I'm using a function for login. But when i change the page from my website, i have to login again. how can i keep my user logged in when i change my page? Here my code: <pre class="prettyprint"><code><?php error_reporting(0); if($_POST['login']=="") { ?> <form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" > <label><a>Utilizador</a><input type="text" name="login" id="s-user"></label> <label><a>Senha</a><input type="text" name="password" id="s-pass"></label> <input type="submit" class="submit" value="Entrar"> </form> <?php } else { ?> <?php include("classes/Utilizadores/Cliente.class.php"); if($_REQUEST['login']!="") { if($_REQUEST['password']!="") { $clientes = new Cliente(); if($clientes->verificarCliente($_REQUEST['login'], $_REQUEST['password'])) { echo " "; } else { echo " <a>Login ou senha errados, caso não tenha, <a href='criarconta.php'> registre-se</a>, <a>ou</a> <a href='index.php'>volte a tentar.</a></a> "; } $clientes->endCliente(); } else { echo "ERRO: Deve introduzir a sua password... "; } } else { echo "ERRO: Deve introduzir o seu login... "; } } ?> </code></pre> My function code: <pre class="prettyprint"><code>function verificarCliente($login, $password) { $sql = "SELECT * FROM users WHERE login LIKE '$login' AND password LIKE '$password'"; if(($rs=$this->bd->executarSQL($sql))){ if(mysql_fetch_row($rs)==false) { return false; } else { echo " <a>Bem-Vindo " .mysql_result($rs,0,"login")."</a> "; return true; } } else { return false; } } </code></pre>

Use <code>$_SESSION</code> Variables. http://www.php.net/manual/en/reserved.variables.session.php. They help you store variables you can access them from any other part of the website. On login success: 1) Query basic info like first name, last name, sex, birthday etc. 2) Save them in variables such as $first_name, $last_name etc. 3) Assign those variables to sessions like this: <pre class="prettyprint"><code>$first_name = $_SESSION['first_name']; $birthday = $_SESSION['birthday']; </code></pre> On logout, simply destroy the session with session_destroy(). So <code>$_SESSION['first_name']</code> would be the first name of the user that can be manipulated from anywhere on the code. EDIT: I quoted php.net instead of W3 school because a lot of people don't seem to like it.

PHP - How can i keep my user logged in?

I'm using a function for login.

But when i change the page from my website, i have to login again.

how can i keep my user logged in when i change my page?

Here my code:

<?php
error_reporting(0);
if($_POST['login']=="") {
?>
  <form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" >
    <label><a>Utilizador</a><input type="text" name="login" id="s-user"></label>
    <label><a>Senha</a><input type="text" name="password" id="s-pass"></label>
      <input type="submit" class="submit" value="Entrar">

  </form>


<?php
}
else {
?>
<?php
include("classes/Utilizadores/Cliente.class.php");


        if($_REQUEST['login']!="") {
            if($_REQUEST['password']!="") {

                            $clientes = new Cliente();
                            if($clientes->verificarCliente($_REQUEST['login'], $_REQUEST['password'])) {
                                echo "<br>";
                            } else {
                                echo "<br><a>Login ou senha errados, caso não tenha, <a href='criarconta.php'> registre-se</a>, <a>ou</a> <a href='index.php'>volte a tentar.</a></a><br>";
                            }
                            $clientes->endCliente();

            } else {
                echo "ERRO: Deve introduzir a sua password...<br>";
            }
        } else {
            echo "ERRO: Deve introduzir o seu login...<br>";
        }

}
?>

My function code:

function verificarCliente($login, $password) {
    $sql = "SELECT * FROM users WHERE login LIKE '$login' AND password LIKE '$password'";
    if(($rs=$this->bd->executarSQL($sql))){
        if(mysql_fetch_row($rs)==false) {
            return false;
        } else {

                                echo "<br><b> <a>Bem-Vindo <font size=2>" .mysql_result($rs,0,"login")."</font></b></a><br><br><br>";     

            return true;

        }
    }
    else {
        return false;
    }
}

How do users stay logged in?

Browsers will keep you logged in by using some sort of browser storage. (for example cookies or localStorage or...). This data is called session data. Html pages are stateless, that means when you refresh a page, all data that came from the server previously, are removed, and have to be requested again.

How can we preserve session in PHP?

$lifetime = 600; session_start (); setcookie( session_name (), session_id (), time ()+ $lifetime );

How does PHP keep track of sessions?

PHP allows us to track each visitor via a unique session ID which can be used to correlate data between connections. This id is a random string sent to the user when a session is created and is stored within the user's browser in a cookie (by default called PHPSESSID).

How do we check if a user is logged in PHP?

session_start(); Check if $_SESSION["loggedIn" ] (is not) true - If not, redirect them to the login page.

Use $_SESSION Variables. http://www.php.net/manual/en/reserved.variables.session.php. They help you store variables you can access them from any other part of the website.

On login success:

1) Query basic info like first name, last name, sex, birthday etc.

2) Save them in variables such as $first_name, $last_name etc.

3) Assign those variables to sessions like this:

$first_name = $_SESSION['first_name'];
$birthday = $_SESSION['birthday'];

On logout, simply destroy the session with session_destroy().

So $_SESSION['first_name'] would be the first name of the user that can be manipulated from anywhere on the code.

EDIT: I quoted php.net instead of W3 school because a lot of people don't seem to like it.

First off I would highly recommend not using the LIKE operator, use the = operator instead. Also I would recommend using parametrized quires. Also I would recommend hashing your user's passwords, salting them is a very good idea too.

Give these pages a read. There is good information here:

How can I prevent SQL injection in PHP?

Secure hash and salt for PHP passwords

crackstation.net supplies a free library for multiple languages and a good explanation.

But you need to keep track of the logged in user:

function verificarCliente($login, $password) {

        $sql = "SELECT * FROM users WHERE login = '$login' AND password = '$password'";
        if(($rs=$this->bd->executarSQL($sql))){
            if(mysql_fetch_row($rs)==false) {
                return false;
            } else {
                session_start();
                $the_username = // grab the username from your results set  
                $_SESSION['username'] = $the_username; 

                // put other things in the session if you like
                echo "<br><b> <a>Bem-Vindo <font size=2>" .mysql_result($rs,0,"login")."</font></b></a><br><br><br>";     

                return true;

            }
        }
        else {
            return false;
        }
    }

Now on other pages that require a user to be logged in

session_start();
if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {
      // redirect to your login page
      exit();
}

$username = $_SESSION['username'];
// serve the page normally.

PHP - How can i keep my user logged in?

Tags:

php

session

user2744048

People also ask

2 Answers

Eisa Adil

robbmj

Recent Activity

Donate For Us

PHP - How can i keep my user logged in?

Tags:

php

session

user2744048

People also ask

2 Answers

Eisa Adil

robbmj

Related questions

Recent Activity

Donate For Us