« previous next »
Pages: [1]

Author Topic: log-in/out operations  (Read 428 times)

0 Members and 1 Guest are viewing this topic.

Offline halm1985Topic starter

  • Enthusiast
  • Posts: 58
    • View Profile
log-in/out operations
« on: May 31, 2007, 07:33:06 AM »
I have three questions :

1) How to execuse an SQL query when a user clicks a specific link

2) How can i execuse an SQL query upon broswer window close

2) When a users logs into his page .. an attribute in his credentials record (named "logged" ) is changed to 1 to indicate that he's logged in now, what i need to do .. is to restrict access to all other pages based on the value of this attribute ..

in other words ..

When a user opens any page, do the following

SLELECT Logged FROM Credenials
Where id = $loginusername

If logged = 1
then Open page

If logged = 0
then go to Log-in.php



   

Logged

Offline chrisprse

  • Enthusiast
  • Posts: 257
    • View Profile
Re: log-in/out operations
« Reply #1 on: May 31, 2007, 09:44:48 AM »
Personally I feel sessions would be far easier.

You wouldn't need to worry about executing a MySQL query on the brower window closing. You can then add a piece of code at the top of each page to see if the session is set. If so, let them view the page. If not, direct them to the login form.

Chris.
Logged

Offline halm1985Topic starter

  • Enthusiast
  • Posts: 58
    • View Profile
Re: log-in/out operations
« Reply #2 on: May 31, 2007, 10:17:57 AM »
Sorry but i'm a beginner .. can you show me how exactly should the code look like ?
Logged

Offline chrisprse

  • Enthusiast
  • Posts: 257
    • View Profile
Re: log-in/out operations
« Reply #3 on: May 31, 2007, 10:32:38 AM »
You would need a form that can collect a username and password.

You then need a table called 'members' which stores the usernames and md5 passwords of all members.

When they submit the login form you check the details supplied against those in the database. If all is correct you create a "loggedIn" session as well as storing their username and md5'd password in a session.

There are better ways of going about this but it's a quick example to show you!

Code: [Select]
<?php
if(isset($_POST['login'])) {
$username $_POST['username'];
 $password md5($_POST['password']);
$result mysql_query("select * from `members` where `username` = '$username'");
if(mysql_num_rows($result) == 0) {
$error 1;
 $message "The username you entered does not exist.";
}
else {
$a_row mysql_fetch_array($result);
if($password != $a_row['password']) {
$error 1;
 $message "The password you entered is incorrect.";
}
else {
$_SESSION['loggedIn'] = 1;
 $_SESSION['sessionUsername'] = $username;
 $_SESSION['sessionPassword'] = $password;
echo '<Meta HTTP-EQUIV=Refresh Content="0; URL=membersArea/index.php">'; exit;
}
}
}
?>
If all is ok, they get directed to the members area.

Have this at the top of each private page:

Code: [Select]
<?php
if(isset($_SESSION['loggedIn'])) {
$sessionUsername $_SESSION['sessionUsername'];
 $sessionPassword $_SESSION['sessionPassword'];
$result mysql_query("select * from `members` where `username` = '$sessionUsername'");
if(mysql_num_rows($result) == 0) {
$error 1;
}
else {
$a_row mysql_fetch_array($result);
if($sessionPassword != $a_row['password']) {
$error 1;
}
else {
//Logged in Ok - let them see the page
}
}
}
if(!isset($_SESSION['loggedIn'])) {
include("logout.php"); exit;
}
if($error == 1) {
include("logout.php"); exit;
}
?>

Hth in some way.

Chris.
Logged
Pages: [1]
« previous next »