I’m trying to get this php log in to work and I am not sure what the problem is. What ends up happening is I can not access the page I am not suppose to access when logged out but when I log in I still can’t access it either. I know I’m logged in because I’m not getting an incorrect password message.
login.php:
[php]<?php
session_start();
require_once ‘classes/membership.php’;
$membership = new membership();
//If the user clicks the “Log Out” link on the index page.
if(isset($_GET[‘status’]) && $_GET[‘status’] == ‘loggedout’) {
$membership->log_user_out();
}
// Did the user enter a password/username and click submit
if($_POST && !empty($_POST[‘username’]) && !empty($_POST[‘pwd’])) {
$response = $membership->validate_user($_POST[‘username’], $_POST[‘pwd’]);
}
?>[/php]
[code]
LoginLogin enter your credentials
Username:
<p>
<label for="pwd">Password:</label>
<input type="password" name="pwd"/>
</p>
<p>
<input type="submit" id ="submit" value="Login" name=:submit" />
</p>
</form>
<?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>" ?>
membership.php[php]:
<?php require 'classes/mysql.php'; class membership { function validate_user($username,$password) { $mysql = New mysql(); $ensure_credentials = $mysql->verify_username_and_password($username,md5($password)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; header("location: index.php"); } else return "Please enter a correct username and password"; } function log_user_out() { if(isset($_SESSION['status'])) { unset($_SESSION['status']); if(isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 1000); session_destroy(); } } } function confirm_member() { //session_start(); if($_SESSION['status'] !='authorized') header("location: login.php"); } }[/php] mysql.php: [php]<?php require_once 'includes/constants.php'; class mysql{ private $connection; function __construct() { $this->connection = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a problem connecting to the database.'); } function verify_username_and_password($username, $password) { $query = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1"; if($stmt = $this->connection->prepare($query)) { $stmt->bind_param('ss',$username, $password); $stmt->execute(); if($stmt->fetch()) { $stmt->close(); return true; } } } }[/php]