Jump to content
Larry Ullman's Book Forums
Sign in to follow this  

Log In Log Out Validations

Recommended Posts

Good evening,


Thank you in advance for reviewing my question regarding Part Two: Selling Virtual Products.


I have completed Chapter 1 through 4 and my local site appears to be working correctly except for an important portion of these exercises, logging and logging out.


I am able to create new users using the register.php page, and I can verify the new user is added by using phpmyadmin.


All the links and the css style is being applied correctly to pages and the navigation links work correctly.


However I can enter any characters in the Email Address and Password fields from the login side bar form, and after clicking submit I receive no error reports and the page is redirected to index.php, which is correct. But it does not appear there is actually a logged in user.


So I am searching for what I have missed and thought perhaps Chapter 5 or beyond would introduce additional code that "enables" the validation for logging in registered users. But after starting Chapter 5, I believe I am missing something.


If this question is too opened ended, I completely understand.


I was thinking that this might be an issue with function redirect_invalid_user so I  manually changed a user to Admin using myphpadmin, and added the session_regenerate_id code that Larry comments on at the end of Chapter 4.


But for some reason it does not matter what characters are entered in the Email Address and Password fields as none of the expected text and pages are generated when these bogus entries are made.


I will continue to search for my solution. I am enjoying the book and I am finding that it is a very effect learning tool.


Thanks again,





Share this post

Link to post
Share on other sites

Generally, your code needs to go through these steps for a sucessful login:


1. Submitting a username and password.

- Make sure you are actually getting these values into your script. Apply simple debugging like using echo on the variables.

2. Encryption of password.

- This can be done in both PHP and within the database query. Make sure your password is getting encrypted correctly.

3. Validation against records in the Database

- Make sure your find a user with this method. Also debug the query by printing it out, and check if it works manually yourself in phpMyAdmin or similar. Make sure the values you add into the query (username and encrypted password) looks correct.

4. Sessions

- Make sure you have started a session on all pages that depends on sessions values.

5. Check logic for session validation

- Make sure your checks for sessions values are correct. Does it store the correct values you need? Are your checks written properly. Simply trying to echo this info to screen, and checking logic routing (what kind of if/else the logic follows) will take you a long way.


These are general suggestions that should make you able to solve your problem. If it's not enough, we need to see some of your code.

  • Upvote 1

Share this post

Link to post
Share on other sites


I have almost the same issue for loggin and redirecting user login to personalized page like welcom.php.

I had a problem with sh256 algorithm, but since I put sh1 it works.

My issue is to redirect a user to welcom.php page and protect the page to allow only logged user.


The following are the code:


    require ('./includes/config.inc.php'); //This is the registration page for the site.Require the configuration before any PHP code as the configuration controls error reporting:
    $page_title = 'Connect  au Cop.com'; //Registration title name
    include ('./includes/headreg.html'); // Include the header file:
    require (MYSQL);    // Require the database connection
    require ('./includes/form_functions.inc.php'); // Require function to handle the form input boxes
    $login_errors = array();
    // Check for a  login form submission:
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
        $em= mysqli_real_escape_string ($dbc, $_POST['email']);
        else {
        $login_errors['email'] = '<font color="red">Tape un email valide!</font>';            
        //Check first if the password is empty before querying db
        if (!empty($_POST['pass']) ) {
        $p = mysqli_real_escape_string ($dbc, $_POST['pass']);
        else {
        $login_errors['email'] = '<font color="red">Tape un mot de passe!</font>';            
        if (empty($login_errors)){ //No errors, then query the db
            // Make sure the email address is available:
            $q = "SELECT Id, fname FROM customer WHERE (email = '$em'
             AND password='" .get_password_hash($p). "')";
            // Get the number of rows returned:
            $r = mysqli_query($dbc, $q);
            if(mysqli_num_rows($r)== 1 ) {
                $row = mysqli_fetch_array($r, MYSQLI_NUM);
                $_SESSION['user_id'] = $row[0];
                $_SESSION['Fname'] = $row[1];    
                THe issue is here: HOW TO REDIRECT THE USER to welcom.php and keep it from unloggin user?


See what I did, but I am not satisfied with it.
            else { // IF no rows, data don not match, send a error message and don not reveal what is wrong
                $login_errors = 'Adresse email ou mot de passe incorrect. Veuillez refaire.';
    <div class="logoimg1"><img src="./products/cophma1.jpg" width="115" height="44" alt="cophma log" /></div>
    <div class="logoimg2"><img src="./products/com.gif" width="66" height="20" alt="cophma log1" /></div>
    <div class="logoimg3"><img src="./products/pharm.gif" width="155" height="23" alt="cophma log2" /></div>    
    <!-- Help on registration and login pages -->
    <div class='regist_form_help'><a href='regist.php'>Nouveau!</a> | <a href='forgot.php'>Mot de passe oublie</a> | <a href='index.php'>Accueil</a></div>
    <div class="errorDiv"></div>
<!-- login form page -->
<div class="login_form">
    <form action ="login.php" method="post" accept-charset="utf-8">
            <legend><font color='#000' size='4.2px'>Connexion au Cophma.com!</font></legend>
                <!-- Display a errors message on top of the form if value not found in db-->
            <p><?php if(array_key_exists('login', $login_errors)) {
                    echo '<span class="error">'.$login_errors['login'].'</span><br />';
            <label for="email"><strong>Mon addresse Email est:</strong></label><br />
            <?php create_form_input('email', 'text', $login_errors); ?><br />
            <label for="pass"><strong>Mon mot de passe est:</strong></label><br />
            <?php create_form_input('pass', 'password', $login_errors); ?>
            <a href="forgot.php" align="right">Oublié le mot de passe?</a><br /><br /><br />
            <input type="submit" value="Connexion au Cophma" />            



Share this post

Link to post
Share on other sites

In Logging In sub subject, there is a reference of login.php on index.php page, this is the one: If ($_SERVER['REQUEST_METHOD']) == 'POST') { include ('includes/login.php'); }


I don't see this page developed in Chapiter 4. Is it developed in the following Chapiters? or is the bad reference?



Share this post

Link to post
Share on other sites

You can't redirect where you are because you've already included the header. You can either move the header include later in the script or use output buffering.


In Chapter 4, you create login.inc.php, which does the login procedure.

Share this post

Link to post
Share on other sites

A good technique you can pick up from the MVC pattern is how you should structure your code. When I program procedurally, I generally never include HTML before the end of the document. That way, you can keep logic and the rending of HTML separate.


You can try to make your program follow these steps:

1. Include/require all the libraries, files with functions, etc you need.

2. Call functions and save their results to variables

3. Determine what "view" (i.e login error view or successful user dashboard)

4. Include (render) the views for the page.


// 1. Require needed files
require ('./includes/config.inc.php');
require (MYSQL);
require ('./includes/form_functions.inc.php');

// (1.1) Include the SQL login logic as a "Model function" instead of placing logic here
require './models/authenticate.php';

// 2. Make function instead of walls of code (Notice the $dbc database variable)
$login_errors = performAuthentification($dbc, $_POST['email'], $_POST['password']);

// 3. Set data prior to rendering views
$page_title = 'Connect au Cop.com'; //Registration title name

// 4. Check which view to render
$load_view = ( empty ($login_errors) ) ? 'views/user/dashboard.php' : 'views/errors/login_failed.php';

// 5. Render view files:
include './includes/header.php';
include $load_view;
include './includes/footer.php';


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...