Y
Yiaggi
Guest
Hi guys,
I am just getting started with php login areas and have encountered a problem I hope one of you can solve for me!
Basically .... I am trying to create a a simple login for members of my site to gain access to an exclusive forum.
I have been following a simple tutorial and have got to the end and discovered an error in the code.
When I log in using correct details - I get sent to my "login_success.php" page like intended - all good there.
The problem is that when I use my browser and type in "mywebaddress/login_success.php" I am allowed access to my members only page. That is a strict no-no! I obviously need people to be re-diected to the login page if they try to connect in this way.
After looking through my code - the only place there could be a problem is in my login_success.php page.
Could u please take a look through the code and if you would be so kind - give me a brief explaination as to what it does and how to add a statement that bans users when they try to connect without logging on.
---------------------
LOGIN SUCCESS.PHP
---------------------
<?php session_start();
if($_SESSION['logged'] != 1){ header("location:login.php"); }
?>
-------------------
LOGIN.PHP
-------------------
<?php $host="localhost"; // Host name
$dbusername=""; // Mysql username
$dbpassword=""; // Mysql password
$db_name=""; // Database name
$tbl="members"; // Table name
// This connects to server and then selects the members databse.
mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Assign the username and password from the form to variables.
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT * FROM $tbl WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// This counts to see how many rows were found, there should be no more than 1
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1
if($count==1){
// Register $myusername, and redirect to file "login_success.php"
session_start();
$_SESSION["logged"] = 1;
header("location:login_success.php");
}
else {
$_SESSION["logged"] = 0;
header("location:login.php");
}
?>
I am a little confused about the code in LOGIN_SUCCESS. Any help explaining that part and how to add the statement to block the invalid user would be most welcome and greatly appreciated!
I litterally going mad trying 100's of things! Agggghhhhhhhh!
I am just getting started with php login areas and have encountered a problem I hope one of you can solve for me!
Basically .... I am trying to create a a simple login for members of my site to gain access to an exclusive forum.
I have been following a simple tutorial and have got to the end and discovered an error in the code.
When I log in using correct details - I get sent to my "login_success.php" page like intended - all good there.
The problem is that when I use my browser and type in "mywebaddress/login_success.php" I am allowed access to my members only page. That is a strict no-no! I obviously need people to be re-diected to the login page if they try to connect in this way.
After looking through my code - the only place there could be a problem is in my login_success.php page.
Could u please take a look through the code and if you would be so kind - give me a brief explaination as to what it does and how to add a statement that bans users when they try to connect without logging on.
---------------------
LOGIN SUCCESS.PHP
---------------------
<?php session_start();
if($_SESSION['logged'] != 1){ header("location:login.php"); }
?>
-------------------
LOGIN.PHP
-------------------
<?php $host="localhost"; // Host name
$dbusername=""; // Mysql username
$dbpassword=""; // Mysql password
$db_name=""; // Database name
$tbl="members"; // Table name
// This connects to server and then selects the members databse.
mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Assign the username and password from the form to variables.
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT * FROM $tbl WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// This counts to see how many rows were found, there should be no more than 1
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1
if($count==1){
// Register $myusername, and redirect to file "login_success.php"
session_start();
$_SESSION["logged"] = 1;
header("location:login_success.php");
}
else {
$_SESSION["logged"] = 0;
header("location:login.php");
}
?>
I am a little confused about the code in LOGIN_SUCCESS. Any help explaining that part and how to add the statement to block the invalid user would be most welcome and greatly appreciated!
I litterally going mad trying 100's of things! Agggghhhhhhhh!