any help much appreciated!

[joefoldsfive]

i've searched and searched on this and can find the answer that almost works every time but my situation is slightly different:

 

all php register member login script advice on the web is set up with a join page, index, login page and a few scripts holding it all together.

 

I need an index page that firstly checks to see if a member is logged on, and then either displays information for the member, or if not logged on, information for a non-member.

 

all has to be on the same index page.

 

i'm aware that using IF else statement I can achieve this, and i can get the form to log in to appear if non-member is detected, but i can't get anything to appear if a member logs in

 

driving me a bit mad and any help would be greatly appreciated.

[denno020]

php code that you have so far? Will help greatly in understanding the problem and helping to find a solution

 

Denno

[joefoldsfive]

ah yes might help!

 

ok two scripts/pages

 

ndex.php

checkuser.php

 

logic is - everytime index is run - it immediately runs checkuser to check if logged in. 

 

INDEX.PHP  (there is other html code that does nothing really)

<?php

session_start();

include_once "checkuser.php";

?>

 

<?php

 

if ($_POST['email']) {

include_once "connect_to_mysql.php";

$email = stripslashes($_POST['email']);

$email = strip_tags($email);

$email = mysql_real_escape_string($email);

$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters

$password = md5($password);

// Make query and then register all database data that -

// cannot be changed by member into SESSION variables.

// Data that you want member to be able to change -

// should never be set into a SESSION variable.

$sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$password' AND emailactivated='1'");

$login_check = mysql_num_rows($sql);

if($login_check > 0){

    while($row = mysql_fetch_array($sql)){

        // Get member ID into a session variable

        $id = $row["id"]; 

        session_register('id');

        $_SESSION['id'] = $id;

        // Get member username into a session variable

    $username = $row["username"]; 

        session_register('username');

        $_SESSION['username'] = $username;

        // Update last_log_date field for this member now

        mysql_query("UPDATE members SET lastlogin=now() WHERE id='$id'");

        // Print success message here if all went well then exit the script

header("location: index.php");

                exit();

 

                 

    } // close while

} else {

// Print login failure message to the user and link them back to your login page

  print '<br /><br /><font color="#FF0000">No match in our records, try again </font><br />

<br /><a href="login.php">Click here</a> to go back to the login page.';

  exit();

}

}// close if post

 

 

checkuser.php    very basic but - trying to show the login form if not a user, and the users details if it is a user

 

<?php

 

$toplinks = "";

if (isset($_SESSION['id'])) {

// Put stored session variables into local php variable

    $userid = $_SESSION['id'];

    $username = $_SESSION['username'];

$toplinks = '<a href="member_profile.php">' . $username . '</a> •

<a href="member_account.php">Account</a> •

<a href="logout.php">Log Out</a>';

} else {

$toplinks = '<table align="center" cellpadding="5">

      <form action="login.php" method="post" enctype="multipart/form-data" name="logform" id="logform" onSubmit="return validate_form ( );">

        <tr>

          <td class="style7"><div align="right">Email Address:</div></td>

          <td><input name="email" type="text" id="email" size="30" maxlength="64" /></td>

        </tr> 

        <tr>

          <td class="style7"><div align="right">Password:</div></td>

          <td><input name="password" type="password" id="password" size="30" maxlength="24" /></td>

        </tr>

        <tr>

          <td> </td>

          <td><input name="Submit" type="submit" value="Login" /></td>

        </tr>

      </form>

    </table> <p>

    <a href="join_form.php">Register</a> • <a href="login.php">Login</a>';

}

?>

 

 

p.s the html in the index page ecos $toplinks wehatever it becomes.  the problem may be is that I've changed a script that works with many pages to try and get it onto one so my php is probably messy!

[denno020]

As a really quick suggestion, have you tried omitting the

$email = stripslashes($_POST['email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);

Maybe one of them is taking out the @ symbol and therefore making the email address incorrect? (I'm not too familiar with how those functions work, but this is what I would do if I were testing your code).

 

Where do you actually display $toplinks? I can't see it echoed anywhere.. Isn't it supposed to be?

 

Denno

[joefoldsfive]

$toplinks is echoed in a table further down in the index code - i didn't copy but it's there and works as it echos the non-member results fine.

 

 

it's also authenticating the user when you log in - i.e I can get it to redirect to a different page and show logged in so it can't be the email not being recognised.

 

But when I get it to reload the index page but hopefully this time with session data, it doesn't work.

[denno020]

Is session_start() the very first thing that is read?

 

In your second post you say "there is other html code that does nothing really". I'm pretty sure that you need to have session_start() as the very first thing that is executed/read.

 

Try that?

 

Denno

[joefoldsfive]

<?php

session_start();

 

first thing on the index page

[denno020]

Doesn't make a difference?

 

Denno

[joefoldsfive]

fraid not

 

i don't mind going back to basics and re-working whole code to get this to work

 

it is very important it all happens on the first index page, cannot have a separate login page.

[denno020]

Alright well if you're happy to re-work what you've already got, and start again, here is some code that I've been using, and it works nicely. I've got the user name and password 'hard coded', but I'm sure you can alter this to access a db, and do all your filtering on the email.

 

index.php

<?php
session_start();
include_once "admin_check.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</script>
</head>
<body>
<table width="100%" border="0" cellspacing="1" cellpadding="1">
  <tr>
    <td></td>
  </tr>
  <tr>
    <td>Show member information here</td>
  </tr>
</table>
<p> </p>
</body>
</html>

 

admin_check.php

<table width="100%" border="0" cellspacing="1" cellpadding="1">
  <tr>
    <td>Login Form</td>
    <td><a href="index.php">Admin Home</a></td>
    <td><a href="../index.php">View Live Website</a></td>
  </tr>
</table>

<?php 
$error_msg="";
if($_POST['username']){

$username = $_POST['admin'];
$password = $_POST['password'];
//Simple hard coded values for the correct username and password
$admin = "adminUser";
$adminpass = "password123";

if(($username != $admin) || ($password != $adminpass)){
	$error_msg = ': <font color="FF0000">Your login information is incorrect</font>';
}else{
	session_register('admin');
	$_SESSION['admin'] = $username;
	require_once "index.php";
	exit();
}
}
?>
<?php
if($_SESSION['admin'] != "adminUser"){
echo '<h3>Only the administrator can view this directory</h3><br/>
<table width="340" border="0" cellspacing="1" cellpadding="1">
<form action="admin_check.php" method="post" target="_self">
  <tr>
    <td><table width="340" border="0" cellspacing="1" cellpadding="1">
      <tr>
        <td colspan="2">Please Log In Here' . $error_msg . '</td>
        </tr>
      <tr>
        <td width = "111">Username:</td>
        <td width = "219"><label for="textfield"></label>
          <input type="text" name="username" id="username" /></td>
      </tr>
      <tr>
        <td>Password:</td>
        <td> <input type="password" name="password" id="password"/></td>
      </tr>
      <tr>
        <td colspan="2" align="center"><input type="submit" name="submit" id="submit" value="LogIn" /></td>
        </tr>
    </table></td>
  </tr>
  </form>
</table>
<a href="../">Click here to head back to the homepage</a>';
exit();
}
?>

 

Obviously, you're not doing an admin check, but it's the same principal, having a login.

If you can't follow anything above, let me know and I'll try and explain it in detail .

 

Denno

[joefoldsfive]

looks like that could work but what happens if the admin does log in succesfully?  what is displayed?

 

this is where my code fails at the moment

[denno020]

In the code I provided, if admin has successfully logged in, then pretty much nothing happens... The contents of index is shown as intended..

 

The second if statement in admin_check will check if the username set in the session is the correct one, and if it is, it will skip the if and continue processing the page (in this case, it would be the rest of the index page, as admin_check was included into it).

 

Not sure if that makes sense?

 

Denno

[joefoldsfive]

so effectively the login fields are only shown if admin is not found

 

looks good - I will cross it with my user password rather than admin and also need the security measures i have in my original coding

 

thank you for the help

[denno020]

Pretty much exactly lol.

 

If the username is not found in the session, or if the username that is found, is wrong, then the log in form is shown, and the rest of the page processing is stopped.

 

More than happy to help, hopefully you find it useful.

 

Denno