i'm trying to learn about session_start() but when i run the file, it only show what is inside the
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {
?>
log out
<?php } ?>
and not showing else{...} and even after i click log out, it won't print anything in else statement and only print inside the if statement. I use another file to do the log out proses but i don't know the right code for session_destroy()
here's the logout.php code below:
<?php
session_start();
session_destroy();
header("location: home.php");
?>
here's the full code:
<?php
session_start();
include("DB/db.php");
$_SESSION['username']=$username;
$_SESSION['password']=$password;
$_SESSION['is_log_in'] = true;
?><!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="css/css.css">
</head>
<body>
<div id="blank"></div>
<div id="panel">
<nav id="bar">
<div id="submen">
<form id="sir">
<input type="Search" name="search" placeholder="Search.." id="search">
</form>
Walpaper
Art
Photos
Image
<?php
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {?>
<?php echo $username?>
log out
</div>
</nav>
</div>
</table>
<?php } else {
?>
login
register
</div>
</nav>
</div>
</table>
<?php } ?>
</body>
</html>
UPDATE for log in script
<?php
session_start();
include("DB/db.php");
if ($_GET['log']=='out'){
session_destroy();
}
if ($_POST['user']){
$sql = "Select password from user where username = '".$_POST['user']."' ";
$result = mysqli_query($koneksi, $sql);
if (mysqli_num_rows($result)){
$row = mysqli_fetch_assoc($result);
if ($row['password'] == md5($_POST['pass'])) {
$_SESSION['login'] = TRUE;
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}else{
$pesan = "Username and password mismatch";
}
}else{
$pesan = "please register";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
if ($_SESSION['login']) {
echo "text";
}else{
?>
<h1>Login</h1>
<form method="post" action="rahasia.php">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit" name="" value="Login">
</form>
<form method="post" action="register.php">
<input type="submit" name="register" value="register">
</form>
<?php
}
echo $pesan;
?>
</body>
</html>
where have i gone wrong
Your $_SESSION vars are always set, and $password always equals $_SESSION['password'].
$_SESSION['username']=$username; // null, plus notice in error_log
$_SESSION['password']=$password; // null, plus notice in error_log
Unless those two vars are set in include("DB/db.php");, in which case that is bad practice. Can you paste db.php to see what is happening inside?
UPDATE.
Okay so the vars are being set. This now means:
$_SESSION['username']=$username; // a
$_SESSION['password']=$password; // 123456789
Therefore they will still match. You need to refactor these lines to function properly. Are you sure the mysql credentials is what you want for your logged in user
?
Related
I'm building an ecommerce website project and right at the start, I kept on having the same problem. For some reason that I don't know, it feels like session_star() is not working or not displaying. I already done so many approach the last thing I have done is copy a source code online made by packetcode on youtube. but no results is showing in my browsers
I was expecting that the results will show but even though I referenced alot of sourece code it's still doesn't work and I have no any idea.
heres the index.php file:
<?php
session_start();
include "db.php";
include "retrieve.php";
include "function.php";
include "logic.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Exquisite</title>
</head>
<body>
<div class="container" id="main_cntr">
<div id="intro_cntr">
<div id="title_cntr">
<h2>Welcome to </h1>
<h1>Exquisite</h1>
</div>
<div id="paragraph_cntr">
<p>Here to provide an excellent support for your style!</p>
</div>
</div>
<?php if(empty($_SESSION['username'])){?>
<div class="container" id="form">
<div id="login_cntr">
<form method="POST">
<h2>Login</h2>
<label for="username">Username</label><br>
<input type="text" name="username" placeholder="Enter your Username"><br>
<label for="password">Password</label><br>
<input type="password" name="pass" placeholder="Enter your Password"><br>
<input type="submit" name="login" value="Login">
</form>
</div>
<?php }?>
<div id="signupOption_cntr">
Create an Account
<h4>or</h4>
Login as Admin
</div>
</div>
<?php if(!empty($_SESSION['username'])){?>
<div class="container">
<h1>Hello again<?php echo $_SESSION['username'];?></h1>
<form method="POST">
<button name="logout">Logout</button>
</form>
</div>
<?php }?>
</div>
</body>
</html>
I also devided the codes as seen in packetcode's video.
here the database code:
<?php
$conn = mysqli_connect('localhost', 'root', '', 'exquisite') or die ("Cannot connect to the Database");
?>
heres the account retrieval code:
<?php
if(isset($_REQUEST['login'])){
$uname = $_REQUEST['username'];
$pword = $_REQUEST['pass'];
}
?>
here's the function to take data from the server:
<?php
function login($conn, $uname, $pword){
$sql = "SELECT * FROM `user_acc` WHERE `username` = '$uname'";
$query = mysqli_query($conn, $sql);
return $query;
}
?>
and here's the code for validation:
<?php
if(isset($_REQUEST['login'])){
$result = login($conn, $uname, $pword);
foreach($result as $r){
$passw_check = password_verify($pword, $r['password']);
if($passw_check){
$_SESSION['username'] = $r['username'];
header("location: home.php");
}
}
}
if(isset($_REQUEST['logout'])){
session_destroy();
header("location: index.php");
exit();
}
?>
Need more information.
if you are using separate file to validation make sure you are include sessio_start(); on that file too.
without session_start(); session_destroy(); will not work.
<?php
session_start();
if(isset($_REQUEST['login'])){
$result = login($conn, $uname, $pword);
foreach($result as $r){
$passw_check = password_verify($pword, $r['password']);
if($passw_check){
$_SESSION['username'] = $r['username'];
header("location: home.php");
}
}
}
if(isset($_REQUEST['logout'])){
session_destroy();
header("location: index.php");
exit();
}
?>
I have a login page that regardless of what the input is (correct login or not) the page just refreshes when hitting the "login" button. I've searched on stack overflow and nothing has solved my problem yet.
Login Page Session Code
<?php
session_start();
if(isset($_SESSION['login'])) {
header('LOCATION: test-page.php'); die();
}
echo isset($_SESSION['login']);
?>
Login Page Form
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<title>Login</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="form-container">
<div class="image"></div>
<div class="form">
<form>
<h1>Login</h1>
<ul>
<li>
<input class="input" type="text" id="username" autocomplete="off">
<label for="username">Username</label>
<span></span>
</li>
<li>
<input class="input" type="password" id="password" autocomplete="off">
<label for="password">Password</label>
<span></span>
</li>
</ul>
<footer>
<button type="submit" class="gradient">Login</button>
</footer>
</form>
Login Page Username and Password
<?php
if(isset($_POST['submit'])){
$username = $_POST['username']; $password = $_POST['password'];
if($username === 'admin' && $password === 'password'){
$_SESSION['login'] = true; header('LOCATION: test-page.php'); die();
} elseif ($username === 'billy' && $password === 'bob') {
$_SESSION['login'] = true; header('LOCATION: test-page.php'); die();
} else {
echo "<div class='alert alert-danger'>Username and Password do not match.</div>";
}
}
?>
</div>
</div>
<script src="login.js"></script>
</body>
</html>
Page After Login Success
<?php
session_start();
if(!isset($_SESSION['login'])) {
header('LOCATION: login.php'); die(); // mlac-resources-login.php
}
?>
The login page is split up for readability but it is all one continuous block of code. The
Redirects (or any kind of header for that matter) require NO OUTPUT SENT for it to work.
Outputs include:
Echo commands
<!DOCTYPE html>
Even any whitespace could break it! (New lines or spaces)
For example:
<?php
session_start();
echo isset($_SESSION['login']); //Output
if(isset($_SESSION['login'])) {
header('LOCATION: test-page.php'); die(); //Won't work since there's already output...
}
?>
Try changing your code to:
<?php
session_start();
if(isset($_SESSION['login'])) {
header('LOCATION: test-page.php'); die(); //This should work now!
}
echo isset($_SESSION['login']); //Output goes here!
?>
A form's default method is GET and you're processing POST. Either set the method to post, or use $_GET when processing the form.
<form method="post">
...
or
if (isset($_GET['submit'])){
...
i want to display my error message in the login form by getting the result from the login.php ,here is the sample code that i have use.The first part is the index.php
<?
include("login.php");?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>Hup Seng</h1>
<div id="login">
<h2>Login Form</h2>
<form action="login.php" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text" required>
<br>
<br>
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password" required>
<br>
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
Here is the login.php i have put the error message under the else statement in order to pass the information to the login form
<?php
include("dbconfig.php");
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
//if (isset($_POST['submit'])) {
if (isset($_POST['username']) || isset($_POST['password'])) {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
$pw = encode($password);
$sql = "SELECT count(ID) as cid FROM tblUser WHERE UserId = '$username' and Password1 = '$pw'";
$rs = odbc_exec($link_mssql,$sql);
while (odbc_fetch_row($rs)) {
$count=odbc_result($rs,"cid");
}
if ($count == 1) {
$_SESSION['username']=$username; // Initializing Session
header("location: homepage.php"); // Redirecting To Other Page
} else {
$error="username/passwod combination incorrect";
header("location: index.php");
}
odbc_close($link_mssql); // Closing Connection
}
//}
?>
No need to add header you already including login.php file in index.php
$error="username/passwod combination incorrect";
//header("location: index.php");//remove this line
session_start();
$_SESSION['error']="username/passwod combination incorrect";
and in login form check
session_start();
if(isset($_SESSION['error'])){
echo $_SESSION['error'];
}
//header("location: index.php");
Remove this or you can redirect the page after some time if you want like this.
header( "refresh:5;url=index.php" ); // page redirect after 5sec
I have tried all methods but still am not seeing a redirect to index.php as expected.
I also added ob_start() but it doesn't work. Then I tried header('location:...'). It also didn't work. Then I tried to redirect using JavaScript but that also didn't work.
Any suggestions ??
<html>
<head>
<link rel ="stylesheet" href=css/style.css>
</head>
<body>
<?php
ob_start();
require('dbconnect.php');
require('loginservice.php');
session_start();
//if my form is submitted
if(isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
$query1= userIdentity($username,$password);
echo 'returning value deisplay';
echo '\n' .$query1 . '\n';
echo 'i am here';
if($query1==1){
//echo 'welcome dude';
$_SESSION['username'] = $username;
// Redirect user to index.php
//echo "<script type='text/javascript'> window.location='index.php'; </script>";
// header("Location: index.php");
//e//cho 'heeeelo';
echo "<script type='text/javascript'>window.location.href = 'index.php'; </script>";
ob_flush();
exit(0);
}
// header("Location: index.php");
else
{
echo " <div class='form'>
<h3>Username/password is incorrent.</h3>
<br/>click here to <a href='login.php'>Login</a></div>";
}
//header("Location: index.php");
}
else {
?>
<div class="form">
<h1>Log In</h1>
<form action="" method='post' name="login">
<input type ="text" name="username" placeholder="username" required />
<input type="password" name="password" placeholder="password" required />
<input name="submit" type="submit" value="login" />
</form>
<p> Not registered yet ? <a href='register.php'>Register Here </a> </p>
</div>
<?php
}
?>
</body>
</html>
Per the PHP manual page for header():
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.
So move the PHP code above the starting HTML tags, like the example below. I created a variable to hold the message in case the login attempt fails (i.e. $message). Notice how it is set it to a blank message initially (for good scope) and then set when appropriate. Then it is added to the form down below.
Edit:
You can see this demonstrated in this phpFiddle. Try logging in with any username. If you enter the password pw, then you should be taken to index.php, which on that page display an image with the text phpfiddle.org. Also, I removed the HTML from the else block, so it will always show the form (and insert the login failure message if it is set), though you might want to have it not show the form again if the login fails...
<?php
ob_start();
require('dbconnect.php');
require('loginservice.php');
session_start();
$message = ''; //initialize to empty, for good scope
//if my form is submitted
if(isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
$query1= userIdentity($username,$password);
if($query1==1){
$_SESSION['username'] = $username;
// Redirect user to index.php</script>";
header("Location: index.php");
//...
}//else:
else {
$message = "<div class='form'><h3>Username/password is incorrect.</h3>
<br />click here to <a href='login.php'>Login</a></div>";
}
?>
<html>
<head>
<!-- the rest of the HTML content -->
and in the body, append that incorrect message if it is defined, e.g.:
<div class="form"><?php echo $message; ?>
<h1>Log In</h1><!-- rest of the HTML for the form-->
Instead of having the html <html><head><body> tags before your php code, have the php code before these and use the header function. Here is the working new version:
<?php
ob_start();
require('dbconnect.php');
require('loginservice.php');
session_start();
//if my form is submitted
if(isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
$query1= userIdentity($username,$password);
echo 'returning value deisplay';
echo '\n' .$query1 . '\n';
echo 'i am here';
if($query1==1){
//echo 'welcome dude';
$_SESSION['username'] = $username;
// Redirect user to index.php
//echo "<script type='text/javascript'> window.location='index.php'; </script>";
// header("Location: index.php");
//e//cho 'heeeelo';
header("Location: index.php);
ob_flush();
exit(0);
}
// header("Location: index.php");
else
{
echo " <div class='form'>
<h3>Username/password is incorrent.</h3>
<br/>click here to <a href='login.php'>Login</a></div>";
}
//header("Location: index.php");
}
else {
?>
<html>
<head>
<link rel ="stylesheet" href=css/style.css>
</head>
<body>
<div class="form">
<h1>Log In</h1>
<form action="" method='post' name="login">
<input type ="text" name="username" placeholder="username" required />
<input type="password" name="password" placeholder="password" required />
<input name="submit" type="submit" value="login" />
</form>
<p> Not registered yet ? <a href='register.php'>Register Here </a> </p>
</div>
<?php
}
?>
</body>
</html>
I have trouble with these codes:
password.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="no1" placeholder="enter your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
Here is password2.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="name" placeholder="verify your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
And here is check.php:
<?php
$enter = $_POST['no1'];
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>
The troubles I have are:
check.php doesn't recognise "name" from password2.php
And I can't verify the password
Because $_POST variable is not persistent between requests it would not work. You can store the value from first form in the $_SESSION variable and retrieve it from session.
More info about php sessions here
Leave everything as it is in your question except check.php, here is the modified one:
<?php
//starting the session in PHP
session_start();
$enter = null;
// this is all the logic you need for retrieving `no1` from POST or SESSION
if (isset($_POST['no1'])){
$enter = $_POST['no1'];
$_SESSION['no1'] = $enter;
}elseif(isset($_SESSION['no1'])){
$enter = $_SESSION['no1'];
}
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
// you can comment the next line if you are debugging,
// but after that you should destroy de session so you don't have a password as plain text
session_destroy();
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>