Need to fix a problem with a tutorial.

[jd-inflames]

This code right here;

PHP Code:

<?php

// Session start
session_start();

// Checks password and username
if($username == "test" AND $password == "1337") {
        // Session userid and loggedin is true
    $_SESSION[username] = "test"; 
    $_SESSION[userid] = 1;
    $_SESSION[loggedin] = 1;
    echo "<font face='verdana' size='1'>You are now logged in as 'test'</font>";

} else {


        echo "You need access to view this page!"
    exit;

}


php?>

does not work. Reason being, the script has NO idea what $username or $password is. To fix this, you need to add the following:

PHP Code:

<?php

// Session start
session_start();
$username = $_POST[username];
$password = $_POST[password];
// Checks password and username
if($username == "test" AND $password == "1337") {
        // Session userid and loggedin is true
    $_SESSION[username] = "test"; 
    $_SESSION[userid] = 1;
    $_SESSION[loggedin] = 1;
    echo "<font face='verdana' size='1'>You are now logged in as 'test'</font>";

} else {


        echo "You need access to view this page!"
    exit;

}


php?>

Unless I missed something, this should do it.

BTW, if you want to make this for multiple users, and continue to not use SQL, you can just keep adding like so:

PHP Code:

<?php

// Session start
session_start();
$username = $_POST[username];
$password = $_POST[password];
// Checks password and username
if ($username == "test" AND $password == "1234") {
        // Session userid and loggedin is true
    $_SESSION[username] = "admin"; 
    $_SESSION[userid] = 1;
    $_SESSION[loggedin] = 1; 
    header('Location: admin/index.php');
    
} elseif ($username == "joshua" AND $password == "1234") {
    $_SESSION[username] = "Joshua";
    $_SESSION[userid] = 2;
    $_SESSION[loggedin] = 2;
    header('Location: users/draketech/index.php');
} else {


        header('Location: loginfailed.php');
    exit;

}



    ?>

And when you apply it to your pages, just change

PHP Code:

session_start();
if ($_SESSION['loggedin'] == 1) { 


to

PHP Code:

session_start();
if ($_SESSION['loggedin'] == whatever number that user is.) { 


[missionsix]

sometimes global variables are turned on so $username & $password are automatically read from $_POST. However, it is right to assume that these variables need to be assigned before checking against them.

Your multiple user account system works, but $_SESSION['loggedin'] is really a boolean type value (should have been TRUE / FALSE in the example) and your just checking if a user is logged in, not whether or not they have a certain loggedin 'id'.

If you want to restrict access based on which use is where, you need some sort of way to group users, and then to restrict access to pages based on their group id.

I have put some thought into writing an article / tutorial on how to create an authentication system and publish it on missionsix.net but I can't seem to find the time to do it. School is a top priority right now.

[jd-inflames]

Well, I had tried using the script piece by piece how it was written in the tutorial, and it didn't work until I assigned the variables.

For the help you've given me, I could write some tutorials for you again somewhat like I did with the introductions to php/mysql if you'd like.

[JoeyJam]

Howdy,

I've been reading for a while and finally decided to sign up. I just wanted to say hi to everyone here.

Lots of good stuff here. I hope I can give a little back. Sorry if this is in the wrong board, I'm still a little new to this.

[AtomicHype]

My powers are worth nothing here.

[missionsix]

if that happens next time you could report the post and i'd get a notification.... or just wait till i find it.

[AtomicHype]

I didn't even think about that.