I'm new to PHP programming, I have code for user Login, and already connected to localhost database.
Here is the Login.php code
<html>
<head>
<title>Login Page</title>
</head>
<body>
<div>
<form action="doLogin.php" method="POST">
<p>
<label>Username : </label>
<input type="text" id="username" name="user">
</p>
<p>
<label>Password : </label>
<input type="text" id="password" name="pass">
</p>
<p>
<input type="submit" id="btnLogin" value="Login">
</p>
</form>
</div>
</body>
</html>
and doLogin.php
<?php
$username = $_POST["user"];
$password = $_POST["pass"];
$username = stripcslashes($username);
$password = stripcslashes($password);
$con = mysqli_connect('localhost', 'root', '', 'dbtest');
$query = mysqli_query($con, "select * from user where Username = '$username' and Password = '$password' ");
$row = mysqli_fetch_array($query);
if ($row['Username'] == $username && $row['Password'] == $password)
{
echo "You are Success Login!!! Welcome ".$row['Username'];
header('Location: Profile.php');
}
else
{
echo "Failed to login!";
}
?>
I want to using session so if the user not logged in, it will redirect to Login page. Where and how I apply a session into my code, much appreciate it.
I've done some searching and I implement this code.
I create session.php file, here is the code
<?php
function checkSession()
{
if(!isset($_SESSION))
{
session_start();
}
$username=$_SESSION['Username'];
if(empty($username))
{
return true;
}
return false;
}
?>
And I place this code for every page that I protect from unauthorized user on top of the code.
<?php
require_once("session.php");
if(checkSession())
{
header('Location: Login.php');
exit;
}
else
{
?>
//User Logged in...
<?php
}
?>
Hope this could help others new to PHP programming that had the same problem.
First, you need to call session_start() and if you don't include partial pages via an index.php or something similar, you need to call session_start() on every page or in every file you want to use the session in. Make sure you call session_start(); at the top of your file, just after <?php
In your doLogin.php you could do something like
if ($row['username'] == $username && $row['password'] == $password) {
$_SESSION['username'] = $username;
$_SESSION['login'] = true;
}
And at the start of each page you want to protect, check if the session is set like
if (!$_SESSION['login'] === true) {
die('You need to login');
}
Very bare bones answer, but that's the basic idea.
And please consider the comment from @PhpDev
Use session_start() at the beginning and when the user is authenticated then store the username in a session variable.
<?php
session_start(); //starting the session
$username = $_POST["user"];
$password = $_POST["pass"];
$username = stripcslashes($username);
$password = stripcslashes($password);
$con = mysqli_connect('localhost', 'root', '', 'dbtest');
$query = mysqli_query($con, "select * from user where Username = '$username' and Password = '$password' ");
$row = mysqli_fetch_array($query);
if ($row['Username'] == $username && $row['Password'] == $password)
{
echo "You are Success Login!!! Welcome ".$row['Username'];
$_SESSION['username'] = $username; //Storing username in global variable
header('Location: Profile.php');
}
else
{
echo "Failed to login!";
}
?>