Simple PHP Login

weird · March 8, 2011, 9:36pm

First off let me say I’m a noob and I know this isn’t very secure but,
I have a very simple php login script…

$username = “admin”;
$password = “admin”;

if($_POST[‘username’] != $username || $_POST[‘password’] != $password)
{
echo “contact form”;
}
else
{
echo “html website”;
}

My issue is when the page refreshes or the user is sent to a different page (ie. to delete file or upload file) and php sends them back, they need to login again. How can I get around this. I’ve tried to learn sessions and cookies, but it doesn’t seem to work for me. Is there a way other than sessions and cookies? or am I just doing it wrong?

Thank you in advance for you help

maas · March 8, 2011, 10:45pm

without seeing all your code I can’t help you any more then with this:
[php]
session_start();

$username = “admin”;
$password = “admin”;

//checks if there is an open session called ‘login’
if(isset($_SESSION[‘login’])) {

//redirect or an include goes here
//this is what happens if there is a login session

} else {

//your test to see if the username and password match if statement
if($_POST['username'] != $username || $_POST['password'] != $password) {
	echo "contact form";
} else {
	//a session called 'login' is started
	$_SESSION['login'] = "yes";
	echo "html website";
}

}
[/php]

it at least shows you how sessions can be used. If this doesn’t help then please post some more code e.g. index.php

weird · March 8, 2011, 10:50pm

I will try this later, but for now, how long will this session last?

I would also need a logout.php page to kill the session if the user wants to right?

Thanks for your speedy reply!

maas · March 8, 2011, 11:10pm

yes, logout is pretty simple:

you can unset the specific session used to test if the user is logged in
[php]

<?php session_start(); //unset the session you want unset($_SESSION['login']); header("Refresh: 0; URL=index.php"); ?>

[/php]

or you can destroy all session variables:
[php]

<?php session_start(); session_destroy(); header("Refresh: 0; URL=index.php"); ?>

[/php]

as for how long a session will last, I think 24 minutes is default.

weird · March 9, 2011, 1:33am

Sorry, but I have one last question.

How does $_SESSION[‘login’] know which variables to keep?

Does a session store all variables? Or how does it know to keep the username and password.

Thanks for all your help.

Redscouse · March 9, 2011, 10:59am

when you create a session you tell it what value to hold (if any)

in the example Maas did below the session holds the value of ‘yes’
[php]//a session called ‘login’ is started
$_SESSION[‘login’] = “yes”;[/php]

you could however use anything you like:
[php]$_SESSION[‘username’] = $username;
$_SESSION[‘firstname’] = ‘fred’;
$_SESSION[‘email’] = $row[‘email’];
[/php]
you can even use arrays if you wish.

hope that helps

weird · March 9, 2011, 2:19pm

Alright I think I got it now. I need to save 2 session variables,
[php]
$_SESSION[‘username’] = $username;
$_SESSION[‘password’] = $password;
[/php]

Thanks for your help guys. I’ll probably be back with other questions.

weird · March 9, 2011, 3:56pm

Worked like a charm

Thanks guys!