How can I check if a user is logged-in in php

Question

I m pretty new to PHP and I am trying to figure out how to use sessions to check and see if a user is logged into a website so that they would have authorization to access specific pages  Is this something that is complicated or is it because I am a noob that I can t figure it out

User · Answer

You may do a session and place it     Start session session start        Check do the person logged in if   SESSION  username    NULL          Haven t log in     echo  quot You haven t log in quot    else         Logged in     echo  quot Successfully logged in  quot      Note  you must make a form which contain   SESSION  username      login input username

User · Answer

else if  isset   GET  actie     amp  amp    GET  actie      aanmelden          username    POST  username         password  md5   POST  password          query    SELECT password FROM tbl WHERE username     username         result  mysql query  query        row  mysql fetch array  result        if  password     row  password                 session start                  SESSION  logged in     true              echo  Logged in

User · Answer

See this script for registering  It is simple and very easy to understand   lt  php     define  DB HOST    Your Host Could be localhost or also a website         define  DB NAME    database name        define  DB USERNAME    Username In many cases root  but some sites offer a MySQL page where the username might be different         define  DB PASSWORD    whatever you keep if username is root then 99  of the password is blank           link   mysql connect DB HOST  DB USERNAME  DB PASSWORD        if    link            die  Could not connect line 9                DB SELECT   mysql select db DB NAME   link        if    DB SELECT            die  Could not connect line 15                valueone     POST  name         valuetwo     POST  last name         valuethree     POST  email         valuefour     POST  password         valuefive     POST  age          sqlone    quot INSERT INTO user  name  last name  email  password  age  VALUES    valueone    valuetwo    valuethree    valuefour    valuefive   quot        if   mysql query  sqlone             die  Could not connect name line 33               mysql close      gt   Make sure you make all the database stuff using phpMyAdmin  It s a very easy tool to work with  You can find it here  phpMyAdmin

User · Answer

Any page you want to perform session-checks on needs to start with   session start      From there  you check your session array for a variable indicating they are logged in   if     SESSION  loggedIn    redirect to login      Logging them in is nothing more than setting that value     SESSION  loggedIn     true

User · Answer

You need this on all pages before you check for current sessions  session start     Check if   SESSION  quot loggedIn quot    is not  true - If not  redirect them to the login page  if   SESSION  quot loggedIn quot      true       echo  not logged in       header  quot Location  login php quot        exit

User · Answer

Almost all of the answers on this page rely on checking a session variable s existence to validate a user login  That is absolutely fine  but it is important to consider that the PHP session state is not unique to your application if there are multiple virtual hosts sites on the same bare metal  If you have two PHP applications on a webserver  both checking a user s login status with a boolean flag in a session variable called  isLoggedIn   then a user could log into one of the applications and then automagically gain access to the second without credentials  I suspect even the most dinosaur of commercial shared hosting wouldn t let virtual hosts share the same PHP environment in such a way that this could happen across multiple customers site s  anymore   but its something to consider in your own environments  The very simple solution is to use a session variable that identifies the app rather than a boolean flag   e g  SESSION  quot isLoggedInToExample com quot    Source  I m a penetration tester  with a lot of experience on how you shouldn t do stuff

User · Answer

Logins are not too complicated  but there are some specific pieces that almost all login processes need   First  make sure you enable the session variable on all pages that require knowledge of logged-in status by putting this at the beginning of those pages   session start      Next  when the user submits their username and password via the login form  you will typically check their username and password by querying a database containing username and password information  such as MySQL  If the database returns a match  you can then set a session variable to contain that fact  You might also want to include other information   if  match found in database            SESSION  loggedin     true        SESSION  username      username      username coming from the form  such as   POST  username                                             something like this is optional  of course     Then  on the page that depends on logged-in status  put the following  don t forget the session start      if  isset   SESSION  loggedin     amp  amp    SESSION  loggedin      true        echo  Welcome to the member s area        SESSION  username            else       echo  Please log in first to see this page        Those are the basic components  If you need help with the SQL aspect  there are tutorials-a-plenty around the net

User · Answer

In file Login html   lt html gt   lt head gt     lt meta charset  quot utf-8 quot  gt     lt meta http-equiv  quot X-UA-Compatible quot  content  quot IE edge chrome 1 quot  gt     lt title gt Login Form lt  title gt   lt  head gt   lt body gt     lt section class  quot container quot  gt       lt div class  quot login quot  gt         lt h1 gt Login lt  h1 gt         lt form method  quot post quot  action  quot login php quot  gt           lt p gt  lt input type  quot text quot  name  quot username quot  value  quot  quot  placeholder  quot Username quot  gt  lt  p gt           lt p gt  lt input type  quot password quot  name  quot password quot  value  quot  quot  placeholder  quot Password quot  gt  lt  p gt            lt p class  quot submit quot  gt  lt input type  quot submit quot  name  quot commit quot  value  quot Login quot  gt  lt  p gt         lt  form gt       lt  div gt   lt  body gt   lt  html gt   In file Login php   lt  php      host  quot localhost quot      Host name      username  quot  quot      MySQL username      password  quot  quot      MySQL password      db name  quot  quot      Database name      tbl name  quot members quot      Table name         Connect to the server and select a database      mysql connect  quot  host quot    quot  username quot    quot  password quot   or die  quot cannot connect quot        mysql select db  quot  db name quot   or die  quot cannot select DB quot            Username and password sent from the form      username     POST  username         password     POST  password            To protect MySQL injection  more detail about MySQL injection       username   stripslashes  username        password   stripslashes  password        username   mysql real escape string  username        password   mysql real escape string  password        sql    quot SELECT   FROM  tbl name WHERE username   username  and password   password  quot        result   mysql query  sql           Mysql num row is counting the table rows      count mysql num rows  result           If the result matched  username and  password  the table row must be one row     if  count    1           session start              SESSION  loggedin     true            SESSION  username      username         In file Member php  session start    if  isset   SESSION  loggedin     amp  amp    SESSION  loggedin      true        echo  quot Welcome to the member s area   quot      SESSION  username      quot   quot     else       echo  quot Please log in first to see this page  quot      In MySQL  CREATE TABLE  members         id  int 4  NOT NULL auto increment       username  varchar 65  NOT NULL default          password  varchar 65  NOT NULL default         PRIMARY KEY   id     TYPE MyISAM AUTO INCREMENT 2    In file Register html   lt html gt       lt head gt           lt title gt Sign-Up lt  title gt       lt  head gt        lt body id  quot body-color quot  gt           lt div id  quot Sign-Up quot  gt               lt fieldset style  quot width 30  quot  gt  lt legend gt Registration Form lt  legend gt                   lt table border  quot 0 quot  gt                       lt form method  quot POST quot  action  quot register php quot  gt                           lt tr gt                               lt td gt UserName lt  td gt  lt td gt   lt input type  quot text quot  name  quot username quot  gt  lt  td gt                           lt  tr gt                            lt tr gt                               lt td gt Password lt  td gt  lt td gt   lt input type  quot password quot  name  quot password quot  gt  lt  td gt                           lt  tr gt                            lt tr gt                               lt td gt  lt input id  quot button quot  type  quot submit quot  name  quot submit quot  value  quot Sign-Up quot  gt  lt  td gt                           lt  tr gt                       lt  form gt                   lt  table gt               lt  fieldset gt           lt  div gt       lt  body gt   lt  html gt   In file Register php   lt  php     define  DB HOST            define  DB NAME            define  DB USER           define  DB PASSWORD              con   mysql connect DB HOST  DB USER  DB PASSWORD  or die  quot Failed to connect to MySQL   quot    mysql error          db   mysql select db DB NAME   con  or die  quot Failed to connect to MySQL   quot    mysql error           userName     POST  username         password     POST  password         query    quot INSERT INTO members  username password  VALUES    userName     password   quot        data   mysql query   query  or die mysql error         if  data                echo  quot Your registration is completed    quot             else               echo  quot Unknown Error  quot

[php] How can I check if a user is logged-in in php?

Examples related to php

Examples related to authentication

Examples related to session

Examples related to session-state