php loggedin() gives wrong titles

Question

I'm new to php, so I follow a tutorial from WellBro. I'm making a registration and login. But There's a mistake in my code and it always gives the wrong titels. After log in, I need to see "home, profiel and Log Out" but I keep seeing "home, log in and registreer". So I think there's a mistake with my loggedin(). Can someone please help me? :)

part of login

<?php
if (loggedin()) {
?>
<a href='index.php'>Home</a>
<a href='profile.php'>Profiel</a>
<a href='logout.php'>Log Out</a>
<?php
}else{  
?>
<a href='index.php'>Home</a>
<a href='login.php'>Log in</a>
<a href='register.php'>Registreer</a>
<?php
}
>

<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
if(empty($username) or empty ($password)){
    echo"<p>Gelieve al de velden in te vullen.</p>";
    }else{
        $check_login = mysql_query("SELECT id, type FROM users WHERE username='$username' AND password = '$password'");
            if (mysql_num_rows($check_login)==1){
                $run = mysql_fetch_array($check_login);
                $user_id=$run['id'];
                $type = $run ['type'];
                if($type == 'd'){
                    echo "<p>Je account is nog niet geactiveerd. Je ontvangt een mail zodra dit in orde is. Als je na lange tijd nog steeds niet kunt inloggen, neem dan contact op met één van de trainers.</p>";
                    }else{
                        $_SESSION['user_id'] = $user_id;
                        echo "<script> window.location.replace('membersonly.php') </script>";
                        }
                }else{
                    echo "<p>Ongeldige gebruikersnaam of wachtwoord.</p>";
                    }
        }
}
?>

function.php

<?php

session_start();

function loggedin() {
    if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
        return true;
    }else{
        return false;
    }
}

?>

part of membersonly.php

<?php include 'connect.php'; ?>

<?php include 'functions.php'; ?>

<?php

if (loggedin()) {
?>
<a href='index.php'>Home</a>
<a href='profile.php'>Profiel</a>
<a href='logout.php'>Log Out</a>
<?php
}else{  
?>
<a href='index.php'>Home</a>
<a href='login.php'>Log in</a>
<a href='register.php'>Registreer</a>
<?php
}
?>

1. Do not use `mysql_`. They've been deprecated for a long time and are no longer supported. Use PDO or MySQLi. 2. Don't store passwords in MD5. It's been broken for a long time. Use `password_hash` if you can. 3. Your code is open to SQL injection. `POST login.php?username=admin' --` would make me be logged in as the user with the username "admin" without knowing the password. This would automatically be fixed if you used PDO or MySQLi with prepared statements and bound variables. 4. There's no reason to use both `isset` and `!empty`. Just use `!empty`. 5. Don't redirect with JS. — h2ooooooo, Apr 29 '14 at 12:06
My form is underneath the login.php. It's realy basic. Gebruikersnaam:

Wachtwoord: — , Apr 29 '14 at 12:15
@loz Cherone; what do you mean? :) I also think there's a problem with this part... But I can't find it.. — , Apr 29 '14 at 12:17
@l1tjen Have you tried using `echo '
' . print_r($_SESSION, true) . '
'`? — h2ooooooo, Apr 29 '14 at 12:20
I changed the javascript part too: header ('location: membersonly.php'); . But the header wont work, maybe this has something to do with the problem? — , Apr 29 '14 at 12:37

score 0 · Answer 1 · answered Apr 29 '14 at 12:56

I cannot see your Form, but you should have it like this.

<form action='PartOfLogin.php' method='POST'>
Gebruikersnaam: <br/> 
<input type= 'text' name='username' /> 
<br/>
<br/> 

Wachtwoord: 
<br/> 
<input type= 'password' name ='password' /> 
<br/>
<br/> 

<input type='submit' name='submit' value='Login' />
</form>

Part of Login. Also change 'or' in php for "||"

<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
if(empty($username) || empty ($password)){
    echo"<p>Gelieve al de velden in te vullen.</p>";
    }else{
        $check_login = mysql_query("SELECT id, type FROM users WHERE username='$username' AND password = '$password'");
            if (mysql_num_rows($check_login)==1){
                $run = mysql_fetch_array($check_login);
                $user_id=$run['id'];
                $type = $run ['type'];
                if($type == 'd'){
                    echo "<p>Je account is nog niet geactiveerd. Je ontvangt een mail zodra dit in orde is. Als je na lange tijd nog steeds niet kunt inloggen, neem dan contact op met één van de trainers.</p>";
                    }else{
                        $_SESSION['user_id'] = $user_id;
                        echo "<script> window.location.replace('membersonly.php') </script>";
                        }
                }else{
                    echo "<p>Ongeldige gebruikersnaam of wachtwoord.</p>";
                    }
        }
}
if (loggedin()) {
?>
<a href='index.php'>Home</a>
<a href='profile.php'>Profiel</a>
<a href='logout.php'>Log Out</a>
<?php
}else{  
?>
<a href='index.php'>Home</a>
<a href='login.php'>Log in</a>
<a href='register.php'>Registreer</a>
<?php
}
>

And change your mysql functions for mysli functions.
Ref: http://www.w3schools.com/php/php_mysql_intro.asp

Yes, the form looks like that :). I changed the or part. But it stil wont work. — , Apr 29 '14 at 13:05
It isnt that much of a change ;) let me know if you still have problems after — Nick Prozee, Apr 29 '14 at 13:12
Thanks for the tip, I changed everything to sqli (indeed, not so much work) But stil the same probleme... When I use "header ('location: membersonly.php'); " instead of the javascript, it wont redirect... — , Apr 29 '14 at 13:43
I tried that already, but that wont work eather. I also tried sites like google, hotmail,... — , Apr 29 '14 at 13:56
Is $_SESSION['user_id'] being set? can you put on top of your page: $_SESSION['user_id']="0"; ? — Nick Prozee, Apr 30 '14 at 07:15

php loggedin() gives wrong titles

1 Answers1