PHP Tutorial: Register and Login (User Account System) 3

[richanderson]

Hi All,

First time posting here so bear with me if I am posting wrong etc (Also just getting into PHP mainly now)

So I followed this video:

http://www.youtube.com/watch?v=iVwdnDXG4og

I got all the way to the end but when I go to test it out I keep getting redirected to the login.php page. (I think it may have something to do with the init.inc.php file. Here is the code for all pages (I know there is a lot of comments, please ignore em as its for my own benefit)

init.inc.php file

<?php

session_start();

//This will not get prompted for login when we try to go to login

$exceptions = array('register', 'login');

// End function returns the last elements in an array. Explode puts the elements of an array into a character. The / will remove the /links from the url

$page = explode('/', $_SERVER['SCRIPT_NAME']);
echo end($page);

//Check if a user is on a page that is not in excetpion. If they are not, check if they are logged in. If not send em to login page.

if (in_array($page, $exceptions) === false) {
	if (isset($_SESSION['username']) === false){
		header('Location: login.php'); // If they are not logged in direct them to login page
		
		die(); // Kill the script
	}
}

// conect to database
mysql_connect('localhost', 'root', '');
// select table
mysql_select_db('members');

$path = dirname(__FILE__); // Always full path of current script

include("{path}/inc/user.inc.php");

?>

register.php file:

<?php

include ('core/init.inc.php'); // Takes details from init.inc

// Will only get inside the below block if something has been submitted

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])) {
	if (empty($_POST['username'])){
		$errors[] = 'The Username cannot be empty.' ; // Basically means that if the username is empty, it will say it cannot be empty
	}
	
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
	$errors[] = 'The password cannot be empty.';
	} // Make sure there is no empty space in password
	
	if ($_POST['password'] !== $_POST['repeat_password']) {
	$errors[] = 'Password verification failed.';	// Checks to make sure both passwords are same
}
	if (user_exists($_POST['username'])) {
	$errors[] = 'The Username you entered is already taken.'; // Checks if username is taken
	}
	if (empty($errors)) {
		add_user($_POST['username'], $_POST['password']);
		// Bit below sets username to session variable to log them in for their session
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
		
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form action="" method="post">
  <p>
  <table width="294" border="0">
    <tr>
      <td><label for="username">Username:</label></td>
      <td><input type="text" name="username" id="username" /></td>
    </tr>
    <tr>
      <td><label for="password">Password:</label></td>
      <td><input type="password" name="password" id="password" /></td>
    </tr>
    <tr>
      <td><label for="username">Repeat Password:</label></td>
      <td><input type="password" name="repeat_password" id="repeat_password" /></td>
    </tr>
    <tr>
      <td colspan="2" align="center" valign="middle"><input type="submit" vaule="Register" /></td>
    </tr>
  </table>
</form>
</p>
</body>
</html>

Any help would be greatly appreciated.

PS: Fantastic tutorials

[Temor]

You should put the end() function around the variable you're passing to the in_array() function. Like this:

$page = explode('/', $_SERVER['SCRIPT_NAME']);

 
//Check if a user is on a page that is not in excetpion. If they are not, check if they are logged in. If not send em to login page.
 
if (in_array(end($page), $exceptions) === false) {
        if (isset($_SESSION['username']) === false){
                header('Location: login.php'); // If they are not logged in direct them to login page
               
                die(); // Kill the script
        }
}
 

But it won't work just yet, because it will check if pagename.php is in the exceptions array. The elements in your array does not have the .php extension, so it will always return false.

You can do one of two things now.
1) add .php to the elements in your array:

$exceptions = array('register.php', 'login.php');

or
2) remove the .php extension from the $page variable.

$page = explode('/', $_SERVER['SCRIPT_NAME']);
// takes the end of the $page variable and cuts the last 4 characters from it.
$page = substr(end($page),0,-4);

 
//Check if a user is on a page that is not in excetpion. If they are not, check if they are logged in. If not send em to login page.
 
if (in_array($page, $exceptions) === false) {
        if (isset($_SESSION['username']) === false){
                header('Location: login.php'); // If they are not logged in direct them to login page
               
                die(); // Kill the script
        }
}
 

or use this shorter method.

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

//Check if a user is on a page that is not in excetpion. If they are not, check if they are logged in. If not send em to login page.
 
if (in_array($page, $exceptions) === false) {
        if (isset($_SESSION['username']) === false){
                header('Location: login.php'); // If they are not logged in direct them to login page
               
                die(); // Kill the script
        }
}

I hope this solves it.