doing a simple login for my website, which will hopefully keep the user logged in over a period of time, the scripts looks like this:
<?php
/* $con make a connection with database */
mysql_connect("localhost","root","");
//select database
mysql_select_db("blogass");
/* Below two commands will store the data in variables came from form input */
$username=$_POST['username'];
$password=$_POST['password'];
/* below two commands are sql injection which stops extra characters as input */
$user=mysql_real_escape_string($username);
$pass=mysql_real_escape_string($password);
$query=mysql_query("SELECT * FROM users where
username='$username' AND
password='$password' ");
$count=mysql_num_rows($query);
if($count==1)
/* $count checks if username and password are in same row */
{
echo "Login Successful";
$hour = time() + 3600;
}
else
{
echo "Username or password is incorrect";
}
?>
Im having trouble putting a session in, i know its simple, but i cant put my finger on it! i want it to display whos logged in on my index.php page and if nobody is logged in, to display a message asking a user to login/register. Basically i want a user to stay logged on throughout the time they are on the site. Any ideas on what i am doing wrong?
After Username and Password authentication:
You should store username in a $_SESSION variable when you verify that he is authenticated:
At beginning of all other pages you should put command
and then use an if statment to check if gloabal session variable user is set: