I just finished making my first working login form. I can verify that I'm logged in with a particular username/ID or not logged in at all.
However, the login page isn't working right. I believe the code below is supposed to display a login form (if the user isn't already logged in) or a link to a logout page (if you're already logged in)...
<?php if( isset( $_SESSION['user_id'] ) ): ?>
<h2>Login Here</h2>
<form action="login-submit.php" method="post">
(etc.)
<?php else: ?>
<h2>Logout Here</h2>
<p><a href="logout.php">Log Out Link</a></p>
<?php endif; ?>
But it only displays the logout link, even when I'm logged in.
I'm not sure where to begin troubleshooting this, because it's all unfamiliar to me. I have a database table with the field 'user_id' (along with 'username' and 'password'. In this example, the value for user_id is the numeral 1.
I tried to echo a value for user_id without success, even when logged in...
echo $_SESSION['user_id'];
If I paste this at the top of the page...
session_start();
...then it works in reverse. If I'm logged in, it displays a login form, and it displays a logout link when I'm already logged out.
Here's the (heavily edited) code from login_submit.php...
<?php
session_start();
/*** check if the users is already logged in ***/
if(isset( $_SESSION['user_id'] ))
{
$message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['username']))
{
$message = 'Please enter a valid username and password';
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$password = sha1( $password );
/*** connect to database ***/
try
{
// Database stuff...
/*** prepare the select statement ***/
$stmt = $dbh->prepare("SELECT user_id, username, password FROM g1_members WHERE username = :username AND password = :password");
/*** bind the parameters ***/
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
/*** execute the prepared statement ***/
$stmt->execute();
/*** check for a result ***/
$user_id = $stmt->fetchColumn();
/*** if we have no result then fail boat ***/
if($user_id == false)
{
$message = 'Login Failed';
}
/*** if we do have a result, all is well ***/
else
{
/*** set the session user_id variable ***/
$_SESSION['user_id'] = $user_id;
/*** tell the user we are logged in ***/
$message = 'You are now logged in';
}
}
catch(Exception $e)
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later.';
}
}
?>
<html>
<head>
<title>PHPRO Login</title>
</head>
<body>
<p><?php echo $message; ?>
</body>
</html>
P.S. Taking a cue from the discuss @ isset() didn't work after login with $_SESSION set to valid I inserted session_start(); at the top of the page, then added this script:
if(isset($_SESSION['valid'])) { echo 'logged in'; } else { echo 'not logged yet'; }
It says "not logged yet" even when I'm logged in.
_SESSIONarray must have thesession_start();at the very top of the page. If it is working on reverse of what you expect then you have some problem on your IF statements or an uncatched error. Try to change this lineif($user_id == false)toif($user_id === false)this is just a guess. - Jorge Campos