i am trying to make a login script... i have successfully made the registration part...
i have also managed to compare the entered username/password with the usernames/passwords stored in the database...
the problem is, after making sure that the username/password entered is correct, how do i tell each page that this user is logged in? if not logged in, then the page will be redirected to a new page.
i have read somewhere that i can use sessions with this. but i just could not grasp the idea. perhaps a code sample with my current script would work.
thanks
loginpage.php = has the forms
register.php = action of the registration form
login.php = action of the login page, this is the part i am having problems with...
loginpage.php
<form name="form1" method="POST" action="login.php">
<p>If you are not yet a member, sign-up here:<br>
username:
<input name="username" type="text" maxlength="12">
<br>
password:
<input name="password" type="password" maxlength="8">
</p>
<p>
<input type="submit" name="Submit2" value="Submit">
</p>
</form>
<hr> <form name="form1" method="POST" action="register.php">
<p>If you are not yet a member, sign-up here:<br>
username:
<input name="regusername" type="text" maxlength="12">
<br>
password:
<input name="regpassword" type="password" maxlength="8">
<br>
email:
<input name="regemail" type="text" maxlength="25">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
register.php
include "config.php";
//contains defined DBHOSTS, etc...
$user = $HTTP_POST_VARS['regusername'];
$pass = $HTTP_POST_VARS['regpassword'];
$email = $HTTP_POST_VARS['regemail'];
// check if fields are empty
if (trim($pass) == "" OR trim($user) == "" OR trim($email) == "")
{
echo "Please go back and fill up all fields";
exit();
}
// Connect to MySQL
mysql_connect(DBHOST,DBUSER,DBPASSWORD)
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db(USERDB)
or die ( 'Unable to select database.' );
//check if username and email exists
$search="SELECT username,email FROM ".USERTABLE." WHERE username='$user' OR email='$email'";
$result = mysql_query($search) or dir ('Unable to execute search query');
$num = mysql_numrows( $result );
if ( $num != 0 )
{
echo "Username or email is in use";
exit();
}
// Formulate the query for database entry
$q = "INSERT INTO ".USERTABLE." (username,password,email) VALUES ('$user', '$pass', '$email')";
// Execute the query and put results in $result
mysql_query($q) or die ( 'Unable to execute query.' );
echo "You are now a member";
//mysql_free_result($result);
login.ph
<?php
include "config.php";
$user = $HTTP_POST_VARS['username'];
$pass = $HTTP_POST_VARS['password'];
// check if fields are empty
if (trim($pass) == "" OR trim($user) == "")
{
echo "Please go back and fill up all fields";
exit();
}
// Connect to MySQL
mysql_connect(DBHOST,DBUSER,DBPASSWORD)
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db(USERDB)
or die ( 'Unable to select database.' );
// Formulate the query for database entry
$q = "SELECT username,password FROM ".USERTABLE." WHERE username='$user' AND password='$pass'";
// Execute the query and put results in $result
$result = mysql_query($q) or die ( 'Unable to execute query.' );
$num = mysql_numrows( $result );
if ( $num != 0 ) {
echo "\tYou are a member";
echo "\tWelcome... sessions will be set... etc...";
//problem here...
session_start();
$_SESSION['User'] = $user;
$_SESSION['Password'] = $pass;
$SID = session_id();
}
else
{
echo "\tCheck your password or username. Press Back.";
}
?>
thats about it...
thank you guys for your help
