i'm using raw php and using $_SESSION but in every request the $_SESSION is reinstating and all the $_SESSION variables are emptied i used http://127.0.0.1/ insted of http://localhost/ and the $_SESSION work fine but now i update my code to server and the $_SESSION is break again so please any help on and many thnks in advance.
my code
functions.php
function login_user($UserName, $user_role)
{
$_SESSION["UserID"] = get_user_id($UserName, $user_role);
$_SESSION["UserName"] = $UserName;
$_SESSION["UserRole"] = $user_role;
$_SESSION["UserLogged"] = 1;
if($user_role == "s") {
$url = get_home_url() . '/student/student-profile.php';
header("Location: $url");
} else if ($user_role == "i") {
$url = get_home_url() . '/instructor/instructor-profile.php';
header("Location: $url");
} else if ($user_role == "a") {
$url = get_home_url() . '/admin/admin-profile.php';
header("Location: $url");
}
}
login.php
<?php
include ('../autoload.php');
if(!empty($_POST))
{
if(!empty($_POST['username']) &&
!empty($_POST['login_password']) &&
!empty($_POST['user_type']))
{
if(get_user_password($_POST['username'], $_POST['user_type']) == $_POST['login_password'])
{
login_user($_POST['username'], $_POST['user_type']);
} else {
echo 'Password incorrect please try again...';
}
} else {
echo 'Please fill all fields and try again...';
}
} else {
echo 'Some thing went wrong please try again...';
}
student.php
<?php
include ('../autoload.php');
//check if user logged in or not redirect to home page
if(!array_key_exists('UserLogged', $_SESSION)){
$url = get_home_url() . '/home.php';
header("Location: $url");
}
get_header();
echo '<wml>';
echo '<card id="student-profile" title="Student Profile">';
echo '<br/>';
echo '<h2 align="center">Welcome:</h2>';
echo '<h4 align="center">'.$_SESSION['UserName'].'</h4>';
echo '<br/>';
echo '<p align="center">';
echo 'INFO<br/><br/>';
echo '</p>';
echo '</card>';
echo '</wml>';
autoload.php
<?php
include 'helpers/session.php';
include 'helpers/db_functions.php';
include 'helpers/functions.php';
session.php
<?php
SESSION_START();
Related
First page
<?php
session_start(); // put ahead all html tags and echo commands and print.
$_SESSION["username"] = 'admin';
echo 'see session';
?>
Second page
<?php
if( $_SESSION["username"] == 'admin' ) {
echo 'Hello '. $_SESSION["username"] . ' You are adminstrator on this page';
} else {
echo 'You can not accesss';
}
?>
Question
When I click on the link session then I get :
Undefined variable: _SESSION
I have no idea why.
Add in your second file at the start session_start();
like that:
<?php
session_start();
if( $_SESSION["username"] == 'admin' )
{
echo 'Hello '. $_SESSION["username"] . ' You are adminstrator on this page';
}
else
{
echo 'You can not accesss';
}
?>
You need to put session_start(); at the begin of the second page.
I keep getting error with "invalid login information"
It connects to database because it replies "echo "found";" but somehow can't do anything else.
UPDATE: I know that it shutdowns after the first IF, because I rewrited elses to see where the problem is.
also tried https://bcrypt-generator.com where I put hash from DB and normal password, and it matched.
deleted "mysqli_real_escape_string",but I think it doesn't effect anything in this case.
debugging:
print(var_dump($pw,$pedagogove_password, password_verify($pw,$pedagogove_password)));
result: string(8) "heslo123" NULL bool(false)
added
var_dump($entry_pedagogove_login); into while() loop result:NULL
if(isset($_POST['form-insert']) and $_POST['form-insert'] == 'sent')
{
$kod_pedagoga = $_POST['kod_pedagoga'];
$password = $_POST['password'];
$cont = false;
$result_pedagogove_login=mysqli_query($conn,'select * from '._TABLE_PEDAGOGOVE.' where kod_pedagoga="'.$kod_pedagoga.'" limit 1');
if(mysqli_num_rows($result_pedagogove_login) == 1){
$cont = true;
while($entry_pedagogove_login=mysqli_fetch_array($result_pedagogove_login))
{
var_dump($entry_pedagogove_login);
$pedagogove_login = $entry_pedagogove_login['kod_pedagoga'];
$pedagogove_password = $entry_pedagogove_login['password'];
}
// echo $kokotina = ($password == $pedagogove_password) ? "jo" : "ne";
// print(var_dump($password,$pedagogove_password, password_verify($password,$pedagogove_password)));
if($cont and password_verify($password,$pedagogove_password))
{
//echo "logged";
$_SESSION['pedagogove_logged'] = '1';
$_SESSION['pedagogove_login'] = $pedagogove_login;
$location = './admin.php';
if (!headers_sent())
{
Header("Location: $location");
}
else
{
echo '<script type="text/javascript">';
echo 'window.location.href="'.$location.'";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url='.$location.'" />';
echo '</noscript>';
}
}
else
{
echo '<div class="alert alert-danger" role="alert">';
echo '<p class="text-center">ELSE OD IF PASSWORD_VERIFY</p>';
echo '</div>';
show_form();
}
}
else
{
echo '<div class="alert alert-danger" role="alert">';
echo '<p class="text-center">INVALID LOGIN INFORMATION</p>';
echo '</div>';
show_form();
}
}
else
{
show_form();
}
I have 4 files home.php, log_out.php, blank_one.php, connection.php
and did not include the login.php and index.php since it only reads the
user name and password.
My problem is the session after clicking the log out
then click arrow back
to go blank_one.php directly I get these errors :'(
Notice: Undefined index: CurrentUser
Notice: Undefined index: CurrentUserType
BLANK ONE
========================================================================
and since logout(log_out.php) was clicked the content must be no user found ,EMPTY and back should be disabled.
Is there a way to handle this sessions to remove the errors after destroying it ?
`help please. :'(
blank_one.php
<?php
session_start();
$currUser = $_SESSION["CurrentUser"];
$currUserType = $_SESSION["CurrentUserType"];
echo('BLANK ONE');
?>
home.php
<?php
session_start();
$currUser = $_SESSION["CurrentUser"];
$currUserType = $_SESSION["CurrentUserType"];
if($currUserType == '1' or $currUserType == '2')
{
echo '
<html>
<body>
blank
logout
</body>
</html>
';
}
else if($currUserType == '2'){
}
else if($currUserType == '3'){
echo '
';
}else{
echo '<div> no user found </div>';
}
?>
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '', 'life');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
session_destroy();
session_start();
}
else
{
//echo ("connected from connection.php");
session_start();
echo ("");
}
?>
log_out.php
<?php
session_start();
include('connection.php');
$conn = mysql_connect('localhost', 'root', '', 'wildlife');
if ($conn)
{
$update=mysql_query("INSERT INTO wrd_user(emp_log_out) VALUES (now())");
session_destroy();
mysql_close();
header('Location:index.php');
}
else
{
echo ("");
}
?>
Wrap your variable setting code in blank_one.php will solve the problem:
<?php
session_start();
if (isset($_SESSION["CurrentUser"])) {
$currUser = $_SESSION["CurrentUser"];
}
if (isset($_SESSION["CurrentUserType"])) {
$currUserType = $_SESSION["CurrentUserType"];
}
echo('BLANK ONE');
?>
You need the same in home.php too.
You should test if the session variables (created with the login page) are set to verify that the user is logged in or not.
blank_one.php
<?php
session_start();
if( (isset($_SESSION['CurrentUser']) &&(isset($_SESSION['CurrentUserType'])) {
$currUser = $_SESSION["CurrentUser"];
$currUserType = $_SESSION["CurrentUserType"];
}
else {
echo('BLANK ONE');
}
?>
This should be done also in the protected pages so as to avoid errors and security problems with direct URL access when the user is not logged in. And the user should be redirected in that case.
home.php
<?php
session_start();
if( (isset($_SESSION['CurrentUser']) &&(isset($_SESSION['CurrentUserType'])) {
$currUser = $_SESSION["CurrentUser"];
$currUserType = $_SESSION["CurrentUserType"];
}
else
{
header('Location:index.php');
die();
}
if($currUserType == '1' or $currUserType == '2')
{
echo '
<html>
<body>
blank
logout
</body>
</html>
';
}
else if($currUserType == '2'){
}
else if($currUserType == '3'){
echo '
';
}else{
echo '<div> no user found </div>';
}
?>
<?php
ob_start();
session_start();
require ('openid.php');
function logoutbutton() {
echo "<form action=\"steamauth/logout.php\" method=\"post\"><input value=\"Logout\" type=\"submit\" /></form>"; //logout button
}
function steamlogin()
{
try {
require("settings.php");
$openid = new LightOpenID($steamauth['']);
$button['small'] = "small";
$button['large_no'] = "large_noborder";
$button['large'] = "large_border";
$button = $button[$steamauth['buttonstyle']];
if(!$openid->mode) {
if(isset($_GET['login'])) {
$openid->identity = 'http://steamcommunity.com/openid';
header('Location: ' . $openid->authUrl());
}
return "<form action=\"?login\" method=\"post\"> <input type=\"image\" src=\"http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_".$button.".png\"></form>";
}
elseif($openid->mode == 'cancel') {
echo 'User has canceled authentication!';
} else {
if($openid->validate()) {
$id = $openid->identity;
$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
preg_match($ptn, $id, $matches);
$_SESSION['steamid'] = $matches[1];
// First determine of the $steamauth['loginpage'] has been set, if yes then redirect there. If not redirect to where they came from
if($steamauth['loginpage'] !== "") {
$returnTo = $steamauth['loginpage'];
} else {
//Determine the return to page. We substract "login&"" to remove the login var from the URL.
//"file.php?login&foo=bar" would become "file.php?foo=bar"
$returnTo = str_replace('login&', '', $_GET['openid_return_to']);
//If it didn't change anything, it means that there's no additionals vars, so remove the login var so that we don't get redirected to Steam over and over.
if($returnTo === $_GET['openid_return_to']) $returnTo = str_replace('?login', '', $_GET['openid_return_to']);
}
header('Location: '.$returnTo);
} else {
echo "User is not logged in.\n";
}
}
} catch(ErrorException $e) {
echo $e->getMessage();
}
}
?>
"Not Found The requested URL /login was not found on this server." idk how i do that.. search here and here but nothing found :c i tried all time but i get the error with /login not found on the server "yes i know my english is maybe to bad :D"
My links are of the sort : http://example.com/events.php?slug=xyz
where the [slug] fields are imported from the database.
The starting lines in my events.php page is:
$slug = $_GET['slug'];
$url="events.php?slug=".$slug."/";
....
....
My logout function:
if(isset($_GET['logout']))
{
$_SESSION = array();
session_destroy();
header('Location: ' . $url);
exit;
}
<?php if(isset($_SESSION['id'])){?>
<a href="?logout" ><button>Log Out</button></a>
<?php }?>
But on clicking the logout "http://example.com/events.php?slug=/" is displayed.
My whole php script at the starting of the page is:
<?php
define('INCLUDE_CHECK',true);
require_once('13/functions/db.php');
$slug = $_GET['slug'];
$url="events.php?slug=".$slug."/";
$result = mysql_query("SELECT * FROM event WHERE slug='".$slug."'");
if ($result == true){
$row=mysql_fetch_assoc($result);
$id=$row['id'];
if($id>=13 && $id<=40 && $id!=17){//some checks.
$var=1;
$name=$row['name'];
}
else {
$var=0;
$name="404";
}
}
session_name('fewiui');
session_set_cookie_params(3*7*24*60*60);
session_start();
if(isset($_GET['logout']))
{
$_SESSION = array();
session_destroy();
header('Location: ' . $url);
exit;
}
$sess_uid = $_SESSION['id'];
$sess_email = $_SESSION['email'];
$sess_name = $_SESSION['name'];
if(isset($_POST['submit'])&&$_POST['submit']=='Register')
require_once('13/functions/eventlogin.php');
?>
Everything else (like login, etc.) works. Where am I doing the mistake? I'm a newbie in php.
<a href="?slug=<?php echo $slug; ?>&logout" ><button>Log Out</button></a>