Solving a PHP problem Write a PHP script that, when first loaded, presents a sim

Question

Solving a PHP problem

Write a PHP script that, when first loaded, presents a simple HTML login form with just a username prompt, like below: When the user enters a username, create a new PHP session and store the username in it. Ensure to sanitise the username input to remove any tags and special characters in it! Once logged in, your script should show the user a page like this. Hello user you are logged in. The user's session should remain active and the above "logged in" page should be shown even if the user refreshes the page or resubmits the form, or closes and reopens the webpage. When the user clicks the "Logout" button, their active session should be destroyed and they should be redirected to the original login form, allowing them to login again.

Explanation / Answer

connect_to_database.php

<?php

mysql_connect("localhost","your_username","your_password") or die(mysql_error());

mysql_select_db("your_database");

?>
login.php

<?php

include 'connect_to_database.php'; //connect the connection page

if(empty($_SESSION)) // if the session not yet started

   session_start();

if(isset($_SESSION['username'])) { // if already login

   header("location: home.php"); // send to home page

   exit;

}

?>

<html>

<head></head>

<body>

<form action = "login_proccess.php" method = "post">

Username: <input type="text" name="username" /><br />

Password: <input type="password" name="password" /><br />

<input type = "submit" name="submit" value="login" />

</form>

</body>

</html>

login_proccess.php

<?php
include 'connect_to_database.php'; //connect the connection page
  
if(empty($_SESSION)) // if the session not yet started
   session_start();

if(!isset($_POST['submit'])) { // if the form not yet submitted
   header("Location: login.php");
   exit;
}

//check if the username entered is in the database.

$test_query = "SELECT * FROM table_name WHERE username_field = '".$_POST[username]."'";

$query_result = mysql_query($test_query);

//conditions

if(mysql_num_rows($query_result)==0) {

//if username entered not yet exists

    echo "The username you entered is invalid.";

}else {

//if exists, then extract the password.

  while($row_query = mysql_fetch_array($query_result)) {

// check if password are equal
        if($row_query['password_field']==$_POST['password']){
$_SESSION['password'] = $_POST['password'];
header("Location: home.php");
exit;
        } else{ // if not
echo "Invalid Password";
        }

    }

}

?>

home.php

<?php

include 'connect_to_database.php'; //connect the connection page

if(empty($_SESSION)) // if the session not yet started

   session_start();

if(!isset($_SESSION['username'])) { //if not yet logged in
   header("Location: login.php");// send to login page
   exit;
}
?>
<html>
<body>
Welcome <?php echo $_SESSION['username']; ?>,
<a href="logout.php">logout</a>
</body>
</html>

logout.php

<?php

session_start();

unset($_SESSION['username']);

session_destroy();

header("Location: login.php");

exit;

?>

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.