simple login session php
67,983
You cannot mix PDO and mysql .. You are creating query in PDO and using mysql_*
Try changing your code to
<?php
// Inialize session
session_start();
// Include database connection settings
include('../../model/database.php');
// Retrieve username and password from database according to user's input
$stmt = $db->prepare("SELECT * FROM user WHERE (`username` = :username) and (`password` = :password)");
$result = $stmt->execute(array(':username'=>$_POST['username'],':password'=>$_POST['password']));
$num_rows = $stmt->rowCount();
// Check username and password match
if ( $num_rows > 0) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: securedpage.php');
}
else {
// Jump to login page
header('Location: index.php');
}
?>
see reference
Author by
user2446521
Updated on July 09, 2022Comments
-
user2446521 almost 2 years
Having trouble getting my session up and running. I've been over looking my code for the past couple hours and I can't see to find what is wrong with it. The problem I am experiencing is that every time I type the username and password in, it just redirects me to the login page to type in the info again when it should be displaying the securedpage.php..
Here is my code:
loginproc.php page - This page steps through if statement and goes straight to the else
<?php // Inialize session session_start(); // Include database connection settings include('../../model/database.php'); // Retrieve username and password from database according to user's input $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string($_POST['password']) . "')"); // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: securedpage.php'); } else { // Jump to login page header('Location: index.php'); } ?>securedpage.php page
<?php // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); } ?> <html> <head> <title>Secured Page</title> </head> <body> <p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b> <br>You can put your restricted information here.</p> <p><a href="logout.php">Logout</a></p> </body> </html>database.php page
<?php $dsn = 'mysql:host=localhost;dbname=sports_db'; $username = ''; $password = ''; $options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION); try { $db = new PDO($dsn, $username, $password, $options); } catch (PDOException $e) { $error_message = $e->getMessage(); include 'errors/db_error_connect.php'; exit; } function display_db_error($error_message) { global $app_path; include 'errors/db_error.php'; exit; } ?>