login/session code help

milsapj · July 10, 2010, 12:08pm

hi,
new to site and to php programming so please be patient. Here is my problem. I origionally coded my website as a html but due to need for
login/member registration I changed to php MySQL. However I have gotten turned around and need guidence as to where (what php file) I
should put the session code and how to code it correctly. Based on code samples I see the code needs to be at the top of my index.php file
and that is where I put it but cant get code to work properly. Here is seq of calls: index.php==> leftcolumn_login.inc.php
(form)==>checklogin.php… I can login from my home page ok but I have not been able to track my sessions to enable me to display the home
page (and other pages) with the correct header once I have logged in for the first time…ie I initially display SignIn links on all pages when user
hits site, but once they login I give a “welcome back member” msg and want to change the pages to display SignOut links only so I need to
track the seession logins (hope Im explaining it correctly…the db is working fine).One more thing, based on the way I tried to code the index file I
wanted to select a particular include file (that shows a differenct header) based on the session that user is on but this may not be the best way
to do it. I am definately open to changing my code based on your expertice but do not want to make too many drastic changes unless
necessary but I do want to know what I’m doing wrong. I can attach my code which will be several include files along with my index file (i can
zip it if needed) but for now I will give a few samles of my code to see if its enough for you all to see something immediate however I do not
want to glog this msg. I would really like to commicate with someone through my personal email rather than make too many post to this site. I
am in ATL and trying to communicate with the PHP group here.Thanks for anyones help ahead of time.Here are the code snipets…you may
see in code where I commented out some code that I was trying to use:
Index file:

<?php session_start(); // Use $HTTP_SESSION_VARS with PHP 4.0.6 or less if (!isset($_SESSION['count'])) { $_SESSION['count'] = 0; } else { $_SESSION['count']++; } ?> <!DOCTYPE html..........

<?php include("header.inc.php"); ?> <?php include("leftcolumn_login.inc.php"); // $where = 'index.php'; // echo $where; // echo $type_login; // if ($type_login == '1') { // include("leftcolumn_login.inc.php"); // } ElseIf ($type_login == '2') { // include("leftcolumn_invalidmember.inc.php"); // } Else { // include("leftcolumn_login.inc.php"); // } ?> <?php include("nav.inc.php"); ?> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX leftcolumn_login.inc.php:

Username:

Password:

Click to sign-up
Forgot Login?

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX checklogin.php: <?php //$host="localhost/"; // Host name //$host="127.0.0.1/"; // Host name $host="localhost"; // Host name //$host="localhost/Richard_website_phpMySQL/index.php"; // Host name $where = "checklogin.php"; $db_name="crescendo"; // Database name $tbl_name="register"; // Table name // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) //$myusername = stripslashes($myusername); //$mypassword = stripslashes($mypassword); //$myusername = mysql_real_escape_string($myusername); //$mypassword = mysql_real_escape_string($mypassword); // Connect to server and select databse using substitution variables and user input mysql_connect("$host", "$myusername", "$mypassword")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //directly connecing to database with these values //mysql_connect('localhost', 'johnny', 'johnny'); //mysql_select_db('crescendo')or die("cannot select DB");

$sql=“SELECT * FROM $tbl_name WHERE username=’$myusername’ and password=’$mypassword’”;
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
echo $where; echo $myusername; echo $mypassword;
if($count==1){
// Register $myusername, $mypassword and redirect to file “login_success.php”
$type_login == ‘1’;
echo $type_login;
session_register(“myusername”);
session_register(“mypassword”);
//if login successfull redirect to Welcome Back member home page
header(“location:index_member.php?typelogin=$type_login”);
} ElseIf ($myusername > ‘’) { // PHP Elseif Statement
$type_login == ‘2’;
echo $type_login;
//if login unsuccessfull redirect to home page
header(“location:index.php?typelogin=$type_login”);
} Else {
$type_login == ‘’;
echo $type_login;
header(“location:index.php?typelogin=$type_login”);
}
?>