-2

So I have a custom Login page on Wordpress that connects to my users database and checks if all the information is correct. This is the login.php:


<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="style.css" />
</head>
<body>
<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_POST['email'])){
        // removes backslashes
    $email = stripslashes($_REQUEST['email']);
        //escapes special characters in a string
    $email = mysqli_real_escape_string($conn,$email);
    $password = stripslashes($_REQUEST['password']);
    $password = mysqli_real_escape_string($conn,$password);
    //Checking is user existing in the database or not
        $query = "SELECT * FROM `users` WHERE email='$email'
and password='".md5($password)."'";
    $result = mysqli_query($conn,$query) or die(mysql_error());
    $rows = mysqli_num_rows($result);
        if($rows==1){
        $_SESSION['email'] = $email;
            // Redirect user to index.php
        header("Location: index.php");
         }else{
    echo "<div class='form'>
<h3>Email/password is incorrect.</h3>
<br/>Click here to <a href='../login/'>Login</a></div>";
    }
    }else{
?>
<div class="form">
<!-- <h1>Log In</h1> -->
<form action="" method="post" name="login">
<input type="text" name="email" placeholder="Email" required />
<input type="password" name="password" placeholder="Password" required />
<br>
<input name="submit" type="submit" value="Login" />
</form>
<p>Not registered yet? <a href='../register/'>Register Here</a></p>
</div>
<?php } ?>
</body>
</html>

What I want to do is change the LOGIN button on my Wordpress header to LOGOUT (and showing the user information if it's possible) after the user is logged, and I suppose that I can do that using the $_SESSION['email'] = $email;variable.

How can I do that?

Thanks a lot!

thE madA
  • 19
  • 7
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Apr 07 '21 at 15:18
  • You have an error. [`mysql_error()`](https://www.php.net/manual/en/function.mysql-error.php) worked only for the old API. Please consider switching error mode on instead. [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) – Dharman Apr 07 '21 at 15:18

1 Answers1

0

You can use the built-in WordPress function is_user_logged_in() or is your login using also a custom table in the database and not the WordPress user table wp_user?

<?php
if ( is_user_logged_in() ) {
    echo '<a href="../wp-login.php?action=logout">Login out</a>';
} else {
    echo '<a href="../login/">Login</a>';
}
?>

If your login system is independent of WordPress, you need to check your login function and see what session variables it creates, you might also need to start the session your self then if it is not in the function something like this then

 session_start();

 if (isset($_SESSION['email'])) {
    /// your login button code here
 } else {
    /// your logout button code here
 }

A function that would add it to your wordpress menu you need to style it:

add_filter('wp_nav_menu_items', 'button_login_logout', 10, 2);
function button_login_logout() {
    ob_start();
    if (isset($_SESSION['email'])) : 
    ?>
        <a role="button" href="logoutlink">Log Out</a>. 
    <?php 
    else : 
    ?>
        <a role="button" href="loginlink">Log In</a> 
    <?php 
    endif;
 
    return ob_get_clean();
}
Somelight
  • 180
  • 8
  • But that will check if the user is logged in Wordpress right? I need to check if the user is registered in my MySQL database – thE madA Apr 07 '21 at 14:38
  • 1
    Ok not sure how you have built the function that creates the session when logging in but added kind of how to check if a session exist – Somelight Apr 07 '21 at 14:47
  • Nice, I understand it, but how can I change after the header button from LOGIN to LOGOUT? – thE madA Apr 07 '21 at 14:57
  • With the condition above I added the else statement, what it does is if your session exist you place your login button code or else place your logout button – Somelight Apr 07 '21 at 15:15
  • Yes I know, but what I was asking that is what I don't know how to do is about how to place the login or logout button on the header using that else – thE madA Apr 07 '21 at 15:29
  • You add that code into your header.php file in your themes folder or child theme folder, on the part where you want it to work, or you can creat a function to add it to your Wordpress menu or a short code. – Somelight Apr 07 '21 at 15:40
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/230857/discussion-between-somelight-and-the-mada). – Somelight Apr 07 '21 at 16:02