Using sessions & session variables in a PHP Login Script
I have just finished creating an entire login and register systsem in PHP, but my problem is I haven't used any sessions yet. I'm kind of a newbie in PHP and I've never used sessions before. What I want to do is, after the user registers and fills out the login form, they will still stay on the same page. So, there will be one part of the which will be if the session is logged_in and the other part will be else (the user is not logged in so display the login form). Can anyone tell me how to get started?
Hope this helps :)
begins the session, you need to say this at the top of a page or before you call session code
session_start();
put a user id in the session to track who is logged in
$_SESSION['user'] = $user_id;
Check if someone is logged in
if (isset($_SESSION['user'])) {
// logged in
} else {
// not logged in
}
Find the logged in user ID
$_SESSION['user']
So on your page
<?php
session_start();
if (isset($_SESSION['user'])) {
?>
logged in HTML and code here
<?php
} else {
?>
Not logged in HTML and code here
<?php
}
here is the simplest session code using php. We are using 3 files.
login.php
<?php session_start(); // session starts with the help of this function
if(isset($_SESSION['use'])) // Checking whether the session is already there or not if
// true then header redirect it to the home page directly
{
header("Location:home.php");
}
if(isset($_POST['login'])) // it checks whether the user clicked login button or not
{
$user = $_POST['user'];
$pass = $_POST['pass'];
if($user == "Ank" && $pass == "1234") // username is set to "Ank" and Password
{ // is 1234 by default
$_SESSION['use']=$user;
echo '<script type="text/javascript"> window.open("home.php","_self");</script>'; // On Successful Login redirects to home.php
}
else
{
echo "invalid UserName or Password";
}
}
?>
<html>
<head>
<title> Login Page </title>
</head>
<body>
<form action="" method="post">
<table width="200" border="0">
<tr>
<td> UserName</td>
<td> <input type="text" name="user" > </td>
</tr>
<tr>
<td> PassWord </td>
<td><input type="password" name="pass"></td>
</tr>
<tr>
<td> <input type="submit" name="login" value="LOGIN"></td>
<td></td>
</tr>
</table>
</form>
</body>
</html>
home.php
<?php session_start(); ?>
<html>
<head>
<title> Home </title>
</head>
<body>
<?php
if(!isset($_SESSION['use'])) // If session is not set then redirect to Login Page
{
header("Location:Login.php");
}
echo $_SESSION['use'];
echo "Login Success";
echo "<a href='logout.php'> Logout</a> ";
?>
</body>
</html>
logout.php
<?php
session_start();
echo "Logout Successfully ";
session_destroy(); // function that Destroys Session
header("Location: Login.php");
?>
Firstly, the PHP documentation has some excellent information on sessions.
Secondly, you will need some way to store the credentials for each user of your website (e.g. a database). It is a good idea not to store passwords as human-readable, unencrypted plain text. When storing passwords, you should use PHP's crypt()
hashing function. This means that if any credentials are compromised, the passwords are not readily available.
Most log-in systems will hash/crypt the password a user enters then compare the result to the hash in the storage system (e.g. database) for the corresponding username. If the hash of the entered password matches the stored hash, the user has entered the correct password.
You can use session variables to store information about the current state of the user - i.e. are they logged in or not, and if they are you can also store their unique user ID or any other information you need readily available.
To start a PHP session, you need to call session_start()
. Similarly, to destroy a session and its data, you need to call session_destroy()
(for example, when the user logs out):
// Begin the session
session_start();
// Use session variables
$_SESSION['userid'] = $userid;
// E.g. find if the user is logged in
if($_SESSION['userid']) {
// Logged in
}
else {
// Not logged in
}
// Destroy the session
if($log_out)
session_destroy();
I would also recommend that you take a look at this. There's some good, easy to follow information on creating a simple log-in system there.
I always do OOP and use this class to maintain the session so u can use the function is_logged_in to check if the user is logged in or not, and if not you do what you wish to.
<?php
class Session
{
private $logged_in=false;
public $user_id;
function __construct() {
session_start();
$this->check_login();
if($this->logged_in) {
// actions to take right away if user is logged in
} else {
// actions to take right away if user is not logged in
}
}
public function is_logged_in() {
return $this->logged_in;
}
public function login($user) {
// database should find user based on username/password
if($user){
$this->user_id = $_SESSION['user_id'] = $user->id;
$this->logged_in = true;
}
}
public function logout() {
unset($_SESSION['user_id']);
unset($this->user_id);
$this->logged_in = false;
}
private function check_login() {
if(isset($_SESSION['user_id'])) {
$this->user_id = $_SESSION['user_id'];
$this->logged_in = true;
} else {
unset($this->user_id);
$this->logged_in = false;
}
}
}
$session = new Session();
?>