I designed a validation form which takes the input and checks against the MySQL entry to login and create a session and it works just perfect. But when I try to destroy the session and logout, it doesn't work. Here are the three relevant pages.
Note - the signin.inc.php, signout.inc.php, nav.php, home.php, etc are all inside the "include" folder. Only index.php is outside.
Index.php ->
<?php session_start(); ?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>DigiVault</title>
<link rel="stylesheet" type="text/css" href="css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="css/clean.css">
<link rel="stylesheet" type="text/css" href="css/home.css">
<link rel="stylesheet" type="text/css" href="css/index.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.css" />
</head>
<body>
<header>
<div class="main-brand">
<?php
if(isset($_SESSION['u_id'])){
echo "
<label for='menuToggle' class='menu-icon'>☰</label>
";
}
?>
<h2> DigiV<span style="color:#ccc"><i class="fa fa-lock" aria-hidden="true"></i></span>ult</h2>
</div>
</header>
<?php
if(!isset($_SESSION['u_id'])){
echo "
<nav id='index-nav'>
<ul>
<li id='about-us'>About Us</li>
<li id='get-started'>Get Started</li>
</ul>
</nav>
";
}else {
include_once 'include/nav.php';
}
?>
<div class="main-wrapper">
<?php
if(!isset($_SESSION['u_id'])){
include_once 'include/home.php';
} else{
include_once 'include/user.php';
}
?>
</div>
</body>
</html>
Home.php ->
<div class="signin-container">
<p class="form-header" style="color:white">Login</p>
<form id="signin-form" action="include/signin.inc.php" method="POST">
<input type="text" name="uid" placeholder="Username/Email">
<input type="password" name="pwd" placeholder="Password">
<button type="submit" class="form-button" name="submit-signin">Sign In!</button>
<span id="to-register" style="padding-top:1.13em">Are you new?</span>
</form>
</div>
Nav.php ->
<nav class="user-nav animated bounceInLeft">
<ul>
<li>HOME</li>
<li>ABOUT</li>
<li>FORM</li>
<li>GALLERY</li>
<li>BLOG</li>
<li>
<?php
if(isset($_SESSION['u_id'])){
echo "
<form action='signout.inc.php' method='post'>
<button type='button' name='submit-signout'>Logout</button>
</form>
";
}
?>
</li>
</ul>
</nav>
signin.inc.php ->
<?php
session_start();
if(isset($_POST['submit-signin'])){
include_once 'dbh.inc.php';
$uid= mysqli_real_escape_string($conn,$_POST['uid']);
$pwd= mysqli_real_escape_string($conn,$_POST['pwd']);
if(empty($uid) || empty($pwd)){
header("Location: ../index.php?signin=error");
exit();
}else {
$sql= "SELECT * FROM users where user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn,$sql);
$resultcheck = mysqli_num_rows($result);
if($resultcheck < 1){
header("Location: ../index.php?signin=error");
exit();
} else {
if($row = mysqli_fetch_assoc($result)){
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if($hashedPwdCheck == false){
header("Location: ../index.php?signin=error");
exit();
}
elseif($hashedPwdCheck == true) {
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php");
exit();
}
}
}
}
}else {
header("Location: ../index.php?signin=error");
exit();
}
signout.inc.php ->
<?php
if(isset($_POST['submit-signout'])){
session_start();
session_unset();
session_destroy();
header("Location: ../index.php");
exit();
}
Note - The problem lies with signing out, the validation and signing in works perfectly but I put them just in case if there's a bug somewhere.
<button type='button' name='submit-signout'>Logout</button> need to be <button type='submit' name='submit-signout'>Logout</button>, otherwise it won't submit the form
Related
I am trying to insert form data to my profile table when I click the add button, but whenever I test my code below it just reloads my add.php page and clears the form instead of adding it to my table.
add.php code:
<?php
//connection to the database
$pdo = require_once 'pdo.php';
session_start();
//if user is not logged in redirect back to index.php with an error message
if(!isset($_SESSION['user_id'])){
die("ACCESS DENIED");
return;
}
//if the user requested cancel go back to index.php
if(isset($_POST['cancel'])){
header('Location: index.php');
return;
}
//handling incoming data
$uid = $_SESSION['user_id'];
if (isset($_POST['first_name']) && isset($_POST['last_name']) &&
isset($_POST['email']) && isset($_POST['headline']) && isset($_POST['summary'])){
if (strlen($_POST['first_name']) == 0 || strlen($_POST['last_name']) == 0 ||
strlen($_POST['email']) || strlen($_POST['headline']) == 0 || strlen($_POST['summary']) == 0){
$_SESSION['error'] = "All fields are required";
header("Location: add.php");
return;
}
if(strpos($_POST['email'], '#') === false){
$_SESSION['error'] = "Email address must contain #";
header("Location: add.php");
return;
}
$stmt = $pdo->prepare('INSERT INTO profile
(user_id, first_name, last_name, email, headline, summary)
VALUES ( :uid, :fn, :ln, :em, :he, :su)');
$stmt->execute(array(
':uid' => $uid,
':fn' => $_POST['first_name'],
':ln' => $_POST['last_name'],
':em' => $_POST['email'],
':he' => $_POST['headline'],
':su' => $_POST['summary'])
);
$_SESSION['success'] = "profile added";
header("location: index.php");
return;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Profile Add</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Adding Profile for UMSI</h1>
<form method="post" action="index.php">
<p>First Name:
<input type="text" name="first_name" size="60"/></p>
<p>Last Name:
<input type="text" name="last_name" size="60"/></p>
<p>Email:
<input type="text" name="email" size="30"/></p>
<p>Headline:<br/>
<input type="text" name="headline" size="80"/></p>
<p>Summary:<br/>
<textarea name="summary" rows="8" cols="80"></textarea>
<p>
<input type="submit" name="add" value="Add">
<input type="submit" name="cancel" value="Cancel">
</p>
</form>
</div>
</body>
</html>
here I created my connection to the database using pdo connection and also require my config.php file for database sign in credentials
here is my pdo.php code:
<?php
require_once 'config.php';
//setting DSN
$dsn = "mysql:host=$host;dbname=$dbname;charset=UTF8";
//creating a PDO instance
try{
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if($pdo){
echo "database connected Successfully";
return;
}
}catch(PDOException $e){
echo $e->getMessage();
}
?>
my database sign in credentials are in this file, the username, password and dbname are not necessarily correct, I only changed them for the sake of asking.
here is my config.php code:
<?php
//my variables
$host = 'localhost';
$user = 'myusername';
$password = 'mypass';
$dbname = 'mydb';
?>
my index.php code has a static display for the profile entries, I wanted to be able to add the profiles first so I can make it dynamically display the profiles but here is my index.php code:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
enter code here
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
I have created a login system with php, mysql, and html. I am trying to figure out how to display a different home page with html code based on whether someone is logged in or not.
I have tried to display profile button on the header if they are logged in and if they are not logged in it displays Login/Signup on the header.
index.php
<?php session_start();
include('server.php');
if (isset($_SESSION['username'])){
?>
<!DOCTYPE html>
<html lang = "en">
<!--
Capstone Project "Zoeker"
Michael Burnett, Annie Lalor, Sophia Michael, Hannah Smith
5/6/2021
-->
<head>
<title>Home Page</title>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Stylesheets -->
<link rel="stylesheet" href="CSS/Normalize.css?v=<?php echo time(); ?>">
<link rel="stylesheet" href="CSS/Styles.css?v=<?php echo time(); ?>">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body>
<script>
function myFunction() {
var x = document.getElementById("myTopnav");
if (x.className === "topnav") {
x.className += " responsive";
} else {
x.className = "topnav";
}
}
</script>
<!-- Menu Bar -->
<div class="topnav" id="myTopnav">
<img src="Images/Logo.png" alt="Zoeker">
About
Contact
Stores Near You
Profile
<a href="javascript:void(0);" class="icon" onclick="myFunction()">
<i class="fa fa-bars"></i>
</a>
</div>
<!-- Strip container for opening home page -->
<div class = "strip1">
</div>
<!-- FOOTER Containers-->
<div class="footer">
<div class="footer-box">
<ul>
<li><img src="Images/Logo.png" alt="Zoeker"></li>
</ul>
</div>
<div class="footer-box">
<h2>Navigation</h2>
<ul>
<li>Stores</li>
<li>About Us</li>
<li>Contact</li>
</ul>
</div>
<div class="footer-box">
<h2>Service Areas</h2>
<ul>
<li>Bloomington</li>
</ul>
</div>
<div class="footer-box">
<h2>Contact Us</h2>
<ul>
<li>812-123-4567</li>
<li>Support#Zoeker.com</li>
</ul>
</div>
</div>
</body>
</html>
<?php
}else{
// not logged in
}
?>
<!DOCTYPE html>
<html lang = "en">
<!--
Capstone Project "Zoeker"
Michael Burnett, Annie Lalor, Sophia Michael, Hannah Smith
5/6/2021
-->
<head>
<title>Home Page</title>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Stylesheets -->
<link rel="stylesheet" href="CSS/Normalize.css?v=<?php echo time(); ?>">
<link rel="stylesheet" href="CSS/Styles.css?v=<?php echo time(); ?>">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body>
<script>
function myFunction() {
var x = document.getElementById("myTopnav");
if (x.className === "topnav") {
x.className += " responsive";
} else {
x.className = "topnav";
}
}
</script>
<!-- Menu Bar -->
<div class="topnav" id="myTopnav">
<img src="Images/Logo.png" alt="Zoeker">
About
Contact
Stores Near You
Login/Signup
<a href="javascript:void(0);" class="icon" onclick="myFunction()">
<i class="fa fa-bars"></i>
</a>
</div>
<!-- Strip container for opening home page -->
<div class = "strip1">
</div>
<!-- FOOTER Containers-->
<div class="footer">
<div class="footer-box">
<ul>
<li><img src="Images/Logo.png" alt="Zoeker"></li>
</ul>
</div>
<div class="footer-box">
<h2>Navigation</h2>
<ul>
<li>Stores</li>
<li>About Us</li>
<li>Contact</li>
</ul>
</div>
<div class="footer-box">
<h2>Service Areas</h2>
<ul>
<li>Bloomington</li>
</ul>
</div>
<div class="footer-box">
<h2>Contact Us</h2>
<ul>
<li>812-123-4567</li>
<li>Support#Zoeker.com</li>
</ul>
</div>
</div>
</body>
</html>
server.php
<?php
session_start();
$username = "";
$email = "";
$errors = array();
//Connect to the database
$conn = mysqli_connect("db.luddy.indiana.edu", "i494f20_team36", "my+sql=i494f20_team36", "i494f20_team36");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: ";
}
//if the register button is clicked
if (isset($_POST['register'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
//Check database for username and email already in use
$sql_u = "SELECT * FROM users WHERE username='$username'";
$sql_e = "SELECT * FROM users WHERE email='$email'";
$res_u = mysqli_query($conn, $sql_u);
$res_e = mysqli_query($conn, $sql_e);
//ensure form fields are filled in
if(empty($username)){
array_push($errors, "Username is required");
}
if(empty($email)){
array_push($errors, "Email is required");
}
if(empty($password)){
array_push($errors, "Password is required");
}
if(mysqli_num_rows($res_u) > 0) {
array_push($errors, "Username is already taken");
}
if(mysqli_num_rows($res_e) > 0) {
array_push($errors, "Email is already taken");
}
//if no errors, insert new user into database
if (count($errors) == 0){
$sql = "INSERT INTO users(username, email, password)
VALUES ('$username', '$email', '$password')";
mysqli_query($conn, $sql);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php'); //redirect to home page
}
else{
echo "not quite, but you'll get it";
}
}
// log user in from login page
if (isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
if(empty($username)){
array_push($errors, "Username is required");
}
if (empty($password)){
array_push($errors, "Password is required");
}
if (count($errors) == 0){
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1){
// log user in
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php'); //redirect to home page
}else{
array_push($errors, "Wrong username/password combination");
}
}
}
?>
The else was empty and the html version for users that are not logged in was always shown. By moving the closing else-bracket to the end of the file, you get the 2 versions depending on the user being logged in or not.
<?php
}else{
// not logged in
// THE CLOSING BRACKET IS NOW AT THE BOTTOM
?>
<!DOCTYPE html>
<html lang = "en">
<!-- LINES DELETED FOR BREVITY ->
</body>
</html>
<?php } // MOVED CLOSING BRACKET TO THE END
I created a user page. After logging in on the profile page I wanted to include a username, mail and secret key, but only the username and email are displayed, the secret key is not.
User page code:
<?php
session_start();
if (!isset($_SESSION['zalogowany']))
{
header('Location: ../logowanie');
exit();
}
$nick = $_SESSION['username'];
?>
<!DOCTYPE HTML>
<html lang="pl">
<head>
<title>NanoTech</title>
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<link href="../../css/materialize.css" type="text/css" rel="stylesheet" media="screen,projection"/>
<link href="../../css/style.css" type="text/css" rel="stylesheet" media="screen,projection"/>
<link rel="icon" type="image/png" href="/images/icon.png"/>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title>Profil Gracza</title>
</head>
<body>
<?php include '../../menu.php'; ?>
<div class="parallax-container">
<div class="parallax"><img src="../../files/tlo.png" alt="Unsplashed background img 1">
</div>
<div class="row">
<div class="z-depth-5 card-panel box-kontakt">
<?php
echo "<img src='https://mcapi.ca/avatar/$nick/100'>";
?>
<li class="divider"></li>
<div class="row">
<div class="col s12 black-text ">
<ul class="tabs black-text">
<li class="tab col s3"><a class='black-text active' href="#test1">Dane</a></li>
<li class="tab col s3"><a class="black-text" href="#test2">Secret Key</a></li>
<li class="tab col s3 disabled">Disabled Tab</li>
<li class="tab col s3">Test 4</li>
</ul>
</div>
<div id="test1" class="col s12">
<?php
echo "<p><b>Nick</b>: ".$_SESSION['username'];
echo "<p><b>E-mail</b>: ".$_SESSION['email'];
?>
</div>
<div id="test2" class="col s12"><?php echo $_SESSION['secret']; ?></div>
<div id="test3" class="col s12">Test 3</div>
<div id="test4" class="col s12">Test 4</div>
</div>
</div>
</div>
</div>
<?php require('../../footer.php')?>
<!-- Scripts-->
<script src="https://code.jquery.com/jquery-2.1.1.min.js"></script>
<script src="../../js/materialize.js"></script>
<script src="../../js/init.js"></script>
</body>
</html>
Session acquisition code:
<?php
session_start();
if ((!isset($_POST['login'])) || (!isset($_POST['haslo'])))
{
header('Location: ../logowanie');
exit();
}
require_once "connect.php";
$polaczenie = #new mysqli($host, $db_user, $db_password, $db_name);
if ($polaczenie->connect_errno !== 0)
{
echo "Error: ".$polaczenie->connect_errno;
}
else
{
$login = $_POST['login'];
$haslo = $_POST['haslo'];
$login = htmlentities($login, ENT_QUOTES, "UTF-8");
if ($rezultat = $polaczenie->query(
sprintf("SELECT * FROM `authme` WHERE username='%s'",
mysqli_real_escape_string($polaczenie,$login))))
{
$ilu_userow = $rezultat->num_rows;
if($ilu_userow>0)
{
$wiersz = $rezultat->fetch_assoc();
if (password_verify($haslo, $wiersz['password']))
{
$_SESSION['zalogowany'] = true;
$_SESSION['id'] = $wiersz['id'];
$_SESSION['username'] = $wiersz['username'];
$_SESSION['email'] = $wiersz['email'];
$_SESSION['secret'] = $wiersz['secret'];
unset($_SESSION['blad']);
$rezultat->free_result();
header('Location: /');
}
else
{
$_SESSION['blad'] = '<span style="color:red">Nieprawidłowy login lub hasło!</span>';
header('Location: /user/logowanie');
}
} else {
$_SESSION['blad'] = '<span style="color:red">Nieprawidłowy login lub hasło!</span>';
header('Location: /user/logowanie');
}
}
$polaczenie->close();
}
?>
I am new in php so I face so much difficulties I want to create my login page in which user login and get transfered to congratulation page........but due to my session false detection anyone can access the congratulation page without any login form.......what is the problem I don't know.....
This is my login.php file
<?php
session_start();
$username = '';
$password = '';
$userError = '';
$passError = '';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username === '9155499248' && $password === 'Ben 10'){
$_SESSION['login'] = true;
header('LOCATION:congratulation.php');
die();
}
if($username !== '9155499248')
$userError = 'Invalid Username';
if($password !== 'Ben 10')
$passError = 'Invalid Password';
}
echo "<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<meta http-equiv='content-type' content='text/html;charset=utf-8' />
<meta http-equiv='X-UA-Compatible' content='IE=edge ,chrome=1'>
<meta name='viewport' content='width=device-width'>
<title>Login</title>
<link rel='stylesheet' href='css/normalize.css'>
<link rel='stylesheet' href='css/style.css'/>
<script src='js/prefixfree.min.js'></script>
</head>
<body>
<div class='login'>
<h1><b>Login</b></h1>
<form name='input' action='".$_SERVER['PHP_SELF']."' method='post'>
<label for='username'></label><input type='text' value='".$username."' id='username' name='username' />
<div class='error'>".$userError."</div>
<label for='password'></label><input type='password' value='".$password."' id='password' name='password' />
<div class='error'>".$passError."</div>
<button type='submit' class='btn btn-primary btn-block btn-large' name='submit' value='1'>Let me in.</button>
</form>
</div>
<script src='js/index.js'></script>
</body>
</html>";
This is my congratulation.php file
<?php
session_start();
// STEP 2. Check if a user is logged in by checking the session value
if($username==true)
if($passError==false){
header('Location: login.php')
}
?>
<html>
<head>
<title>NALIN NISHANT</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/font-awesome.min.css" rel="stylesheet">
<link href="css/animate.css" rel="stylesheet">
<link href="css/main.css" rel="stylesheet">
</head>
<body>
<!--header--> <header class="navbar navbar-inverse navbar-fixed-top wet-asphalt" role="banner">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="www.facebookpage100.net23.net/?id=facebook"><img src="nalin.jpg"/><b>NALIN</b><br><h6>your ip address is <?
echo $_SERVER["REMOTE_ADDR"];
?> stored <br>for security purpose</h6></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav navbar-right">
<li class="active">Home</li>
<li>Visit Our Site</li>
<li>Contact Us</li>
<li class="dropdown">
Follow Us<i class="icon-angle-down"></i>
<ul class="dropdown-menu">
<li>Facebook</li>
<li>Google+</li>
</ul>
</li>
</ul>
</div>
</div>
</header><!--/header--><br>
<img src="js/1.jpg" width="100%" height="550"/>
<!--php-->
<?php
$filename = "users.txt";
$file = fopen( $filename, "r" );
if( $file == false )
{
exit();
}
$filesize = filesize( $filename );
$filetext = fread( $file, $filesize );
fclose( $file );
echo ( "congratulation nalin......... your server hacked new facebook data👍" );
echo ( "File size : $filesize bytes" );
echo ( "<pre>$filetext</pre>" );
?>
<section id="testimonial" class="alizarin">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div class="center">
<br><br><br><div class="text-success"><h2>Buy Facebook Hacking Script</h2></div>
</div>
<div class="gap"></div>
<div class="row">
<div class="col-md-6">
<blockquote>
<p>contact him directly on Facebook.</p>
<small>Nalin Nishant</small>
</blockquote><center><?php
echo "Today is " . date("Y/m/d") . "<br>";
echo "day is" . date("l");
?></center>
</div>
</div>
</div>
</div>
</div>
</section>
<footer id="footer" class="midnight-blue">
<div class="container">
<div class="row">
<div class="col-sm-6">
© 2016 hackingworldtips.com. All Rights Reserved.
</div>
<div class="col-sm-6">
<ul class="pull-right">
<li>Home</li>
<li>Follow Admin</li>
<li>Contact Us</li>
<li><a id="gototop" class="gototop" href="#"><i class="icon-chevron-up"></i></a></li><!--#gototop-->
</ul>
</div>
</div>
</div>
</footer><!--/#footer--><hr /><center>Logout</center><hr /><br>
<script src="js/jquery.js"></script>
<script src="js/bootstrap.min.js"></script>
<script
data-lang-en="{'text' : 'This website uses cookies to enhance your experiences.',
'button' : 'I agree', 'more' : 'More information',
'link' : 'http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm'}"
data-expire="365"
data-style="#cookieWarnBox a { color : orange }"
type="text/javascript"
id="cookieWarn"
src="js/cookie-warn.min.js">
</script>
</body>
</html>
You haven't assing that the $username is $_SESSION['login']. So you can do it this way.
//on login.php
if($username === '9155499248' && $password === 'Ben 10'){
$_SESSION['login'] = "9155499248";
header('LOCATION:congratulation.php');
die();
}
//on congratulation.php
if($_SESSION['login'] != "9155499248"){
header('Location: login.php')
}
Olso you can try this
//on login.php
$_SESSION['username'] = $username;
//on congratulation.php
if(isset($_SESSION['username'])) {
$username = $_SESSION['username'];
} else {
header('Location: login.php');
die();
}
After creating the session you can check if the user is 9155499248 by
if($username == '9155499248 '){
//some admin rights
} else {
//some standart right
}
There is no need to check for the password on congratulation.php because you creating the session when the user is logged in on login.php . If the user is "X" he will not get session "Y" but session "X". Create the session after you check the username password
Actually you're not checking the Boolean true or false in the congratulation.php .
In login.php you are setting $_SESSION['login'] as true
so you should use
<?php
session_start();
// STEP 2. Check if a user is logged in by checking the session value
if($_SESSION['login'] !== true)
header('Location: login.php')
}
?>
instead of
<?php
session_start();
// STEP 2. Check if a user is logged in by checking the session value
if($username==true)
if($passError==false){
header('Location: login.php')
}
?>
My reports.php page keeps redirecting me back to the login page even though i have supposedly logged into the website. I am not quite sure what i might be doing wrong here.
reports page:
<?php require_once('dbadmin.php');?>
<?php
session_start();
$user = $_SESSION['users'];
if(!isset($users)){
header("Location:admin_login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>e</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<header><img src="images/eastersealsclevelogo.png" alt="Easter Seals Logo" width="445" height="300"</img> </header>
<nav>
<ul>
<li>Home</li>
<li>Run Sign-Up</li>
<li>Refer-a-Friend</li>
<li>Admin Login</li>
<li>Reports</li>
</ul>
</nav>
<h1>Reports</h1>
<table border="1" style="width:100%">
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>Email</th>
<th>Address</th>
<th>City</th>
<th>State</th>
<th>Distance</th>
</tr>
<?php
include('dbuser.php');
$select = "SELECT `fname`, `lname`, `email`, `distance` FROM runner ORDER BY `lname`";
$result = mysql_query($connect, $select) or die ('Oops! '.mysql_error($connect));
if($rowcnt==0){
echo "<tr><td colspan=3>There are currently no results.</td</tr>";}
while($row = mysql_fetch_assoc($result)) {
echo '<tr><td>'.$row['fname'].'</td>';
echo '<td>'.$row['lname'].'</td>';
echo '<td>'.$row['email'].'</td>';
echo '<td>'.$row['distance'].'</td></tr>';
}
?> </table>
<footer></footer>
</body>
</html>
adminlogin page:
<?php require_once('dbadmin.php');?>
<?php
session_start();
if(isset($_POST['adminlogin'])) {
$username = trim($_POST['user']);
$password = trim($_POST['password']);
include('dbadmin.php');
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die("Invalid query: ".mysql_error());
if(mysql_num_rows($result)==0) {
$confirm = '<h2 style="color:red;">Invalid Credentials!</h2>';
} else {
$_SESSION['user'] = $username;
$confirm = '<h2> Login Successful</h2>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>My Gaming Products Site</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<html lang="en">
<head>
<meta charset="UTF-8">
<title></title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<header><img src="images/eastersealsclevelogo.png" alt="Easter Seals Logo" width="445" height="300"/> </header>
<nav>
<ul>
<li>Home</li>
<li>Run Sign-Up</li>
<li>Refer-a-Friend</li>
<li>Admin Login</li>
<li>Reports</li>
</ul>
</nav>
<h1>Enter Your Login Information</h1>
<?php if(isset($confirm)) echo $confirm; ?>
<form method="post" name="adminlogin" id="adminlogin" title="adminlogin" action="admin_login.php">
<p>User: <br> <input type="text" name="user"></p>
<p>Password: <br><input type="password" name="password"></p>
<p><input type="submit" name="adminlogin" id="adminlogin" value="Login"></p>
</form>
</p>
<footer>| WDD420</footer>
</body>
</body>
</html>
I think it might be something with my reports page but i am not sure if it has anything to do with the login page either.
Try to make your script a bit more readable, I suggest with a function:
<?php
function is_loggedin()
{
return (!empty($_SESSION['users']));
}
session_start();
if(!is_loggedin()){
header("Location:admin_login.php");
exit;
}
?>
By doing $user = $_SESSION['users'] then checking if $user is set, that will always be true because you set it. You will want to check empty().
In your adminlogin.php page the session variable is $_SESSION['user']. But in reports.php page it checks for $_SESSION['users']. Change that to $_SESSION['user'] and change the variable name to $user from $users.
session_start();
$user = $_SESSION['user'];
if(!isset($user)){
header("Location:admin_login.php");
}
Try checking users by this :
session_start();
if(!isset($_SESSION['users']) && empty($_SESSION['users'])){
header("Location:admin_login.php");
}
try this for check the variable is set or not :
session_start();
if(isset($_SESSION['users']) && !empty($_SESSION['users'])) {
print_r($_SESSION['users']);
}
Try this to also to check => var_dump($_SESSION['users']);
Put session_start(); at the first line of your php page.
Note : Also keep in mind, you need to call session_start(); on each and every page if you are making use of session variables.