I Need help!
Previously i have used .htaccess to contol access to a protected part of my site but .htaccess and .htpasswd does not protect .php files so I'm going to go down the route of adding a users table to mysql database.
Scenario:
An authorised users wants to login to write a news article. He enters his username and password and logs in.
If sucessful (username and password matches an entry in the tbl_users table) then store his realname and jobtitle etc in global variables like $_SESSION['realname'] etc so that it can be used later.
Problem:
On page2.php, <?php echo($_SESSION['realname']);?> does not output the users name as expected.
I have previously written a similar system in .asp with MS Access at the back end and no problem at all. I can't apply the same in PHP for some reason.
I have included the main part of the code to help make my point
<?php
function opendb()
{
$db_host='XXXXX';
$username='XXXXXXXX';
$password='XXXXXXXXX';
$db_name='XXXXXXXXXXXXXX';
$chan=mysql_connect($db_host,$username,$password);
mysql_select_db($db_name,$chan);
return $chan;
}
if(isset($action))
{
if($action=="login")
{
if($name == "")
{
$noname = "<p class='redalert'>User Name not entered!";
$action = "fail";
}
if($pwd == "")
{
$nopwd = "<p class='redalert'>Password not entered!";
$action = "fail";
}
if($action=="login")//UserName and Password contain values so check against the DB
{
//connect to the database
$chan=opendb();
if(!$chan)
{
echo "Could not connect to database";
exit();
}
$sql = "SELECT * FROM tbl_users WHERE logon_name='$name' AND pwd='$pwd'";
$result = mysql_query($sql,$chan);
if(!result)
{
$badnameorpwd = "<p class='redalert'>Login credentials are not valid!";
$action = "fail";
}else{
//successful login, get user info
$row = mysql_fetch_assoc($result);
if($name == $row['logon_name'] and $pwd == $row['pwd'])
{
session_start();
$_SESSION = array();
$_SESSION['username'] = $row['user_name'];
$_SESSION['password'] = $pwd;
$_SESSION['jobtitle'] = $row['job_title'];
header("Refresh: 0; url=protected/index.html");
exit();
}else{
$badnameorpwd = "<p class='redalert'>Login credentials are not valid!";
$action = "fail";
}
}
}
}
}
?>
from this point on it's simple html with a form containing username and password fields so the page first loads asking the user to logon and then is reloaded to validate the login (?action=login)
<form method="POST" action="?action=login">
<table border="0" width="800" id="table1" style="border-collapse: collapse">
<tr>
<td width="180" height="24" valign="bottom"><b>User Name</b></td>
<td>
<p><input type="text" name="name" size="20" value="<?php echo($name);?>"></p>
</td>
<td><?php echo($noname);?></td>
</tr>
<tr>
<td width="180" height="24" valign="bottom"><b>Password</b></td>
<td><input type="password" name="pwd" size="20"></td>
<td><?php echo($nopwd);?></td>
</tr>
<tr>
<td width="180"><?php echo($badnameorpwd);?></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td width="180"> </td>
<td><input type="submit" value="Submit" name="B1"><input type="reset" value="Cancel" name="B2"></td>
<td> </td>
</tr>
</table>
</form>
Any help would be much appreciated
