Beruflich Dokumente
Kultur Dokumente
Lets start:
{ $_SESSION["logging"]=true; loginform(); } else if($_SESSION["logging"]) { $number_of_rows=checkpass(); if($number_of_rows==1) { $_SESSION[user]=$_GET[userlogin]; $_SESSION[logged]=true; print"<h1>you have loged in successfully</h1>"; print_secure_content(); } else{ print "wrong pawssword or username, please try again"; loginform(); } } }
1-the first thing to do when you are using session variables on a php page is to start the session service on the page by this line session_start();, if you ignored this line the page will work fine but the session variables wont be saved when you refresh the page or go to another page. 2-after starting the service, we check if the user is already logged in if($_SESSION['logged']), if he is we print him a nice welcome message by calling the function for the secure content (we will look at it later) 3-if he isnt logged in, we show the login fields (username and password) by the function loginform(), and set the session variable $_SESSION["logging"] to true in order to check the entered username and password when he/or she hits the login button 4-when he/or she enters the username and password then hits the login in button the code that will be only executed will be the code after else if($_SESSION["logging"]) because we have set the logging session variable to true, in this code block the variable $number_of_rows gets its value from the function checkpass() which is basically takes the username and password and checks the server if it already exists, if it exists it returns one else it will return 0..thats why we check $number_of_rows: - if it equals one if it really does we will set the variable user in the session to the entered username, and sets the logged bool variable to true. --If the $number_of_rows isnt 1, we will print him the input fields again. Now lets look at the functions: 1.loginform() Code:
function loginform() { print "please enter your login information to proceed with our site"; print ("<table border='2'><tr><td>username</td><td><input type='text' name='u serlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
all it does is printing out the fields to the user 2.checkpass() Code:
function checkpass() { $servername="localhost"; $username="root"; $conn= mysql_connect($servername,$username)or die(mysql_error()); mysql_select_db("test",$conn); $sql="select * from users where name='$_GET[userlogin]' and password='$_GET[p assword]'"; $result=mysql_query($sql,$conn) or die(mysql_error()); return mysql_num_rows($result); }
This function establishes a connection with the mysql server through the mysql_connect() function which takes in two parametes;1.servername (or address) 2.the username used to login to the database, if theres a password you should add it After connection to the server we choose the database that we will use using the mysql_select_db(); function which takes in 2 variables;1. The name of the database and 2.The connection variable. The sql statement: Code:
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[p assword]'";
It simple gets the field that match the user login and password that the user have entered along with the ones in in the table called users, after that we run the statement using the function mysql_query($sql,$conn) and returning the results to a variable called $result Finally we return the number of retrieved rows. 3.print_secure_content() Code:
function print_secure_content() { print("<b><h1>hi mr.$_SESSION[user]</h1>"); print "<br><h2>only a logged in user can see this</h2><br><a>href='logout.php '>Logout</a><br>"; }
No explanation needed
{ print"<h2>you have logged out successfully</h2>"; print "<h3><a href='index.php'>back to main page</a></h3>"; } ?>
What we did here is starting the session and destroying it, if it was cleared successfully we display that to the user
c. Registration form:
A simple html page that lets the use enters the name and passwords and submit it to the serve on the page register.php Code:
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>register</title> </head> <body bgcolor="black" style="color:white;"> <FORM ACTION="register.php" METHOD=get> <h1>welcome to the registration page</h1> please input the registration details to create an account here<br> <table border="2"> <tr> <td>User Name :</td><td><input name="regname" type="text" size"20"></input></ td> </tr> <tr> <td>email :</td><td><input name="regemail" type="text" size"20"></input></td> </tr> <tr> <td>password :</td><td><input name="regpass1" type="password" size"20"></inpu t></td> </tr> <tr> <td>retype password :</td><td><input name="regpass2" type="password" size"20" ></input></td> </tr> </table> <input type="submit" value="register me!"></input> </FORM> </body> </html>
Note: you can add some JavaScript to validate the code before submitting, but I didnt want to make this tutorial long and boring
{ if($_GET["regpass1"]==$_GET["regpass2"]) { $servername="localhost"; $username="root"; $conn= mysql_connect($servername,$username)or die(mysql_error()); mysql_select_db("test",$conn); $sql="insert into users (name,email,password)values('$_GET[regname]','$_G ET[regemail]','$_GET[regpass1]')"; $result=mysql_query($sql,$conn) or die(mysql_error()); print "<h1>you have registered sucessfully</h1>"; print "<a href='index.php'>go to login page</a>"; } else print "passwords doesnt match"; } else print"invaild data"; ?>
The first line checks if all the variables in the get isnt null then it checks if the two password fields match, if yes it connects to the server, selects the database and runs the sql insert statement, which is: Code:
$sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[r egemail]','$_GET[regpass1]')";
No explanation needed Important Notes: 1.you can use this code to check the available variables and its values in your session or any other global variables Code:
foreach ($_SESSION as $key=>$value) { print "\$_ SESSION [\"$key\"] == $value<br>";}
2.its wise to check if a session variable exists before using it this can be done using this code: Code:
if(isset($_SESSION['variable_name'])) print “it exists; else print “it doesnt;
3.you can hide the values of your form submits by using the POST method of your forms