The Way to Programming
The Way to Programming
Basically, I’m really struggling with my code right now.
I need to login with a username via a form using PHP sessions, which will then be shown on the page after you login.
“Login” usually means there’s a password (or rather, one-way-encoded password, like a hash) that get’s compared to user provided password (or rather, the userpass gets to be encoded using the same algorithm, and then compared).
So:
– HTML form sends data to the server
– PHP gets the data as POST
– you get the username and search if there is actually a user with that name,
– if not – error out with “no username or password wrong” – usually you don’t want to giveaway that the provided username is valid
– if so – you extract (from database?) some basic details, amongst that there’s encoded pass *
– you encode provided password using the same algorithm used at registration
– you compare the two and if their different you error out
– if pwd is valid, you set some session variables and show success page
on whatever other page you just start session and see if your session variables are set – if so, the user was logged in. Of course then you can add validation, maybe the user had different IP, browser/special cookie last request? If so, it’s possible (but not surely!) that it’s a session hijack taking place. But you can read about that on your own. Wink
*) this is actually usually the point were you either get some valid data back, or not, and you know if username is valid. I’ve split it to steps for clarity.
So, I don’t usually provide source code as I prefer to let others do the studying themselves but just provide tips.
I assume you have your HTML code setup, if not, please learn HTML before proceeding to PHP.
Then, one you have your form pointing to the php script you can do:
some_other_page.php:
Please note this code is untried and untested, so I have no idea if this actually works (been a long time since I did non-OOP PHP).
Hope this helps and use it as a basis for growing your knowledge.
on top of the page :
session_start();
then you can read out the username on the same page via :
$username=$_POST['username'];
and assign it to a session variable :
$_SESSION['username']=$username;
or read it directly into the session variable :
$_SESSION['username']=$_POST['username'];
Then, for the entire validity for the session you can pull up the username via :
echo $_SESSION['username'];
Have you got this straighten out yet if not here is a small solution to your question:
Hello =$_SESSION['username'];?>, Welcome to this securecd area of my page
Here is other cool stuff you can do here
Logout - Yep you can do that too.Sign in to your account