This is my first page.I just can't get my variables to the next page index.php ($_SESSION['admin_email']). The variable assignment works fine on the first page, in index.php it always redirected to login.php
<?php
error_reporting(0);
session_start();
include_once('../_inc/_class/Users.php');
$dbUsers = new Users();
$uname = htmlspecialchars($_POST['username']);
$upass = md5($_POST['password']);
if($uname != "" && $upass != "") {
$user = $dbUsers->selectAll("`password` = '".$upass."' and `email` = '".$uname."' and user_type = 'admin'", "1", "");
/*print_r($user);*/
if(!empty($user) && $user[0]->email == $uname && $user[0]->password == $upass) {
$_SESSION['admin_email'] = $user[0]->email;
/*var_dump($_SESSION['admin_email']);*/
}
else {
$_SESSION = array();
session_destroy();
}
}
die(header('Location:../index.php'));
?>
index.php
<?php
error_reporting(E_ALL);
session_start();
if(!isset($_SESSION['admin_email'])) {
die(header('Location:./login.php'));
}
?>
From your code, it looks like login.php is residing inside a subfolder and not in the root folder where index.php reside.
You are setting the session value from the subfolder and if your php.ini settings or some session_set_cookie_params() in included class (Users.php) is setting the session path deliberately for that subfolder, it will make the session variable inaccessible outside that.
So try to add session_set_cookie_params and set the $path param to /
And then it will be available for the root folder and all subfolders inside that.
For more information check session_set_cookie_params
use
if(!session_id()) session_start();
instead of using plain
session_start();
Related
Im creating my first page in PHP with login form.
Here is my question,
I have this kind of structure:
MAINFILE:
-index.php
-asstes(file)
-config(file)
-includes(file) (with header.php)
-user(file) with user.php
and after loggin from index.php i want to direct user to user.php but after using header("Location: user/user.php"); i get ERROR 404.
Does anybody knows how to redirect to page in another file?
Thanks!
<?php
$error = "Email or password was incorrect<br>";
if(isset($_POST['login_button'])) {
$login = $_POST['log_login']; //sanitize email
$_SESSION['username'] = $login; //Store email into session variable
$password = md5($_POST['log_password']); //Get password
$check_database_query = mysqli_query($con, "SELECT * FROM users WHERE login='$login' AND password='$password'");
$check_login_query = mysqli_num_rows($check_database_query);
if($check_login_query == 1) {
$row = mysqli_fetch_array($check_database_query);
$username = $row['login'];
$role =$row['role'];
$_SESSION['username'] = $username;
if(role == "admin"){
header("Location: admin.php");
$_SESSION['role'] = true;
}
else {
header("Location: /user/user.php");
$_SESSION['role'] = false;
}
exit(0);
}
else {
echo $error;
}
$_SESSION['log_login'] = "";
$_SESSION['log_password'] = "";
}
Actually if in your index.php you have a login form which sends a POST request then, after a successful sign-in you can redirect user using:
header('Location: /user.php');
exit(0);
Path passed in location is relative to user's current position so if your file user.php is in the root folder then use /user.php; if in user so that the filename is user/user.php then use:
header('Location: /user/user.php');
exit(0);
Yet a lot of that may be caused by the way you actually sign in your user and how you manage the session creation so would be great and helpful if you have shared the code.
I have a login script in Php. If the credentials are correct then the session is started, session variables are set and then redirected to the profile page. In the profile page, I have a script that redirects the user back to login page if they have not logged in.
Now, whenever I enter the correct credentials of the user and click on login, it redirects me back to the login page. To solve it, I commented out the code which was responsible for the redirection back to the login page. As a result, I got access to the profile page but I could not access the session variables.
And sometimes this code runs perfectly while sometimes it shows the above-stated problem.
The login code is as shown in the picture :
session_start();
require_once 'includes/config.php';
if(isset($_POST['login'])){
$user = trim($_POST['username']);
$pass = trim($_POST['password']);
$ch = $_POST['position'];
$stmt = $db->prepare("SELECT C_Name, PAN_id, Password FROM master_registration WHERE PAN_id = ?");
$stmt->bindParam(1,$user);
$stmt->execute();
$row = $stmt->fetch();
$username = $row["PAN_id"];
$Name = $row["C_Name"];
$hash = $row["Password"];
if(password_verify($pass, $hash)) {
session_start();
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $username;
$_SESSION["Name"] = $Name;
header("Location: main_folder/master/profile.php");
Login page code
The profile page code is as shown in the picture:
session_start();
require_once '../../includes/config.php';
if(!isset($_SESSION['loggedin']) && $_SESSION['loggedin'] !== true){
header("location:../../index.php");
exit;
}
$user = $_SESSION['username'];
profile page code
The seems fine, but there is a problem in sessions, plus it works in localhost but when I hosted in CPanel the problem starts.
Please help anyone...
Sometimes the Cpanel need config on the PHP SESSION, php.ini
First yo can check the CPanel session.save_path and enabel output_buffering .
to used phpinfo()
Your code its correct. but if try session_start(); to inculed the config.php file
Change your profile pic code with this code...
Your logic is incorrect thatswhy you are redirected everytime
if(!$_SESSION['loggedin']) {
header("location: ../../index.php");
exit() ;
}
In attempt of securing an administrator area of a site I'm working on I made an index.php which contains
if (isset($_POST['password']) && isset($_POST['userName'])) {
if($_POST['password']==$pass && $_POST['userName']==$username)
{
header( 'Location: admin.php' ) ;
}
This redirects to a file in the same folder called admin.php. The problem is that I can access this file if I write localhost/folder/admin.php. Please tell me how to restrict the direct access to this page. The only way accesing it should be from index.php after username and password.
set a session variable and check it everytimes somebody access admin.php
<?php
if (isset($_POST['password']) && isset($_POST['userName'])) {
if ($_POST['password'] == $pass && $_POST['userName'] == $username) {
if (!session_id())
session_start();
$_SESSION['logon'] = true;
header('Location: admin.php');
die();
}
?>
and
//admin.php
if (!session_id()) session_start();
if (!$_SESSION['logon']){
header("Location:index.php");
die();
}
You should look into PHP sessions. You can set a session variable "isLogged" in that redirection file, and then check in admin.php if that session variable is registered, if not redirect to the login page!
session_start();
if (isset($_POST['password']) && isset($_POST['userName'])) {
if($_POST['password']==$pass && $_POST['userName']==$username)
{
header( 'Location: admin.php' ) ;
$_SESSION['isLogged'] = true;
}
admin.php
session_start();
if(!$_SESSION['isLogged']) {
header("location:login.php");
die();
}
Note: session_start(); must be called before the $_SESSION global can be utilised.
Set a session value that signifies that a user has successfully logged in, check for it on every page you want secured, redirect to login if that value isn't set.
Hi I am trying to get the user signed in via sessions, here is my code it was working before now it isn't i didnt even change the code.
profile.php (to show after logged in)
<?php
ob_start();
session_start();
$userName = $_SESSION['username'];
$userid = $_SESSION['userid'];
if(isset($_GET['session'])) {
$currentSessionID = $_GET['session'];
$currentSessionID = md5(md5(md5($currentSessionID)));
session_id($currentSessionID);
header("Location:profile.php");
return;
}
if(!isset($userName)){
echo "OUT";
return;
}
...
scripts/signin.php
ob_start();
session_start();
include"config.php";
echo "here";
// check for required fields
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['Username']) && isset($_POST['Password'])) {
$user = mysql_real_escape_string($_POST['Username']);
$pass = mysql_real_escape_string($_POST['Password']);
$decrypt = md5(md5(md5($pass)));
$ensure = "select * from userinfo WHERE Username = '$user' and Password='$decrypt' and status='1'";
$result= mysql_query($ensure);
if(mysql_num_rows($result) > 0) {
echo "here2";
$entry = mysql_fetch_array($result) or die(mysql_error());
$_SESSION['username'] = $entry['Username'];
echo $entry['Username'];
$_SESSION['userid'] = $entry['Id'];
$currentSessionID = session_id();
$currentSessionID = md5(md5(md5($currentSessionID)));
header("Location: http://www.myprocity.com/profile.php?session=".$currentSessionID);
echo "here3";
the reason why im passing in the session id is because im trying to only keep sign in and sign up HTTPS while the other pages HTTP so I can show Google ads, does anyone know how to implement this without security issues (perfectly)
it always goes to OUT even when $_SESSION is my username (database is correct)
In profile.php you are checking for the presence of a session ID, and changing the session ID if you find it. You are doing this after you've set up a session with session_start(), but the PHP manual specifically says you must call session_id() before session_start() for this to work.
You're also hashing $_GET['session'] before sending it, and again before using it. The session ID you're trying to use in profile.php won't match the session ID used in signin.php
The result is that $_SESSION does not have the data in it you are expecting.
You need to rationalise your use of session_id(), and ensure the correct value is passed from page to page. All the hashing with md5() is just complicating matters - drop it. Realistically, I don't see why you need anything more than session_start() at the top of each page and let PHP handle the sessions. You may have an argument for doing what you're doing, but your solution simply won't work.
I don't know how to get to the main page index.php and show some div's with javascript function after i check if the login data is correct. I run login.php scrip after the user clicks on submit button, and than if user data is correct i want to show some div's with javascript and stay on index.php page. I tried this using javascript function and than the header(location: ./index.php) in php but it didn't work.
My code:
if($name == $username && $pass == $password){
echo '<script type="text/javascript">'
, 'showDiv();'
, '</script>';
header("Location: ./index.php");
}
Put session_start(); at the top of your login.php and index.php files, then put this in your login.php file:
if ($name == $username && $pass == $password) {
$_SESSION['authenticated'] = true;
header("Location: ./index.php");
}
Then, on your index.php file, do this to see if the user is logged in:
if (isset($_SESSION['authenticated']) && $_SESSION['authenticated']) {
echo '<script type="text/javascript">'
. 'showDiv();'
. '</script>'; # If you want your div to show on your index.php
}
The way you are using seems weird. A better approach would be to use SESSION variables to store login info(when user logs in) and display content after checking the SESSION variable like this:-
if(isset($_SESSION['somevalue']))
{
echo 'whatever you want';
}
if($name == $username && $pass == $password)
$_SESSION['login'] = true;
Now anyhwhere in code first start session and check for login name session variable.
session_start();
if (isset($_SESSION['login'] ) && $_SESSION['login'] === true)
{
//do what logged in user require
}
else
{
// redirect them to login page with proper error.
}
In your login.php write this.
session_start();
if($name == $username && $pass == $password){
$_SESSION['somevalue'] = $username;
header("Location: ./index.php");
}
In index.php You need to check whether your session is set or not? If set show youw div with javascript code.
session_start();
if(isset($_SESSION['somevalue']))
{
//show your div code here.
}
You have to write session_start(); in first line of your login.php file. Because some time it has problem.
session_start(); // line 1 in login.php
if($name == $username && $pass == $password)
{
$_SESSION['mydata'] = $username;
header("Location: ./index.php");
}
Actually you need to use some Jquery and an Ajax call in order to not refresh the page once the user clicked the submit button.
The code you need is something like this:
$.ajax({
'url': 'http://yourdomain.com/authentication_script.php',
'beforeSend': function(xhr) {
xhr.setRequestHeader("Authentication", "Basic " + encodeBase64(username + ":" + password)
},
sucess: function(result) {
alert('authenticated'); // here you can add some other functions to execute once authenticated
}
});
The idea is that you should take care that in the authentication script you should also include session variables and keep track of the user data as long as you / he want/s.