Login Problem

[rhodarose]

I have a login page, and i have a problem in my page because when the user is already login and she accidentally press the back button and when she try to login she can login..i want that when she already login she could not login again..

here is my code:

Code:

<?php  
session_start(); 
 
//require_once 'conn.php';  
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Engineering') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Finishing_Goods') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='HRAD') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='MIS') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Packaging_and_Design') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Production') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Purchasing_Logistic') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='QA_and_Technical') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Supply_Chain') { 
                header('location:Company.php'); 
            } 
            else {
				header('location:index.php');
				echo"Incorrect Username or Department"; 
				
	        	}  
	}
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>DSPI LOGIN</title>
<script type="text/javascript">                
function handleEnter (field, event) {
		var keyCode = event.keyCode ? event.keyCode : event.which ? event.which : event.charCode;
		if (keyCode == 13) {
			var i;
			for (i = 0; i < field.form.elements.length; i++)
				if (field == field.form.elements[i])
					break;
			i = (i + 1) % field.form.elements.length;
			field.form.elements[i].focus();
			return false;
		} 
		else
		return true;
	}      

</script>
<style type="text/css"> 
<!--
BODY { 
background-image: url(layout_image/bgroundv09.png);
background-attachment: fixed; 
} 
#Dept_Frame {
	position:absolute;
	width:229px;
	height:49px;
	z-index:1;
	left: 441px;
	top: 262px;
}
#Department_Option {
	position:absolute;
	width:186px;
	height:32px;
	z-index:2;
	left: 453px;
	top: 275px;
}
#Submit_Frame {
	position:absolute;
	width:82px;
	height:35px;
	z-index:3;
	left: 516px;
	top: 320px;
}
#Submit_Button {
	position:absolute;
	width:60px;
	height:29px;
	z-index:4;
	left: 524px;
	top: 328px;
}
#Username_ImageText {
	position:absolute;
	width:130px;
	height:55px;
	z-index:5;
	left: 319px;
	top: 208px;
}
#User_Frame {
	position:absolute;
	width:230px;
	height:46px;
	z-index:6;
	left: 441px;
	top: 216px;
}
#Username_Textbox {
	position:absolute;
	width:182px;
	height:23px;
	z-index:7;
	left: 455px;
	top: 228px;
}
--> 
</style>  
</head>
<body onload="document.form1.username.focus();">
<form id="form1" name="form1" method="post" action="">
  <div id="Department_Option">
    <select name="department" onkeypress="return handleEnter(this, event)">
      <option>Choose your Department. . . . . . </option>
      <option value="Accounting" <?php if($_POST['department'] == 'Accounting') echo "selected='selected'"; ?>>Accounting</option>
      <option value="Engineering" <?php if($_POST['department'] == 'Engineering') echo "selected='selected'"; ?>>Engineering</option>
      <option value="Finishing_Goods" <?php if($_POST['department'] == 'Finishing_Goods') echo "selected='selected'"; ?>>Finishing Goods</option>
      <option value="HRAD" <?php if($_POST['department'] == 'HRAD') echo "selected='selected'"; ?>>HRAD</option>
      <option value="MIS" <?php if($_POST['department'] == 'MIS') echo "selected='selected'"; ?>>MIS</option>
      <option value="Packaging_and_Design" <?php if($_POST['department'] == 'Packaging_and_Design') echo "selected='selected'"; ?>>Packaging and Design</option>
      <option value="Production" <?php if($_POST['department'] == 'Production') echo "selected='selected'"; ?>>Production</option>
      <option value="Purchasing_Logistic" <?php if($_POST['department'] == 'Purchasing_Logistic') echo "selected='selected'"; ?>>Purchasing and Logistics</option>
      <option value="QA_and_Technical" <?php if($_POST['department'] == 'QA_and_Technical') echo "selected='selected'"; ?>>QA and Technical</option>
      <option value="Supply_Chain" <?php if($_POST['department'] == 'Supply_Chain') echo "selected='selected'"; ?>>Supply Chain</option>
    </select>
  </div>
  <div id="Submit_Button">
    <input type="Submit" name="submit" value="Submit" id="submit" onclick="doSomething();"/>
  </div>
  <div id="Dept_Frame"><img src="layout_image/subframev02.png" width="229" height="50" /></div>
  <div id="Submit_Frame"><img src="layout_image/subframev02.png" width="80" height="46" /></div>

<div id="Username_ImageText"><img src="layout_image/userv01.png" width="131" height="62" /></div>
<div id="User_Frame"><img src="layout_image/subframev02.png" width="229" height="50" /></div>
<div id="Username_Textbox">
  <input name="username" type="text" size="30" onkeypress="return handleEnter(this, event)"/>
</div>
</form>
</body>
</html>

[DexterMorgan]

I use sessions to do this.
BTW on company.php do you check whether the user is logged in? is there anything stopping any randomer from just going to the url/company.php?

[rhodarose]

I use sessions to do this.
BTW on company.php do you check whether the user is logged in? is there anything stopping any randomer from just going to the url/company.php?

i have no code to check if the user is logged in and also theres no code for stopping any randomer from going to company.php

[kingdm]

Agree with Dexter.

@Please use the PHP code wrap to post your php code so that its much more readable

[DexterMorgan]

Alright well this login script has a few holes in it lol.

So lets start off, if you have never used sessions before they are more or less variables that can be used on all pages. Similar to cookies but the information is not stored on the client.

At the start of all the scripts you want to use sessions you must write this:

PHP Code:

session_start(); //starts the session lol
session_regenerate_id(); //for security purposes. 


Information on sessions: http://www.w3schools.com/PHP/php_sessions.asp

A really simple way of doing this script is to have a 'loggedin' session that holds a true or false value.

so during the login process if everything is fine, just before the redirect you would put

PHP Code:

$_SESSION['loggedin'] = true; 


Then on all of the pages where the user must be logged in you would put:

PHP Code:

if(!$_SESSION['loggedin']){ 
//whatever you want to do with this randomer, redirect or something.
} 


to prevent people from logging in again the above code can be modified to fit on the login page.

Not sure how well i have described all of this as i woke up around 5 minutes ago, let me know if you need any help with anything.

[rhodarose]

Good day

I try the code that you suggested i put on hte top og my index page or login page

Here is the code

PHP Code:

<?php  
session_start(); 
session_regenerate_id(); 

$_SESSION['loggedin'] = true; 
if(!$_SESSION['loggedin']){ 
//whatever you want to do with this randomer, redirect or something. 
    header('Location:index.php');
} 


//require_once 'conn.php';  
$db_name="dspi"; 

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']); 

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
        $ct = mysql_num_rows($sql); 
     
        if($ct == 1) { 
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Engineering') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='Finishing_Goods') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='HRAD') { 
                header('location: Company.php'); 
            } elseif($row['Department']=='MIS') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Packaging_and_Design') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Production') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Purchasing_Logistic') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='QA_and_Technical') { 
                header('location:Company.php'); 
            } elseif($row['Department']=='Supply_Chain') { 
                header('location:Company.php'); 
            } 
            else {
                header('location:index.php');
                echo"Incorrect Username or Department"; 
                
                }  
    }
?>

And when i login successfully and i try to login i could login again.

[DexterMorgan]

Alright, the code I give you was a sort of guideline.

Try this:

PHP Code:

<?php
session_start();
session_regenerate_id();

if($_SESSION['loggedin']){
//the user is already logged in, lets redirect them to the other page
    header('Location:index.php');
}


//require_once 'conn.php';  
$db_name="dspi";

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']);

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error());
        $ct = mysql_num_rows($sql);
     
        if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') {
                header('location: Company.php');
            } elseif($row['Department']=='Engineering') {
                header('location: Company.php');
            } elseif($row['Department']=='Finishing_Goods') {
                header('location: Company.php');
            } elseif($row['Department']=='HRAD') {
                header('location: Company.php');
            } elseif($row['Department']=='MIS') {
                header('location:Company.php');
            } elseif($row['Department']=='Packaging_and_Design') {
                header('location:Company.php');
            } elseif($row['Department']=='Production') {
                header('location:Company.php');
            } elseif($row['Department']=='Purchasing_Logistic') {
                header('location:Company.php');
            } elseif($row['Department']=='QA_and_Technical') {
                header('location:Company.php');
            } elseif($row['Department']=='Supply_Chain') {
                header('location:Company.php');
            }
            else {
                header('location:index.php');
                echo"Incorrect Username or Department";
                
                }  
    }
?>

alright now on the company.php

PHP Code:

if(!$_SESSION['loggedin']){
//the user is not logged in, move them away from here
    header('Location:index.php');
} 


Hopefully I have been able to help.

[rhodarose]

Alright, the code I give you was a sort of guideline.

Try this:

PHP Code:

<?php
session_start();
session_regenerate_id();

if($_SESSION['loggedin']){
//the user is already logged in, lets redirect them to the other page
    header('Location:index.php');
}


//require_once 'conn.php';  
$db_name="dspi";

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']);

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error());
        $ct = mysql_num_rows($sql);
     
        if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') {
                header('location: Company.php');
            } elseif($row['Department']=='Engineering') {
                header('location: Company.php');
            } elseif($row['Department']=='Finishing_Goods') {
                header('location: Company.php');
            } elseif($row['Department']=='HRAD') {
                header('location: Company.php');
            } elseif($row['Department']=='MIS') {
                header('location:Company.php');
            } elseif($row['Department']=='Packaging_and_Design') {
                header('location:Company.php');
            } elseif($row['Department']=='Production') {
                header('location:Company.php');
            } elseif($row['Department']=='Purchasing_Logistic') {
                header('location:Company.php');
            } elseif($row['Department']=='QA_and_Technical') {
                header('location:Company.php');
            } elseif($row['Department']=='Supply_Chain') {
                header('location:Company.php');
            }
            else {
                header('location:index.php');
                echo"Incorrect Username or Department";
                
                }  
    }
?>

alright now on the company.php

PHP Code:

if(!$_SESSION['loggedin']){
//the user is not logged in, move them away from here
    header('Location:index.php');
} 


Hopefully I have been able to help.

Thank you for the codes and trying to helped me. i try the code you suggested, and the output is I cant view the index pae and when i try to view the company page the url appear is the url of index. I have no idea why it happened

[DexterMorgan]

PHP Code:

<?php
session_start();
session_regenerate_id();

if($_SESSION['loggedin']){
//the user is already logged in, lets redirect them to the other page
    header("Location:Company.php");
}


//require_once 'conn.php';  
$db_name="dspi";

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']);

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error());
        $ct = mysql_num_rows($sql);
     
        if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') {
                header('location: Company.php');
            } elseif($row['Department']=='Engineering') {
                header('location: Company.php');
            } elseif($row['Department']=='Finishing_Goods') {
                header('location: Company.php');
            } elseif($row['Department']=='HRAD') {
                header('location: Company.php');
            } elseif($row['Department']=='MIS') {
                header('location:Company.php');
            } elseif($row['Department']=='Packaging_and_Design') {
                header('location:Company.php');
            } elseif($row['Department']=='Production') {
                header('location:Company.php');
            } elseif($row['Department']=='Purchasing_Logistic') {
                header('location:Company.php');
            } elseif($row['Department']=='QA_and_Technical') {
                header('location:Company.php');
            } elseif($row['Department']=='Supply_Chain') {
                header('location:Company.php');
            }
            else {
                header('location:index.php');
                echo"Incorrect Username or Department";
                
                }  
    }
?>

Messed up, try that lol

[rhodarose]

PHP Code:

<?php
session_start();
session_regenerate_id();

if($_SESSION['loggedin']){
//the user is already logged in, lets redirect them to the other page
    header("Location:Company.php");
}


//require_once 'conn.php';  
$db_name="dspi";

mysql_connect("localhost", "root", "") or die("Cannot connect to server");
mysql_select_db("$db_name")or die("Cannot select DB");   


        $department = mysql_real_escape_string($_POST['department']);   
        $username = mysql_real_escape_string($_POST['username']);

        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error());
        $ct = mysql_num_rows($sql);
     
        if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
            $row = mysql_fetch_assoc($sql);  
         
            if($row['Department']=='Accounting') {
                header('location: Company.php');
            } elseif($row['Department']=='Engineering') {
                header('location: Company.php');
            } elseif($row['Department']=='Finishing_Goods') {
                header('location: Company.php');
            } elseif($row['Department']=='HRAD') {
                header('location: Company.php');
            } elseif($row['Department']=='MIS') {
                header('location:Company.php');
            } elseif($row['Department']=='Packaging_and_Design') {
                header('location:Company.php');
            } elseif($row['Department']=='Production') {
                header('location:Company.php');
            } elseif($row['Department']=='Purchasing_Logistic') {
                header('location:Company.php');
            } elseif($row['Department']=='QA_and_Technical') {
                header('location:Company.php');
            } elseif($row['Department']=='Supply_Chain') {
                header('location:Company.php');
            }
            else {
                header('location:index.php');
                echo"Incorrect Username or Department";
                
                }  
    }
?>

Messed up, try that lol

Thank you...It works

[DexterMorgan]

PHP Code:

            if($row['Department']=='Accounting') {
                header('location: Company.php');
            } elseif($row['Department']=='Engineering') {
                header('location: Company.php');
            } elseif($row['Department']=='Finishing_Goods') {
                header('location: Company.php');
            } elseif($row['Department']=='HRAD') {
                header('location: Company.php');
            } elseif($row['Department']=='MIS') {
                header('location:Company.php');
            } elseif($row['Department']=='Packaging_and_Design') {
                header('location:Company.php');
            } elseif($row['Department']=='Production') {
                header('location:Company.php');
            } elseif($row['Department']=='Purchasing_Logistic') {
                header('location:Company.php');
            } elseif($row['Department']=='QA_and_Technical') {
                header('location:Company.php');
            } elseif($row['Department']=='Supply_Chain') {
                header('location:Company.php');
            } 


BTW is this necessary?

[rhodarose]

PHP Code:

            if($row['Department']=='Accounting') {
                header('location: Company.php');
            } elseif($row['Department']=='Engineering') {
                header('location: Company.php');
            } elseif($row['Department']=='Finishing_Goods') {
                header('location: Company.php');
            } elseif($row['Department']=='HRAD') {
                header('location: Company.php');
            } elseif($row['Department']=='MIS') {
                header('location:Company.php');
            } elseif($row['Department']=='Packaging_and_Design') {
                header('location:Company.php');
            } elseif($row['Department']=='Production') {
                header('location:Company.php');
            } elseif($row['Department']=='Purchasing_Logistic') {
                header('location:Company.php');
            } elseif($row['Department']=='QA_and_Technical') {
                header('location:Company.php');
            } elseif($row['Department']=='Supply_Chain') {
                header('location:Company.php');
            } 


BTW is this necessary?

Yes its needed or required...but my else condition

PHP Code:

else{
     Header ('Location:index.php');
     echo 'Wrong Username and Department'; 


did not work the echo.
and one thing i am concern is that is it possible that i put in session to store the username and department?and where i can put it? and also in all my other webpages i put session to know that user is login??

[rhodarose]

Thank you for helping me..and sorry if i have a lot of question regarding my problem because i am new in creating website and using php..I hope you understand me...

[DexterMorgan]

yeah im not too sure about all the if else statements lol.

and one thing i am concern is that is it possible that i put in session to store the username and department?and where i can put it? and also in all my other webpages i put session to know that user is login??

Yeah you can pretty much put anything in a session.

PHP Code:

$_SESSION['whatever_you_want'] = $whatever_variable 


you can put the username and department in sessions

PHP Code:

$_SESSION['username'] = $row['username']; 


As for the department

PHP Code:

$_SESSION['department'] = $row['department']; 


you would put this code straight after:

PHP Code:

        if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
            $row = mysql_fetch_assoc($sql); 


and for the last question, yeah you can just put the same code on all of the other pages to check if the user is logged in our out.

Not Logged In

PHP Code:

if(!$_SESSION['loggedin']){
//the user is not logged in, move them away from here
    header('Location:index.php');
} 


logged in

PHP Code:

if($_SESSION['loggedin']){
//user is logged in
} 


BTW have you made a log out script?

[rhodarose]

yeah im not too sure about all the if else statements lol.


Yeah you can pretty much put anything in a session.

PHP Code:

$_SESSION['whatever_you_want'] = $whatever_variable 


you can put the username and department in sessions

PHP Code:

$_SESSION['username'] = $row['username']; 


As for the department

PHP Code:

$_SESSION['department'] = $row['department']; 


you would put this code straight after:

PHP Code:

        if($ct == 1) {
// im guessing this means that the user is valid.
$_SESSION['loggedin'] = true; // now that the user is valid we change the session value.
            $row = mysql_fetch_assoc($sql); 


and for the last question, yeah you can just put the same code on all of the other pages to check if the user is logged in our out.

Not Logged In

PHP Code:

if(!$_SESSION['loggedin']){
//the user is not logged in, move them away from here
    header('Location:index.php');
} 


logged in

PHP Code:

if($_SESSION['loggedin']){
//user is logged in
} 


BTW have you made a log out script?

I dont have log out yet..i try the code and i update you whta would be result..Thank you