Session Management and Login Validation PHP

Question

PriteshP23 0 Posting Whiz in Training

11 Years Ago

I would like to solved out the SESSION part in ALL files. SESSION is not working properely anymore. In addition, i need to solved out the javascript errors.

Objective is to access the dashboard.php and other pages from LOGIN.php and CREATEACCOUNT.php WITH validation and SESSION. There are two files: login.php and createaccount.php, from which user comes to dashboard.php in both cases.

When user forgot the password, i need to send password by email AND save new password into the database. I have used md5 method. Please let me know password recovery by email. I have tried so many times to manage ALL the things. It is not working in expected manner.

// js.js
function validateForm()
{
    var testemail=document.forms["SignIn"]["txtEmail"].value;
    var atpos=testemail.indexOf("@");
    var dotpos=testemail.lastIndexOf(".");
    if (atpos<1 || dotpos<atpos+2 || dotpos+2>=testemail.length)
    {
        alert("Enter Valid Email");
        return false;
    }
    var testpwd=document.forms["SignIn"]["pwd"].value;
    if (testpwd==null || testpwd=="")
    {
        alert("Password must be filled out");
        return false;
    }  
    if(testpwd.length<6)
    {
        alert("Length must be >=6 "); 
        return false;
    }
}

function validatenewuser() 
{
    var testemail=document.forms["SignUp"]["txtEmail"].value;
    var atpos=testemail.indexOf("@");
    var dotpos=testemail.lastIndexOf(".");
    if (atpos<1 || dotpos<atpos+2 || dotpos+2>=testemail.length)
    {
        alert("Enter Valid Email");
        return false;
    }

    var testpassword=document.forms["SignUp"]["pwd"]["cnfmpwd"].value;
    var password = document.getElementById(pwd).value;
    var confirmpassword = document.getElementById(cnfmpwd).value;
    if (password == confirmpassword) 
    {
        alert("Password Match..!!");
        return false;
    } 
    else 
    {
        alert("Verify your password");
        return false;
    }
}

=================================================================================
//createaccount.php

<form method="post" name="SignUp" action="" onSubmit="return validate_newuser();">                   
    <table>
        <tr>
        <td> Your email address: </td>
        <td> <input type="text" id="txtEmail" name="txtEmail" required="required" /> </td>
        </tr>
        <tr>
        <td> Choose your Password: </td>
        <td> <input type="password" id="pwd" name="pwd" required="required" /> </td>
        </tr>
        <tr>
        <td> Confirm Password: </td>
        <td> <input type="password" id="cnfmpwd" name="cnfmpwd" required="required" /> </td>
        </tr>                    
    </table>
    <input type="submit" class="btnLogin" value="OK" style="display:inline-block; font-weight:bold; font-size:12px; margin-left:350px;" />
</form>          
=================================================================================
//login.php

<form method="post" name="SignIn" action="" onSubmit="return validateForm();">                           
    <table>
        <tr>
        <td> Enter your Email: </td>
        <td> <input type="text" name="txtEmail" /> </td>
        </tr>
        <tr>
        <td> Enter your Password:  </td>
        <td> <input type="password" name="pwd" autocomplete="off" /> </td>
        </tr>                
    </table>         
    <input type="submit" class="btnLogin" value="Go" style="display:inline-block; font-weight:bold; font-size:12px; margin-left:350px;" />

</form>  

=================================================================================
//dashboard.php  +  There are other pages like configure.php and profile.php

<?php
    session_start();
    include "config.php";  
    include kSERVERPATH."init.php";
?>
<html>
    <head>
        <script type="text/javascript" src="js.js" media="all" /></script>
    </head>
<body>

<?php
    $CON // connection works

    $txtEmail=$_POST['txtEmail'];
    $pwd=$_POST['pwd'];
    $cnfmpwd=$_POST['cnfmpwd'];
    $encrypt_password=md5($pwd);

    $query = " SELECT * FROM `users` WHERE `email` = '".$txtEmail."' ";
    $result = mysql_query($query);
    $NumResponse = mysql_num_rows($result);

    if($NumResponse>0)
    {
        echo "<script type='text/javascript'>\n";
        echo "alert('Already Registered..!! )\n";
        echo "</script>";
    }
    else if($pwd==$cnfmpwd)
    {          

        $query = "INSERT INTO `busyexpe`.`users` (`id_user`, `email`, `ref_lang`, `password`, `date_creation`, `date_updated`,          `pwdResetDate`) VALUES (NULL, '".$txtEmail."', '1', '".$encrypt_password."', NOW(), NOW(), NOW());" ;       
        $result = mysql_query($query) or die(mysql_error());;
        echo "<script type='text/javascript'>\n";
        echo "alert('Your account has been succesfully created..!!')\n";
        echo "</script>";
    }

=================================================================================

//logout.php

<?php
    session_start();
    session_destroy();
    header("Location: index.php");
?>

Thanks in advanced.

javascript php session

Edited 11 Years Ago by deceptikon because: Changed to discussion thread

4 Contributors
12 Replies
2K Views
3 Days Discussion Span
Latest Post 11 Years Ago Latest Post by PriteshP23

phorce 131 Posting Whiz in Training

11 Years Ago

What doesn't "work" you need be more specific!

Questions / points:

1) Does this even execute?

$CON // connection works

2) Don't use mysql_* these commands are being depreciated.

3) Where do you set the sessions? For example:

<?php
    session_start();
    $_SESSION['Phorce'] = "Phorce";


    echo "User: " . $_SESSION['Phorce'];

    session_destroy();

    echo "User: " . $_SESSION['Phorce'];

4) In "logout.php" if you want to destroy a session, why are you creating a new session just to destroy it? You create the session at the beginning of your script.

LastMitch

11 Years Ago

@PriteshP23

Objective is to access the dashboard.php and other pages from LOGIN.php and CREATEACCOUNT.php WITH validation and SESSION. There are two files: login.php and createaccount.php, from which user comes to dashboard.php in both cases.

I think it has something to do with your <form> that has javascript in it.

You really shouldn't combine javascript with php like that.

phorce 131 Posting Whiz in Training

11 Years Ago

@PriteshP23 - We have our own lives, and, we choose to help people. It is rude (and probably against the rules) to demand you want your code looking at and fixing. You haven't even told us what is going wrong (What are the error messages? If any..)

NOTE: We don't have your server, nor access to your database and we are not compilers / intepreters that can just read through your code and process it. TELL US what is going wrong with the code.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

PriteshP23 0 Posting Whiz in Training · Answer 1 · 2013-01-31T08:32:47+00:00

@phorce

$CON // I mean to say i have successfully connected with database. It is not executable.
I will chage it.
I am not sure for SESSION logic.
I will put only session_destroy(); header("Location: index.php"); in logout.php

Please correct the code. Thanks in advanced.

PriteshP23 0 Posting Whiz in Training · Answer 2 · 2013-01-31T08:34:33+00:00

@LastMitch

If you have ANY idea, do modification IN my code. I need urgent help in order to get the result.

PriteshP23 0 Posting Whiz in Training · Answer 3 · 2013-01-31T12:27:31+00:00

@LastMitch
@phorce

I need your urgent help. Please let me know IF you have find mistake or another way to do so.

PriteshP23 0 Posting Whiz in Training · Answer 4 · 2013-01-31T13:08:42+00:00

@phorce

I am sorry if i had demanded and take your more time.

I have already mentioned that there is a problem in SESSION & JavaScript. It is not displaying error. IF it has other errors, i had already put it with my code.

I would like to know my mistake when i tried to create a session. Nothing else i required.

LastMitch · Answer 5 · 2013-02-02T03:07:37+00:00

@PriteshP23

I am sorry if i had demanded and take your more time.

Like what phorce say regarding about members fixing codes.

It's a big No-No to demand members to fixed your code!

You really shouldn't post a another thread regarding about this issue:

http://www.daniweb.com/web-development/php/threads/446743/php-session-help

I find that very rude.

varma51 0 Newbie Poster · Answer 6 · 2013-02-02T04:46:05+00:00

in login.php there is no php code.just you are doing validation in javascript.
But You are saving the Register people data in database.but u r nt comparing the input email & password values with saved values from database..then how u r redirecting the user to dashboard .php

PriteshP23 0 Posting Whiz in Training · Answer 7 · 2013-02-02T12:32:40+00:00

@varma51

The thing is SESSION is not working. I have created session when user comes to dashboard.php page. I THINK Login page has nothing to do with session (php code).

I got the error:

Notice: Undefined index:

phorce 131 Posting Whiz in Training Featured Poster · Answer 8 · 2013-02-02T12:50:40+00:00

@PriteshP23 How do you expect SESSION to work, when you initialise a session, but, don't actually define anything as a session?

PriteshP23 0 Posting Whiz in Training · Answer 9 · 2013-02-03T16:17:12+00:00

I have to SET session. That was missing in my code. Thank you all for your time and help..!!

<?php
if(isset ($_POST['form_action3'])){
        if  ($_POST['register']=="register_me")
        {
            $txtEmail = $_POST['form_action'];
            $pswd = $_POST['pswd'];
            $cnfmpswd = $_POST['cnfmpswd'];
            $encrypt_password = md5($pswd);

            $query = "";
            $result = mysql_query($query);
            $NumResponse = mysql_num_rows($result); 
            if($NumResponse>0)
            {
                echo "<script type='text/javascript'>\n";
                echo "alert('Already Registered..!! )\n";
                echo "</script>";
            }
            else{  
                $query = "";        
                $result = mysql_query($query) or die(mysql_error());;
                echo "<script type='text/javascript'>\n";
                echo "alert('Your account has been succesfully created..!!')\n";
                echo "</script>";
                include "dashboard.php";
            }
        }
    }   
?>

<body>
<form method="post" name="SignUp" action="" onSubmit="return validatenewuser();">                    
    <div class="divLogin">
    <table>
    <tr>
    <td> Your email address: </td>
    <td> <input type="text" id="form_action" name="form_action"  required="required" /> </td>
    </tr>
    <tr>
    <td> Choose your Password: </td>
    <td> <input type="password" id="pswd" name="pswd" required="required" /> </td>
    </tr>
    <tr>
    <td> Confirm Password: </td>
    <td> <input type="password" id="cnfmpswd" name="cnfmpswd" required="required" /> </td>
    </tr>                    
    </table>
    </div>

    <br /><div id="message">Nothing else required.</div><br />
    <input type="hidden" name="register" value="register_me" />

    <input type="submit" class="btnLogin" name="form_action3" value="OK" />

</form>          

</body>