Menu
I'm using a function for login.
But when i change the page from my website, i have to login again.
how can i keep my user logged in when i change my page?
Here my code:
<?php
error_reporting(0);
if($_POST['login']=="") {
?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" >
<label><a>Utilizador</a><input type="text" name="login" id="s-user"></label>
<label><a>Senha</a><input type="text" name="password" id="s-pass"></label>
<input type="submit" class="submit" value="Entrar">
</form>
<?php
}
else {
?>
<?php
include("classes/Utilizadores/Cliente.class.php");
if($_REQUEST['login']!="") {
if($_REQUEST['password']!="") {
$clientes = new Cliente();
if($clientes->verificarCliente($_REQUEST['login'], $_REQUEST['password'])) {
echo "<br>";
} else {
echo "<br><a>Login ou senha errados, caso não tenha, <a href='criarconta.php'> registre-se</a>, <a>ou</a> <a href='index.php'>volte a tentar.</a></a><br>";
}
$clientes->endCliente();
} else {
echo "ERRO: Deve introduzir a sua password...<br>";
}
} else {
echo "ERRO: Deve introduzir o seu login...<br>";
}
}
?>
My function code:
function verificarCliente($login, $password) {
$sql = "SELECT * FROM users WHERE login LIKE '$login' AND password LIKE '$password'";
if(($rs=$this->bd->executarSQL($sql))){
if(mysql_fetch_row($rs)==false) {
return false;
} else {
echo "<br><b> <a>Bem-Vindo <font size=2>" .mysql_result($rs,0,"login")."</font></b></a><br><br><br>";
return true;
}
}
else {
return false;
}
}
433
Browsers will keep you logged in by using some sort of browser storage. (for example cookies or localStorage or...). This data is called session data. Html pages are stateless, that means when you refresh a page, all data that came from the server previously, are removed, and have to be requested again.
$lifetime = 600; session_start (); setcookie( session_name (), session_id (), time ()+ $lifetime );
PHP allows us to track each visitor via a unique session ID which can be used to correlate data between connections. This id is a random string sent to the user when a session is created and is stored within the user's browser in a cookie (by default called PHPSESSID).
session_start(); Check if $_SESSION["loggedIn" ] (is not) true - If not, redirect them to the login page.
Use $_SESSION Variables. http://www.php.net/manual/en/reserved.variables.session.php. They help you store variables you can access them from any other part of the website.
On login success:
1) Query basic info like first name, last name, sex, birthday etc.
2) Save them in variables such as $first_name, $last_name etc.
3) Assign those variables to sessions like this:
$first_name = $_SESSION['first_name'];
$birthday = $_SESSION['birthday'];
On logout, simply destroy the session with session_destroy().
So $_SESSION['first_name'] would be the first name of the user that can be manipulated from anywhere on the code.
EDIT: I quoted php.net instead of W3 school because a lot of people don't seem to like it.
123
First off I would highly recommend not using the LIKE operator, use the = operator instead. Also I would recommend using parametrized quires. Also I would recommend hashing your user's passwords, salting them is a very good idea too.
Give these pages a read. There is good information here:
How can I prevent SQL injection in PHP?
Secure hash and salt for PHP passwords
crackstation.net supplies a free library for multiple languages and a good explanation.
But you need to keep track of the logged in user:
function verificarCliente($login, $password) {
$sql = "SELECT * FROM users WHERE login = '$login' AND password = '$password'";
if(($rs=$this->bd->executarSQL($sql))){
if(mysql_fetch_row($rs)==false) {
return false;
} else {
session_start();
$the_username = // grab the username from your results set
$_SESSION['username'] = $the_username;
// put other things in the session if you like
echo "<br><b> <a>Bem-Vindo <font size=2>" .mysql_result($rs,0,"login")."</font></b></a><br><br><br>";
return true;
}
}
else {
return false;
}
}
Now on other pages that require a user to be logged in
session_start();
if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {
// redirect to your login page
exit();
}
$username = $_SESSION['username'];
// serve the page normally.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
