));
// prepare query to select a user with submitted username and hashed
// submitted password (to check for the match)
$result = mysql_query("SELECT email, password2 FROM person WHERE email='$email' AND password2='$password'");
$num = mysql_num_rows($result);
// if mysqli_query was successful and if one row was returned from query
// we have a match, the username and password are OK
// (if no rows returned username and password did not match, if more than
// 1 row returned we have entered one user more times which is incorrect
if($num == 1) {
// set session variable that identifies valid user to 1
$_SESSION['valid_user'] = 1;
// redirect user to login_success.php page
header("location:index.php");
//just in case anything goes wrong from here end the script
die();
}
// if no rows are returned username and password did not match
// (or if more than 1 row returned we have entered one user many times
// which is incorrect)
else {
// again set session variable that identifies valid user to 0
$_SESSION['valid_user'] = 0;
// prepare error message
$msg = 'Please enter correct email and password!';
}
}
// if only username or only password was submitted
else {
// again set session variable that identifies valid user to 0
$_SESSION['valid_user'] = 0;
// prepare error message
$msg = 'Please enter correct email and password!';
}
}
?>
logout.php
<?php
session_start();
session_destroy();
header("Location:index.php");
?>