Using sessions & session variables in a PHP Login Script

Question 1

I have just finished creating an entire login and register systsem in PHP, but my problem is I haven't used any sessions yet. I'm kind of a newbie in PHP and I've never used sessions before. What I want to do is, after the user registers and fills out the login form, they will still stay on the same page. So, there will be one part of the which will be if the session is logged_in and the other part will be else (the user is not logged in so display the login form). Can anyone tell me how to get started?

Question 2

Hope this helps :)

begins the session, you need to say this at the top of a page or before you call session code

 session_start();

put a user id in the session to track who is logged in

 $_SESSION['user'] = $user_id;

Check if someone is logged in

 if (isset($_SESSION['user'])) {
   // logged in
 } else {
   // not logged in
 }

Find the logged in user ID

$_SESSION['user']

So on your page

 <?php
 session_start();


 if (isset($_SESSION['user'])) {
 ?>
   logged in HTML and code here
 <?php

 } else {
   ?>
   Not logged in HTML and code here
   <?php
 }

Question 3

Why don't you put that URL in the database associated with that user in question. If the query for the user and password are TRUE, then redirect to that URL associated to that user.

Here's an example, let says that you have 1 user in the database called "users" with the fields:

id (Id with autoincrement and set as Primary key)
user (Username)
pass (Password)
url (The url for the redirection)

And the login.php form is like

    <?php
    //Database connection
    $sql = mysql_connect("localhost","dbUsername","dbPassword");
    mysql_select_db("dbName", $sql);

    if ($_POST['submitLogin'){
     //Login query
     $q = mysql_query("SELECT * FROM users WHERE user LIKE '".$_POST['user']."' AND pass LIKE '".$_POST['pass']."'");
     $r = mysql_fetch_assoc($q);
     if (mysql_num_rows($q) >= 1){
       //If the user / password are found -> redirect
       header('Location:'.$r['url']);
     }else{
       //else return the login error
       echo "Login failed";
    }
    ?>


    <form action="" method="post">
     User : <input type="text" name="user" /><br>
     Password : <input type="password" name="pass"/><br>
     <input type="submit" name="submitLogin" value="Login"/>
    </form>

I think this should do the trick :D

Question 4

Well, without looking at the rest of your code it's difficult to say. But with headers, the header must be sent before anything is written to the response stream (ie before any echo statements OR any code that is not included inside of <?php ... ?> tags) so that could be why it isn't redirecting. The code you supplied looks good to me.

Question 5

I have never had a problem with the following:

unset($_SESSION[$myusername]);

The advantage here is that you are only clearing the log in session and can freely store other information in the session if needed because session_destroy() will clear ALL session data.

EDIT: Looking at your code as well, it's always sending the user to the login page if the username session is set.

Change:

<?php
session_start();
if( isset($_SESSION[$myusername]) ){
header("location:main_login.php");
}
?>

to (notice the ! before isset). You only want to redirect to the login page when the session isn't set.

<?php
session_start();
if(! isset($_SESSION[$myusername]) ){
header("location:main_login.php");
}
?>

Summary of comments:

Session[$myusername] changed to Session['myusername'] and the isset check was changed to !isset. This identified the session wasn't being set in the first place.

Question 6

You can use multidimensional session arrays:

$_SESSION['wz_saving_b'][$_POST['wz_saving_b']] = $_POST['wz_saving_b'];

Or, just use [] to add new keys, but you are going to have duplicated values

$_SESSION['wz_saving_b'][] = $_POST['wz_saving_b'];

Let's say the user types in wz_saving_b the following things:

1, 2, 3

<?php
session_start();
?>
<form method="POST" action="">

   <label>A:</label>
   <input name="wz_saving_a" type="text" />

   <label>B:</label>
   <input name="wz_saving_b" type="text" />

   <input name="wz_submit_saving_1" type="submit" class="add_button" value="Add"  />

</form>
<?php
if(isset($_POST['wz_submit_saving_1'])):
    $_SESSION['wz_saving_b'][$_POST['wz_saving_b']] = $_POST['wz_saving_b'];
?>
<div id="wz_config_1" class="wz_config">

<ul>
   <li>Your dimensions:</li>
   <li>B: <?php if(isset($_SESSION['wz_saving_b'])): foreach($_SESSION['wz_saving_b'] as $k => $v) { echo "$v "; } endif; ?> mm</li>
</ul>
<?php endif; ?>


<?php
var_dump($_SESSION);
?>

Output:

    Your dimensions:
    B: 1 2 3 mm

array (size=1)
  'wz_saving_b' => 
    array (size=3)
      1 => string '1' (length=1)
      2 => string '2' (length=1)
      3 => string '3' (length=1)

The requested abstraction:

<?php
session_start();
?>
<form method="POST" action="">

   <label>A:</label>
   <input name="wz_saving_a" type="text" />

   <label>B:</label>
   <input name="wz_saving_b" type="text" />

   <label>C:</label>
   <input name="wz_saving_c" type="text" />

   <label>D:</label>
   <input name="wz_saving_d" type="text" />

   <input name="wz_submit_saving_1" type="submit" class="add_button" value="Add"  />

</form>
<?php
if(isset($_POST['wz_submit_saving_1'])) {
    foreach($_POST as $key => $value) {
        if($key != 'wz_submit_saving_1') {
            $_SESSION[$key][] = $value;
        }
    }
}
?>
<div id="wz_config_1" class="wz_config">

<ul>
   <li>Your dimensions:</li>
   <?php foreach($_SESSION as $k => $v): ?>
    <?php foreach($v as $saving => $wz): ?>
   <li><?= strtoupper(substr($k, 10));?> : <?=$wz;?> mm</li>
    <?php endforeach; ?>
   <?php endforeach; ?>
</ul>


<?php
var_dump($_SESSION);
?>

I did some random inputs here with some numbers. The output is:

    Your dimensions:
    A : 1 mm
    A : 6 mm
    A : 5 mm
    B : 1 mm
    B : 6 mm
    B : 5 mm
    C : 4 mm
    C : 8 mm
    C : 5 mm
    D : 4 mm
    D : 7 mm
    D : 5 mm

array (size=4)
  'wz_saving_a' => 
    array (size=3)
      0 => string '1' (length=1)
      1 => string '6' (length=1)
      2 => string '5' (length=1)
  'wz_saving_b' => 
    array (size=3)
      0 => string '1' (length=1)
      1 => string '6' (length=1)
      2 => string '5' (length=1)
  'wz_saving_c' => 
    array (size=3)
      0 => string '4' (length=1)
      1 => string '8' (length=1)
      2 => string '5' (length=1)
  'wz_saving_d' => 
    array (size=3)
      0 => string '4' (length=1)
      1 => string '7' (length=1)
      2 => string '5' (length=1)

Based on the provided code, this should work, I tried to input one time 1 and 2 mm on position x, and then 4 and 5 mm on position y, the output was:

Rechte sparing 1

        Formaat van de sparing:
        A: 1 mm
        B: 2 mm
        Positionering van de sparing:
        x

Rechte sparing 1

        Formaat van de sparing:
        A: 4 mm
        B: 5 mm
        Positionering van de sparing:
        y

Code:

<?php

if(isset($_POST['wz_submit_saving_1'])) :

    $straight_saving = array(
        'wz_str_saving' => $_POST['wz_str_saving'],
        'wz_saving_a' => $_POST['wz_saving_a'],
        'wz_saving_b' => $_POST['wz_saving_b'],
        'wz_submit_saving_1' => $_POST['wz_submit_saving_1']
    );

    $_SESSION['straight_saving'][] = $straight_saving;

endif;


if(isset($_SESSION['straight_saving'])) : 

    foreach($_SESSION['straight_saving'] as $sav) {

?>

<div class="wz_config">

    <h3>Rechte sparing 1</h3>


    <ul>
        <li>
            <ul>
                <li>Formaat van de sparing:</li>
                <li>A: <?php echo $sav['wz_saving_a']; ?> mm</li>
                <li>B: <?php echo $sav['wz_saving_b']; ?> mm</li>
            </ul>
        </li>

        <li>
            <ul>
                <li>Positionering van de sparing:</li>
                <li><?php echo $sav['wz_str_saving']; ?></li>
            </ul>
        </li>
    </ul>

    <div class="clear"></div>

</div><!--End wz_config_1-->

<?php } endif; ?>

Using sessions & session variables in a PHP Login Script

Answers

php,session,login