my login page opening first

Question

I have a login.php page which I want the user to have to use when they click on Add or Delete buttons on the html form I have (also they must not remain logged in, if they leave the page and click Add or Delete then they must login again).

Currently I have it set to take the user to index.php if they login correctly but I would like to remove that once I figure out how to make them login to access certain pages.

my login.php code:

<html> 
<head> 
<title>Login</title> <link rel="stylesheet" type="text/css" href="style.css"> 
</head> 
<body id="body-color"> 
<div id="Sign-In"> 
<center><fieldset style="width:30%"><legend>Welcome Please Login Below</legend>
<form method="POST" action="connectivity.php"> 
Username: <br><input type="text" name="user" size="40"><br> 
Password: <br><input type="password" name="pass" size="40">
<br>
<br> 
<input id="button" type="submit" name="submit" value="Log-In"> 
</form> 
</center>
</fieldset> 
</div> 
</body> 
</html>

connectivity.php:

    <?php

define('DB_HOST', 'localhost');
define('DB_NAME', 'list');
define('DB_USER', 'root');
define('DB_PASSWORD', '****');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db = mysql_select_db(DB_NAME, $con) or die("Failed to connect to MySQL: " . mysql_error());
/*
  $ID = $_POST['user']; $Password = $_POST['pass'];
 */

function SignIn() {
    session_start();
    if (!empty($_POST['user'])) {
        $query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
        $row = mysql_fetch_array($query);
        if (!empty($row['userName']) AND ! empty($row['pass'])) {
            $_SESSION['userName'] = $row['pass'];
            header("Location: index.php");
        } else {
            header("Location: login.php");
        }
    }
}

if (isset($_POST['submit'])) {
    SignIn();
}
?>

do not use mysql as it deprecated. switch to mysqli or PDO. Also, clean your input before parsing to your query. To your question, why can't you check for valid session before displaying your login page or index.php — Rotimi, Feb 07 '17 at 12:01
@PhpDev I do not know how to do that sir im still learning. This is a project that im working to further my skills in php — RedZ, Feb 07 '17 at 12:03
[**Please, don't use `mysql_*` functions in new code**](http://stackoverflow.com/q/12859942). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://php.net/mysql-connect)? Learn about [*prepared statements*](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) can help you decide which. — Qirel, Feb 07 '17 at 12:09
Don't store your passwords in plain-text! This is not secure *at all!* PHP has built-in functions which you should use to handle storing of passwords, see the [`password_hash()`](http://php.net/manual/en/function.password-hash.php) function which is a lot more secure! — Qirel, Feb 07 '17 at 12:10
There are no skills that you will further when you using depreciated functions, you will just waste your time, what you need to do is do tutorials on the net, search PDO / MSQLI prepared statements — Masivuye Cokile, Feb 07 '17 at 12:13
Possible duplicate of [Why shouldn't I use mysql\_\* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — Masivuye Cokile, Feb 07 '17 at 12:13
@MasivuyeCokile i will go watch some videos tutorials on youtube. Thank you ^^ — RedZ, Feb 07 '17 at 12:18
@MasivuyeCokile I will, I have a local server with mysql installed for me to practise what I learn. — RedZ, Feb 07 '17 at 12:20

score 1 · Accepted Answer · answered Feb 07 '17 at 12:10

1

Use SESSIONS. Set a Session with a value (1) and if its not set, it would bring you to your login page.

Here is an example:

session_start();

if (!isset($_SESSION['CheckLogin'])) {
    header("Location: index.php");
}

answered Feb 07 '17 at 12:10

Maybe

189
11

sorry sir im still quite new to php. How would i interpret this into my code? – RedZ Feb 07 '17 at 12:19
When the user logs in! You should set your `SESSION` to true like this `$_SESSION['CheckLogin'] = true;` but don't forget to set on top of your script `session_start();` In all other pages (home.php, profile.php, etc...) you have to set `if (!isset($_SESSION['CheckLogin'])) { header("Location: index.php"); }` so that if the `SESSION` is not set! The user will be redirected to the `index.php` page. Note! Even on all other page you have to set on the top of your pages `session_start();`! And fix your `sql injections`! – Maybe Feb 07 '17 at 12:24

score 0 · Answer 2 · answered Feb 07 '17 at 12:10

Aside from the sql injection risks, remember to add session_start() at the top of the pages you wish to check for logged in users

 <?php
session_start();

define('DB_HOST', 'localhost');
define('DB_NAME', 'list');
define('DB_USER', 'root');
define('DB_PASSWORD', '****');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db = mysql_select_db(DB_NAME, $con) or die("Failed to connect to MySQL: " . mysql_error());
/*
  $ID = $_POST['user']; $Password = $_POST['pass'];
 */

function SignIn() {
    session_start();
    if (!empty($_POST['user'])) {
        $query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
        $row = mysql_fetch_array($query);
        if (!empty($row['userName']) AND ! empty($row['pass'])) {
            $_SESSION['userName'] = $row['pass'];
            header("Location: index.php");
        } else {
            header("Location: login.php");
        }
    }
}

if (isset($_POST['submit'])) {
    SignIn();
}
?>

Then on every page, do this:

<?php
  if(isset($_SESSION['userName']) && $_SESSION['userName'] != ''){
  //this user is logged in and has access
}else{
//redirect back to login page
header('Location: index.php');
}

this works sir but when i click login it takes me back to index.php instead to add.php when i click on the Add button. — RedZ, Feb 07 '17 at 12:16
Maybe cause of the code in connectivity.php its set to header(location index.php) — RedZ, Feb 07 '17 at 12:17

my login page opening first

2 Answers2