I am very new to PHP and I am trying to make a registration form only for an admin(no need for other users). I want to show one of the menu nav ("Add photo") only to admins.
LOGIN.php:
<?php
include_once 'header.php';
$username = "Efren";
$password = "111";
if (($_POST['txt_uname_email'] == $username)&& ($_POST['txt_password'] == $password)) {
session_start();
$_SESSION['admin_is_logged'] = true;
echo '<script type="text/javascript"> window.open("homepage.php","_self");</script>';
}
This is the part of the header that I am trying to show only to admins:
<?php
if (isset($_SESSION['admin_is_logged']) && $_SESSION['admin_is_logged'] == true){
echo '<li>add photo</li>';
}
?>
</ul>
Right now “add photo” is hidden both to admin and other visitors.
You need to start session on every page you want access to $_SESSION variable. I saw your session_start is inside if statement. Just set it on top of every file (where you need session) and it should work.
Put
session_start();
on file beginning just after <?php
Related
Hi i'm developing a multi steps form with php using session and i've been wondering if there is a way for the user to alter session variables for example on the first page i have something like this :
<?php
session_start();
if(isset($_POST['submit'])){
$_SESSION['name'] = $_POST['name'];//and so on
}
?>
and the other page has something like :
<?php
session_start();
$name = $_SESSION['name'];
?>
my question is can the user modify the value of the session variable on the second page
Since you're populating the session variable with the value of a POST variable, they can continue to resubmit the first form as much as they want with arbitrary values.
You can use application logic to defeat this:
<?php // form1
session_start();
if (empty($_SESSION['step'])) {
$_SESSION['step'] = 1;
}
if ($_SESSION['step'] > 1) {
header("Location: form2.php");
exit; // This exit is very important, don't neglect it
}
if (isset($_POST['submit'])){
$_SESSION['name'] = $_POST['name'];//and so on
$_SESSION['step'] = 2;
}
And then
<?php // form2
session_start();
if (empty($_SESSION['step'])) {
header("Location: form1.php");
exit;
}
if ($_SESSION['step'] > 2) {
header("Location: form3.php");
exit;
}
if ($_SESSION['step'] < 2) {
header("Location: form1.php");
exit;
}
$name = $_POST['name'];
By using application logic, you can control the flow of your visitors within your application.
If you're asking if users can change $_SESSION variables outside of any code you've written, the answer is usually no. See also: this answer.
I'm trying to integrate a php login script that I have working, but I can't seem to get simple php calls going on a page. On this user profile page, I want to simply have the user name displayed (mysql field is "name"). The user is logged in and the session carries through, but on this page, all I see is the text "Here is your profile info..." What might be wrong in the code to prevent the user name from displaying?
<?php
include_once('classes/check.class.php');
include_once('header.php');
if( protectThis("*") ):
if(!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['jigowatt']['name'])) {
echo "You're name is: " . $_SESSION['jigowatt']['name'];
}
?>
<br />
Here are is your profile info...
<?php
else :
?>
<div class="alert alert-warning">
<?php _e('Only signed in users can view what\'s hidden here!'); ?></div>
<?php
endif;
include_once('footer.php');
?>
For check session is set already use session_id() Also check you have set $_SESSION['jigowatt']['name'] already with empty()
if(session_id() == '') {
session_start();
}
if(!empty($_SESSION['jigowatt']['name'])) {
echo "You're name is: " . $_SESSION['jigowatt']['name'];
}
else {
echo 'username is empty';
}
You need to put session_start(); at the very top of the page. No white space can be put before that. Try if that works.
First you need to write the sessions at the very top of the page if it works than okay else you can try this.
Just append this 2 function before and after the session_start();
Like this
ob_start();
session_start();
ob_end_clean();
Im creating an website where i am checking for login and redirecting the user to the index page, if his login was successful i want him to see something else instead of the login button
i have followed this approach for my query
<?php
if(!isset($_SESSION['uid']))
{
?>
<span class="Login">Login</span>
<?php
}
else if(isset($_SESSION['uid']))
{
?>
<span>Post</span>
<?php
}
?>
it doesn't seem to work quite the way i want. The 'Login' span is always visible, it would seem that the $_SESSION['uid'] is not being set, but that is not the case. To be honest i don't even know if this is the correct way of doing this
You need to put session_start(); in each page that need to access the session data before accessing (or creating) any session data.
See: Session Manuel
<?php
session_start();
$linkPage = 'login.php';
$linkName = 'Login';
if(isset($_SESSION['uid'])) {
$linkPage = 'postThread.php';
$linkName = 'Post';
}
?>
<span class="link"><?php echo $linkName; ?></span>
I want to add a simple "login/logout" script to my web site but it does not work.
<?php if(isset($_POST["signin"])){
session_start();
$username=stripslashes($_POST["username"]);
$password=stripslashes($_POST["password"]);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$nom=checkUser($username, $password);
if(!$nom=="")
{
$_SESSION['name'] = $nom;
header("location:account.php");
}
else {
echo 'WRONG USERNAME OR PASSWORD';}
}?>
the script above is header.php which means it's included in every single page; now here is the page of "account.php"
<?php if(isset($_SESSION['name']))
{
include('header.php');
echo'
</article>
<article class="col1 pad_left1">
<p>Bienvenue '.$_SESSION['name'].'</p>
</article>
</header>
</div>';
include('footer.php');}
header("location:index.php");
?>
The problem is that i always get to the index.php even if i'm logged in as if this test if(isset($_session['name'])) is always false.
I guess you rather want to use if($nom!="") than if(!$nom==""). Additionally, you need to call session_start() before you can use $_SESSION (you're doing it the other way round at the moment).
you have to start session in every page at the top by
session_start();
probably you are missing this.
Try to add session_start(); before if(isset($_SESSION['name'])) and check if it's a blank lines in your files at the top and in the end.
I'm trying to use the code below to make the <a href='http://www...com/.../footervote.php'>Vote</a> link appear if a user logs in and a user shows up in the function getEditorsList(). The vote link only appears if the browser is refreshed.
Any idea how I could make the vote link appear without having to refresh the browser?
Thanks in advance,
John
index.php:
<?php
require_once "header.php";
//content
include "login.php";
// more content
require_once "footer.php";
?>
In header.php:
<?php
error_reporting(0);
session_start();
require_once ('db_connect.inc.php');
require_once ("function.inc.php");
$seed="0dAfghRqSTgx";
$domain = "...com";
$editors = getEditorsList();
foreach($editors as $editor)
{
$editorids[] = $editor['loginid'];
}
if(in_array($_SESSION['loginid'], $editorids))
{
echo "<div class='footervote'><a href='http://www...com/.../footervote.php'>Vote</a></div>";
}
?>
login.php:
<?php
if (!isLoggedIn())
{
if (isset($_POST['cmdlogin']))
{
if (checkLogin($_POST['username'], $_POST['password']))
{
show_userbox();
} else
{
echo "Incorrect Login information !";
show_loginform();
}
} else
{
show_loginform();
}
} else
{
show_userbox();
}
?>
Do you set $_SESSION['loginid'] after your in_array query? If you render header.php first, in_array returns false (although the session has been started, but loginid will be set a few lines down the road in login.php).
Move this:
if(in_array($_SESSION['loginid'], $editorids))
{
echo "<div class='footervote'><a href='http://www...com/.../footervote.php'>Vote</a></div>";
}
from header.php to login.php like this:
else {
show_userbox();
if (in_array...
}
If the link is present but hidden you use some DHTML (JQuery / Scriptaculous) to set the display/visibility attributes correctly.
If the link is not present in the original html (preferable for security reasons) then when the login occures fire off an AJAX request that returns javascript that will insert the link in the correct location (parent element).