user login problem

hello guys,

this probably is a easy problem for you guys to solve but i’ve tried for over a week now and tried to find solution via google and youtube but i can’t make it right. it’s a school project where one have to code a website with a login and only logged in users are allowed to comment the contents.

the problem:
Fatal error: Call to undefined function session_is_registered() in /Applications/XAMPP/xamppfiles/htdocs/tastyrecipes/index.php on line 64

i just want the index to show “welcome Guest” if not logged in and "Welcome ‘username’ " if you are logged in.

the index.php

[php]

<?php session_start(); ?>
<html>
	<head>
		<title>Tasty Recipes</title>
		<link href="css/layout.css" rel="stylesheet">
		<link href="css/ddmenu.css" rel="stylesheet" type="text/css"/>
		<link rel="stylesheet" type="text/css" href="css/login_style.css"/>
		<script type="text/javascript" src="/js/jquery.js"></script>
		<script type="text/javascript" src="/js/script.js"></script>
		<script type="text/javascript" src="comment_insert.js"></script>
		<script type="text/javascript" src="ddmenu.js"></script>
		<meta name="viewport" content="width=device-width, initial-scale=1">
	</head>
	<body>
		<div class="wrapper">
			<nav id="ddmenu">
				<ul>
					<li class="no-sub"><div class="top-heading">Home</div></li>
					<li class="no-sub">
						<a class="top-heading" href="calendar.php">Calendar</a>
					</li>
					<li>
						<a class="top-heading">Recipes</a>
						<i class="caret"></i>			
						<div class="dropdown">
							<div class="dd-inner">
								<div class="column">
									<a href="pancakes.php">Pancakes</a>
									<a href="meatballs.php">Swedish Meatballs</a>
								</div>
							</div>
						</div>
					</li>
					<li>
						<span class="top-heading">Contact</span>
						<i class="caret"></i>		   
						<div class="dropdown right-aligned">
							<div class="dd-inner">
								<div class="column">
									<a href="about_us.php">About Us</a>
									<a href="contact_us.php">Contact Us</a>
								</div>
							</div>
						</div>
					</li>
				</ul>
			</nav>
		<div class ="page">
			<div class="big-image">
				<img src="images/Chicken.jpg" alt="Chicken" class="image"/>
			</div>
			<div>
				<h2 class="page-title">
					TASTY RECIPES
				</h2>
			</div>
			<div class="page-data">
				<div id="main-wrapper">
				<center>
					<?php
                                            if(!session_is_registered(myusername)) {
						echo 'welcome guest';
					}
					else {
						echo 'welcome $myusername';
					}
					?>
                                     </center>
					<div id="login-wrapper">
						<form>
							<ul>
							        <li class="buttons">
									<input type="button" name="login" value="Log In" onclick="location.href = 'login.php'"/>
									<br><a href="register.php" title="register">register</a>
								</li>
							</ul>
						</form>
					</div>
				</div>
			</div>
		</div>
		<div class="footer">
			Designed by Taiyou La	 |	 W3C Validated
		</div>
	</div>
</body>

[/php]

and the login.php code:

[php]<?php

$host = “localhost”; // Host name
$username = “root”; // Mysql username
$password = “”; // Mysql password
$db_name = “testing”; // Database name
$tbl_name = “members”; // Table name

// Connect to server and select databse.
mysql_connect("$host", “$username”, “$password”) or die(“cannot connect”);
mysql_select_db("$db_name") or die(“cannot select DB”);

// username and password sent from form
$myusername = $_POST[‘myusername’];
$mypassword = $_POST[‘mypassword’];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = “SELECT * FROM $tbl_name WHERE username = ‘$myusername’ and password = ‘$mypassword’”;
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {

// Register $myusername, $mypassword and redirect to file “index.php”, i think the problem lies somewhere here.
session_register(“myusername”);
session_register(“mypassword”);
echo ’';
}

echo ’';

?>[/php]

I’m going to cut to the chase and give you the bad news first, you should be using mysqli or PDO instead of mysql for that is obsolete.

My recommendation is to throw that script out and start over for it will be faster. Find a tutorial that at least uses mysqli ( I found this on the net : http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL - it’s still not the greatest; however, it at least uses mysqli). I pretty sure you can find a good tutorial that uses either mysqli or PDO (My Recommendation). I had a tutorial myself on my website, but unfortunately I’m currently redesigning and redeveloping it, which means I took it down.

However, to answer your question, yes it is very simple to check to see if a user is login or not.

First you would do something like this in your login script:

[php] if($row)
{
// Verify Stored Hashed Password:
$result = password_verify($_POST[‘password’], $row[‘password’]);

	if ($result) {
		$login_ok = true;	
	} else {
		$errMsg = 'Invalid Credientials!';
	}
	
}

// If login is OK:
if ($login_ok) {
	
	// It's not wise to store the password in $_SESSION:
	unset($row['password']);	
	
    // This stores the user's data into the session at the index 'user'.
	// We will check this index on the private members-only page to determine whether
	// or not the user is logged in.  We can also use it to retrieve
	// the user's details.
	$_SESSION['user'] = $row['username'];
	
	// Redirect the user to the private members-only page.
	header("Location: login.php");
	exit();

[/php]

Then in a config.php or utilities.inc.php file that usually goes on top of every page you would have this in it:
[php]/* Put logged in user in a sessions variable if logged in */
session_start();
$user = (isset($_SESSION[‘user’])) ? $_SESSION[‘user’] : NULL;[/php]

then all yo have to do is this:

[php]$message = ($user) ? “Welcome " . $user .”!" : “Welcome Guest”;[/php] on the page in question and you can even redirect a non-member away from the page if you want.

NOTE I am not certain the code that I wrote is accurate for it was written on the fly (the small snippets).

Another great choice of good life in check.

I wholeheartedly agree with Strider64, MySql is obsolete and highly discouraged.

MySqli or PDO… Personally, I use PDO…Anything, other than MySql is better there.

Here’s a tutorial on a register script, then you can follow that up with login… It’ll get you used to PDO. If you’re up for that.

:stuck_out_tongue:

While I’m all in for using PDO that tutorial needs a lot of work. OP if you want to use this then please double check stuff before implementing it. Ie

[ul][li]password hashing - you’re better off using Bcrypt which now is the standard hashing method in PHP[/li]
[li]password salts - void, bcrypts handles that itself[/li]
[li]email validation - use filter_var, it’s already implemented[/li]
[li]…[/li][/ul]

Yes, I actually saw, I posted the wrong one. There’s an updated tutorial, the one I linked to was the older version. Sorry, my fault… I think the blog runs on a different site now, I’ll have to find it.

Yes, filter_var(); would be better for email validation.
[php]
filter_var($email, FILTER_VALIDATE_EMAIL);
[/php]

It’s been awhile since I’ve been to that blog and no wonder a bunch of their tutorials are gone.

thanks guys for all the replies!

Sponsor our Newsletter | Privacy Policy | Terms of Service