开发者

PHP - First time login page

问答 作者:

I am trying to setup a website that will know if a user has logged into the website before. The MYSQL table has a username, password and firstLogin field. The firstLogin field is an integer field containing 1 if the user has not logged and 2 if they have logged in in the past.

The login sysetm logs in and starts a session as it should do therefore i am certain the count is returning the value of 1. The problem that i am having is the website is going straight to homepage.php even if the firstLogin integer is set to 1. The website should be going to welcome.php whilst performing an update operation to change the integer to 2. Ive been staring at this for about a week now. Hope you can help. 

<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$t开发者_如何学编程bl_name=""; // Table name


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST ['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT username, password,firstLogin FROM $tbl_name WHERE username='".$myusername."' and password= sha1('".$mypassword."'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

    $row = mysql_fetch_array($result);
     print_r($row); 
     exit;

    if ($row ['firstLogin']=="1")
        {
        $sql2 ="UPDATE $tbl_name SET firstLogin = '2' WHERE username ='".$myusername."'";  
        session_start();

        session_register("myusername");
        session_register("mypassword");
        header("welcome.php");
        }
        else

        {
        session_start();        
        session_register("myusername");
        session_register("mypassword");
        header("location:home.php");
        }
        }else
     {
    echo "Wrong Username or Password";
}
?>

In addition to Jeff Parker's fixes, I might suggest extracting your session starting code into a function so that you're not repeating your code. I already see your code introducing a copy and paste error.

Also, I think $row['firstLogin'] == 1 would be acceptable, considering that the row will be returning an integer as opposed to a string.

if ($row ['firstLogin']=="1")
    {
    $sql2 ="UPDATE $tbl_name SET firstLogin = '2' WHERE username ='".$myusername."'";  
    session_start();

    session_register("myusername"); //!! This is possibly an error, you're saving myusername as opposed to $myusername
    session_register("mypassword"); // Same as above
    header("welcome.php");  // This is possibly an error since the header is missing the "location:" part
    }
    else

    {
    session_start();        
    session_register("myusername");
    session_register("mypassword");
    header("location:home.php");
    }

Can be turned into 

if ($row ['firstLogin']=="1")
    {
    $sql2 ="UPDATE $tbl_name SET firstLogin = '2' WHERE username ='".$myusername."'";  
    start_session_and_redirect('welcome.php');
    }
    else

    {
    start_session_and_redirect('home.php');
    }

then place a function ...

function start_session_and_redirect($location){
session_start();
session_register("myusername"); // I'm also wondering if that's supposed to be $myusername instead of "myusername...
session_register("mypassword");
header("location:$location");
}

You have an error in your above code possibly if php doesn't automatically fix it, where welcome.php doesn't have "location:" in front of it, which can be entirely prevented by having a function for the repeat functionality, something you should always be looking to eliminate from your code.

if ($row ['firstLogin']="1") // wrong

You're doing an assignment. It should be a comparison.

if ($row ['firstLogin'] == "1") // right

There's also an error in the query used to retrieve the user data.

// -- This is wrong, missing the ending parenthesis, and will not run.
$sql="SELECT username, password,firstLogin FROM $tbl_name WHERE
    username='".$myusername."' and password= sha1('".$mypassword."'";

// -- This includes the ending parenthesis, and should run.
$sql="SELECT username, password,firstLogin FROM $tbl_name WHERE 
    username='".$myusername."' and password= sha1('".$mypassword."')";

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9