I have some trouble with PHP Sessions.
I was searching too much for answers, most had problems at sesson_start() function, that is not the case here I guess.
Index.php, Loginback.php, UserInfo.php all start with:
<?php session_start(); ?>
There is index.php where I have login form with action loginback.php:
<form action="loginback.php" method="POST" id="LoginForm">
<input type="text" name="UserName" placeholder="Username" class="form-control"/>
<input type="password" name="Password" placeholder="Password" class="form-control"/>
<input type="submit" name="submit" value="Login" id="LoginButton" class="btn btn-info, OASButton" />
</form>
at LoginBack.php is validation for user input, if everything is OK I say:
$_SESSION["user"] = "Temo"; //string is for testingpurposes
header("location: http://website.com/mine/index.php");
after redirecting at index.php If session is set I include "statistics.php" and it works just fine, if session is not set I incldue "logreg.php"- also works fine, but when I go to userinfo.php and check for session isset it always says no:
<?php session_start(); ?>
<?php
if(isset($_SESSION['user'])==true){
echo "Logged In!";
} else {
echo "Not Logged in";} ?>
So bottom line, session is recognized at index.php but not recognized at userid.php. Any help?
//sorry for my english.
'K , I have no idea what happened, I have not touched those files but now I am logged in but can't log out, here is logoutback.php where it should happen:
<?php session_start(); ?>
<?php
session_unset();
session_destroy();
header("location: http://website.om/mine/index.php"); ?>
I've found an answer,
for going to userinfo.php I had:
<a href="http://www.website.com/mine/userinfo.php">
and that was the problem,
without www it works fine.
but also what was strange: I created folder SESSION just with session stuff and when I was starting session from there and redirecting through the same url, it was working.
So anyways I't is finally over :)
Related
There are similar questions related to the topic but none of them have solved my problem. Its kind of weird but my $_SESSION is working on the same page but not on any other page. If I put isset($_POST['submit') the condition doesn't satisfy and without it the $_SESSION remains null.
This is my code.
This is the login page.
<!-- Login.php -->
<?php
session_start();
?>
<html>
<body>
<form method="post" action="profile.php">
<fieldset>
<legend>
Login
</legend>
<label> User ID :</label> <input type="text" placeholder="Username" name="user"><br>
<label> Password :</label> <input type="password" placeholder="Password" name="password">
<input type="submit" name="submit" value="Login">
</fieldset>
</form>
</body>
</html>
<?php
if(isset($_POST['submit'])){
$_SESSION['USER']= $_POST['user'];
$_SESSION['PASS']=$_POST['password'];
}
?>
This is where I want my session variable to appear.
<!-- profile.php -->
<?php
session_start();
echo "Session user is ".$_SESSION['USER']."<br>";
unset($_SESSION['USER']);
unset($_SESSION['PASS']);
session_unset();
session_destroy();
?>
This is what I have tried :
Changing form method to GET.
Using $_REQUEST and $_GET.
Using $_SESSION on the same page. It works on the same page.
Checking session id. The session on the other pages are present but values are either null or empty.
Running the code without isset(). In that case all the session variables remain NULL.
$_POST['submit'] and the rest of the post parameters are not available in Login.php
They are available only in profile.php because your form action points to it.
You may move the following code after the session_start() in profile.php.
if(isset($_POST['submit'])){
$_SESSION['USER']= $_POST['user'];
$_SESSION['PASS']=$_POST['password'];
}
Keep in mind that you unset the session values in the end of profile.php
I am trying to display session information like username, as user login through login page, the session has to capture user entered username and should display in page. Below i have tried php script, but its not echoing the username, Kindly check in the script for errors, thanks in advance.
<?php
session_start();
$_SESSION['test']= $_POST['myusername'];
$name= $_SESSION['test'];
echo $name;
?>
<form action="login.php" method="post">
<p>Username</p>
<input name="myusername" type="text" id="myusername" required>
<p>Password</p>
<input name="mypassword" type="password" id="mypassword"required></br>
<button><img src="http://icons.iconarchive.com/icons/webiconset/application/32/Register-icon.png" /></button>
</form>
login.php
Output i am getting is , simply its going to next page without displaying user name.
You can't access session data until after you call session_start(). So your first if statement is unnecessary and problematic as you can't check if a session variable exists until after you start your session. Also, make sure session_start() is called at the top of every page you wish to use sessions.
<?php
session_start();
$_SESSION['test']= $_POST['myusername'];
You must varify first that is session started or not. you can check it by using this code for Version PHP >= 5.4.0:-
if (session_status() !== PHP_SESSION_ACTIVE) {session_start();}
or
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
or by this code for Version PHP < 5.4.0:-
if (session_id() === "") { session_start(); }
Then you can see all session stored values just by printing them as array.
echo "<pre>";
print_r($_SESSION);
then you can assign to session your post varible value like this.
$_SESSION['test']= $_POST['myusername'];
echo $_SESSION['test'];
You are setting session before post. Please use below code.
login.php
<?php
if(isset($_POST['myusername']))
{
// your code
session_start();
$_SESSION['test']= $_POST['myusername'];
}
?>
<form action="login.php" method="post">
<p>Username</p>
<input name="myusername" type="text" id="myusername" required>
<p>Password</p>
<input name="mypassword" type="password" id="mypassword"required></br>
<button><img src="http://icons.iconarchive.com/icons/webiconset/application/32/Register-icon.png" /></button>
</form>
newpage.php
<?php
session_start();
echo $_SESSION['test'];
?>
I have user sessions for the user to login. The problem is that anyone can open the server side links directly.
For example : http://mylink.com/foldername/json/json_example.php
If anyone browse the above link it opens directly.So I want to make secure to the database operations(some stores through JSON) and my server side PHP files by using sessions.I need to check user session before performing database operations and before opening of every page in server side.
The below code i used for User Sessions:
<?php
ob_start();
session_start();
if(isset($_SESSION['user'])){
header('Location: home.php');}
?>
<html>
<head>
<body>
<section class="container">
<div class="login">
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p><input type="text" name="username" placeholder="Username" id="username"></p>
<p><input type="password" name="password" placeholder="Password" id="password"></p>
<p class="submit"><input type="submit" name="login" value="Login"></p>
</form>
</div>
<?php
if(isset($_POST['login'])) {
require_once('db/connection.php');
$username=$_POST['username'];
$password=md5(mysql_real_escape_string($_POST['password']));
$query=mysql_query("select * from tablename where username='$username' and password='$password'");
$row=mysql_num_rows($query);
if ($row == 1){
session_start();
$a=mysql_fetch_array($query);
$_SESSION['user']=$a['username'];
$_SESSION['pref']=$a['preference'];
header("location: home.php");
} else {
echo "wrong username/password";
}
}
?>
</section>
Please help in resolving the issue.
Thank you.
For blocking the access to the files that are included in others and should not be accessed directly: add this to the pages that are directly accessed, like index.php:
//This will prevent loading the included scripts as stand alone scritps.
define('SECURE', true);
and this to the scripts you don't want to be accessed by anyone directly
//Security check
!defined('SECURE') and exit("You should not be here.<br>Go back to the <a href='index.php'>home</a> page.");
For blocking access to any kind of file to the users that are not logged in, add this:
if (!isset($_SESSION['user']))
exit("You should not be here.<br>Go back to the <a href='index.php'>home</a> page.");
Is this something you are looking forward?
if(!isset($_SESSION['user'])){
header('Location: login.php');}
Note the ! at the beginning of isset. This means that if the user variable is not set inside the session, it will redirect to login.php.
I'm developing a simple member management system with php, and I've met a problem:
The user logs in and it is redirected to a main page and the user ID is saved in the session; there are some links to other pages in the main page, after the user clicks and is trying to go back to main by pressing browser "Back" button, sometimes the user ID in the session is lost.
I've checked the session save path, a new session file is created when I click "Back" button, so I assume the session_start() creates a new session for it; but I still don't know why, it's a random case...
Is there any way to solve it?
main.php:
<?php session_start(); ?>
<?php
$echo_string = '
<body>
a
b
</body>';
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
login.php:
<?php
session_start();
if (isset($_POST['userLogin'])) {
$_SESSION['user'] = $_POST['userLogin'];
// check userLogin in db
...
}
header("Location: main.php");
?>
<form novalidate="" method="post" action="login.php">
<label class="hidden-label" for="Username">Username</label>
<input id="Username" name="userLogin" type="text" placeholder="Username" value="" spellcheck="false" class="">
<label class="hidden-label" for="Passwd">Password</label>
<input id="Passwd" name="userPassword" type="password" placeholder="Password" class="">
<input id="signIn" name="signIn" class="rc-button rc-button-submit" type="submit" value="Log in">
</form>
a.php:
<?php session_start(); ?>
<!DOCTYPE html>
<html lang="en">
<head>...</head>
<?php
$echo_string = '...'; // a html format string
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
</html>
b.php is almost same as a.php
Thanks.
BR,
Sean
session_start()-docs:
"session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie."
so you see, that when a session exists it doesnt create a new, that means when you set something like $_SESSION['logged_in'] = true; you should check before if $_SESSION is already filled with your infos
I am doing a project in school, I need to know a simple way to stop poeple from entering the site without a session. I have alot of pages I don't believe I spent the time pasting code on every page. Also I have menu bar that is included in every page thanks to php, so i was wondering wat type of code would I have to put in the menu to block user without a session. The rest of the content code is on the pages that I want to hide. I believe that you can login by typing out the url and allow users to see hidden pages that are for logged in users.
Please do not use a plain cookie. Sessions are the way to go. Or if can't use sessions and must use a cookie, sign the cookies first to be able to verify that your application was really the one to set it.
<?php
session_start();
if (!isset($_SESSION['authenticated'])) {
header('Location: login.php');
exit;
}
... whatever logged in users should see ..
If you don't want to use session, then use cookie.
<?php
/*Just add this piece of PHP code to top of any page you
don't want not-logged in users to see */
if (!isset($_COOKIE['logged']))
header("Location: login.php"); //It redirects the user to your login page
?>
<html>
<body>
...
</body>
</html>
Login page could be like this:
<?php
if (isset($_COOKIE['logged']))
header("home.php");
if ($_POST['submit']) {
//get username and password
$uname = $_POST['uname'];
$pass = $_POST['password'];
if ($uname=="correct" && $pass=="correct"){ //EDIT
setcookie('logged','1');
header("Location: home.php"); //Redirect to home page
}
else echo "Wrong combinaton!";
}
?>
<html>
<body>
<form action="login.php" method="post">
<label>Username</label><input type="text" name="uname" /><br />
<label>Password</label><input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Login" />
</form>
</body>
</html>