I have three pages on my site index (login page) Home (navigation) Project Creation and Management (informational) now after login there is no issues however when I try going from home to Project Creation and Management it seams like I'm instantly getting redirected back to the home page. It does the same thing via url entry or the navigation from the home page. Here's my code:
index
<!DOCTYPE html>
<?php
session_start();
$username = "admin";
$password = "collins1";
if (isset($_GET['logout'])){
session_destroy();
}
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
header("Location: home.php");
}
if (isset($_POST['username']) && isset($_POST['password'])){
if ($_POST['username'] == $username && $_POST['password'] == $password)
{
$_SESSION['loggedin'] = true;
header("Location: home.php");
}
else
{
echo '<font color="#FF0000"><p align="center">Username or Password incorrect please try again</p></font>';
}
}
?>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Login</title>
<link href="../CSS/boilerplate.css" rel="stylesheet" type="text/css">
<link href="../CSS/master.css" rel="stylesheet" type="text/css">
<script src="../JAVASCRIPT/respond.min.js"></script>
</head>
<body link="black">
<div class="gridContainer clearfix">
<div id="borderDiv">
<div id="headerDiv">
<p>Welcome</p>
</div>
<div id="subHeaderDiv">
<p>Please login to continue to the Project Creation and Management System</p>
</div>
<form method="post" action="index.php">
<div id="userNameLoginDiv">
<p>Username:</p>
<input type="text" name="username" size="12">
</div>
<div id="userPasswordLoginDiv">
<p>Password:</p>
<input type="password" name="password" size="12">
</div>
<div id="loginBtnDiv">
<input id="button" type="submit" value="Login">
</div>
</form>
</div>
</div>
</body>
</html>
home
<!DOCTYPE html>
<?php
session_start();
if (isset($_GET['logout'])){
session_destroy();
}
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
header("Location: index.php");
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Home</title>
<link href="../CSS/boilerplate.css" rel="stylesheet" type="text/css">
<link href="../CSS/master.css" rel="stylesheet" type="text/css">
<script src="../JAVASCRIPT/respond.min.js"></script>
</head>
<body link="black">
<div class="gridContainer clearfix">
<div id="headerDiv">
<p>Home</p>
</div>
<font color="#000000">Logout</font>
<div id="homeBtn1"> <img src="../button.png" alt="Project Creation and Management">
<div id="homeBtnText1">
<font color="#000000" ><p>Project Creation and Management<p></font>
</div>
</div>
</div>
</body>
</html>
Project Creation and Management
<!DOCTYPE html>
<?php
session_start();
if (isset($_GET['logout'])){
session_destroy();
}
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
header("Location: index.php");
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Home</title>
<link href="../CSS/boilerplate.css" rel="stylesheet" type="text/css">
<link href="../CSS/master.css" rel="stylesheet" type="text/css">
<script src="../JAVASCRIPT/respond.min.js"></script>
</head>
<body link="black">
<div class="gridContainer clearfix">
<div id="headerDiv">
<p>Project Creation & Management</p>
</div>
<font color="#000000">Logout</font>
</div>
</body>
</html>
you should edit your code below
<?php
session_start();
$username = "admin";
$password = "collins1";
if (isset($_GET['logout'])){
session_destroy();
}
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
header("Location: home.php");
}
if (isset($_POST['username']) && isset($_POST['password'])){
if ($_POST['username'] == $username && $_POST['password'] == $password)
{
$_SESSION['loggedin'] = true;
header("Location: home.php");
}
else
{
echo '<font color="#FF0000"><p align="center">Username or Password incorrect please try again</p></font>';
}
}
?>
...
Because session_start() have to above every output-string. You printed <!DOCTYPE html> that make session cannot start
The session_start(); must go above all else in all pages. Otherwise, the session variables cannot be created and saved. For that reason, the second if in your Project Creation and Management page will be called. That's the problem!
Related
In a very basic login page I set up an error status to show if the form was submitted with an empty pin or an invalid pin was entered but it only functions if I submit the form twice with the same error.
Where am I going wrong here?
Or else what would be a better way to achieve this?
<?php
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
?>
<html>
<head>
<title>Title</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="style.css">
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
<link rel="manifest" href="/site.webmanifest">
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
<meta name="msapplication-TileColor" content="#da532c">
</head>
<body>
<h1>Page Title</h1>
<div class="smallcontainer">
<form method="post" action="">
<div class="row">
<div class="col-20">
<label for="id">Driver Pin</label>
</div>
<div class="col-80">
<input type="text" name="id" >
</div>
</div>
<div class="row">
<div class="col-100 error">
<?= #$_SESSION['status'] ?>
</div>
<div class="col-100">
<input type="submit" value="Submit" name="submit">
</div>
</div>
</form>
</div>
</body>
</html>
<?php
if (isset($_POST['submit'])) {
$id = trim($_POST['id']);
if (empty($_POST['id'])){
$_SESSION['status'] = 'Enter a Driver Pin';
}
// if (!strlen($id)) {
// $_SESSION['status'] = 'Enter a Driver Pin';
// //die('Please enter Driver Pin');
// }
$success = false;
$handle = fopen("users.csv", "r");
while (($data = fgetcsv($handle)) !== FALSE) {
if ($data[0] == $id) {
$success = true;
$_SESSION['displayname'] = $data[1];
break;
}
}
fclose($handle);
if ($success) {
$_SESSION['allow'] = '';
header('Location: ./');
} else {
$_SESSION['status'] = 'Invalid Driver Pin - Try again';
}
}
?>
First you need to put the php before the form (as already said) and here is your code with a few fixes:
<?php
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if (isset($_POST['submit'])) {
$id = trim($_POST['id']);
$success = false;
$handle = fopen("users.csv", "r");
while (($data = fgetcsv($handle)) !== FALSE) {
if ($data[0] == $id) {
$success = true;
$_SESSION['displayname'] = $data[1];
break;
}
}
fclose($handle);
if ($success) {
$_SESSION['allow'] = '';
$_SESSION['status'] = 'Success!';
/*header('Location: ./');*/
} else {
if (empty($_POST['id'])){
$_SESSION['status'] = 'Enter a Driver Pin';
} else {
$_SESSION['status'] = 'Invalid Driver Pin - Try again';
}
}
} else {
$_SESSION['status'] = 'Enter a Driver Pin';
}
?>
<html>
<head>
<title>Title</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="style.css">
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
<meta name="msapplication-TileColor" content="#da532c">
</head>
<body>
<h1>Page Title</h1>
<div class="smallcontainer">
<form method="post" action="">
<div class="row">
<div class="col-20">
<label for="id">Driver Pin</label>
</div>
<div class="col-80">
<input type="text" name="id" >
</div>
</div>
<div class="row">
<div class="col-100 error">
<?= #$_SESSION['status'] ?>
</div>
<div class="col-100">
<input type="submit" value="Submit" name="submit">
</div>
</div>
</form>
</div>
</body>
</html>
This will work - notice I added an else if there is no post on fresh load you need to reset the $_SESSION['status'];
You php that checks and set status is located after HTML, which means the HTML returned by the page submission will not have the status updated until next submission.
So, move your PHP code above HTML.
Also, you can't use header() after anything was printed out already.
I am trying to insert form data to my profile table when I click the add button, but whenever I test my code below it just reloads my add.php page and clears the form instead of adding it to my table.
add.php code:
<?php
//connection to the database
$pdo = require_once 'pdo.php';
session_start();
//if user is not logged in redirect back to index.php with an error message
if(!isset($_SESSION['user_id'])){
die("ACCESS DENIED");
return;
}
//if the user requested cancel go back to index.php
if(isset($_POST['cancel'])){
header('Location: index.php');
return;
}
//handling incoming data
$uid = $_SESSION['user_id'];
if (isset($_POST['first_name']) && isset($_POST['last_name']) &&
isset($_POST['email']) && isset($_POST['headline']) && isset($_POST['summary'])){
if (strlen($_POST['first_name']) == 0 || strlen($_POST['last_name']) == 0 ||
strlen($_POST['email']) || strlen($_POST['headline']) == 0 || strlen($_POST['summary']) == 0){
$_SESSION['error'] = "All fields are required";
header("Location: add.php");
return;
}
if(strpos($_POST['email'], '#') === false){
$_SESSION['error'] = "Email address must contain #";
header("Location: add.php");
return;
}
$stmt = $pdo->prepare('INSERT INTO profile
(user_id, first_name, last_name, email, headline, summary)
VALUES ( :uid, :fn, :ln, :em, :he, :su)');
$stmt->execute(array(
':uid' => $uid,
':fn' => $_POST['first_name'],
':ln' => $_POST['last_name'],
':em' => $_POST['email'],
':he' => $_POST['headline'],
':su' => $_POST['summary'])
);
$_SESSION['success'] = "profile added";
header("location: index.php");
return;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Profile Add</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Adding Profile for UMSI</h1>
<form method="post" action="index.php">
<p>First Name:
<input type="text" name="first_name" size="60"/></p>
<p>Last Name:
<input type="text" name="last_name" size="60"/></p>
<p>Email:
<input type="text" name="email" size="30"/></p>
<p>Headline:<br/>
<input type="text" name="headline" size="80"/></p>
<p>Summary:<br/>
<textarea name="summary" rows="8" cols="80"></textarea>
<p>
<input type="submit" name="add" value="Add">
<input type="submit" name="cancel" value="Cancel">
</p>
</form>
</div>
</body>
</html>
here I created my connection to the database using pdo connection and also require my config.php file for database sign in credentials
here is my pdo.php code:
<?php
require_once 'config.php';
//setting DSN
$dsn = "mysql:host=$host;dbname=$dbname;charset=UTF8";
//creating a PDO instance
try{
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if($pdo){
echo "database connected Successfully";
return;
}
}catch(PDOException $e){
echo $e->getMessage();
}
?>
my database sign in credentials are in this file, the username, password and dbname are not necessarily correct, I only changed them for the sake of asking.
here is my config.php code:
<?php
//my variables
$host = 'localhost';
$user = 'myusername';
$password = 'mypass';
$dbname = 'mydb';
?>
my index.php code has a static display for the profile entries, I wanted to be able to add the profiles first so I can make it dynamically display the profiles but here is my index.php code:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
enter code here
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
when i logging in with user and pass session id not activate in site in wamp worked but when i uploaded to 000webhost not working i wnat solution for my problem and this my code
index.php
<?php
session_start();
include 'connection.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Tekkadan</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="style.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Baloo">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<style>
body {
font-family: 'Baloo', cursive !important;
}
h3{
font-family: 'Baloo', cursive !important;
}
b{
font-family: 'Baloo', cursive !important;
}
.mySlides {display: none}
</style>
</head>
<body>
<!-- Navbar -->
<div class="w3-top">
<div class="w3-bar w3-black w3-card">
<a class="w3-bar-item w3-button w3-padding-large w3-hide-medium w3-hide-large w3-right" href="javascript:void(0)" onclick="myFunction()" title="Toggle Navigation Menu" ><img src="sidr.png" style="height: 30px;width: 30px;background-color: #841818;"></i></a>
HOME
<?php if(empty($_SESSION['sess_guild'])){?>
تسجيل دخول
<?php }else{?>
الجيني
البروفايل
تسجيل خروج
<?php } ?>
<?php if(!empty($_SESSION['sess_auth'])){
if ($_SESSION['sess_auth']=="admin" || $_SESSION['sess_auth']=="co" || $_SESSION['sess_auth']=="giny" || $_SESSION['sess_auth']=="warning") {?>
الادمن
<?php }} ?>
</div>
</div>
<!-- Navbar on small screens (remove the onclick attribute if you want the navbar to always show on top of the content when clicking on the links) -->
<div id="navDemo" class="w3-bar-block w3-black w3-hide w3-hide-large w3-hide-medium w3-top" style="margin-top:46px">
HOME
<?php if(empty($_SESSION['sess_guild'])){?>
تسجيل دخول
<?php }else{?>
الجيني
الادمن
تسجيل خروج
البروفايل
<?php } ?>
</div>
and proccess of login.php
<?php
include 'connection.php';
session_start();
if(empty($_SESSION['sess_guild'])){
$user=$_POST['user'];
$pass=$_POST['pass'];
$sql = mysqli_query($conn,"SELECT * FROM users WHERE user ='".$user."' AND pass='".$pass."' ");
$row = mysqli_fetch_assoc($sql);
$numrows = mysqli_num_rows($sql);
if ($numrows == 0) {
echo "invaild pass or user";
}else{
$_SESSION['sess_user']=$row[user];
$_SESSION['sess_guild']=$row[guild];
$_SESSION['sess_auth']=$row[authiroty];
if ($_SESSION['sess_guild'] == "forever") {
$sqla="SELECT * FROM forever WHERE user='".$_SESSION['sess_user']."'";
$sqlc="SELECT COUNT(id) FROM forever ";
$forever=mysqli_query($conn,$sqlc);
$iduser=mysqli_query($conn,$sqla);
$rowuser = mysqli_fetch_assoc($iduser);
$_SESSION['sess_id']= "$rowuser[id]";
$_SESSION['sess_giny']= "$rowuser[giny]";
}
header('Location:index.php');
}elseif(!empty($_SESSION['sess_guild'])){
echo "nooooo";
}
?>
i want when user click in profile
البروفايل
i need link get the sess_id from process when click this link
or i want if click on profile get link for profile like this https://stackoverflow.com/users/11227805/rashed-kamal
How to make an page only accessible when logged in, in PHP?
I want you when you click on the background to defend two buttons with Login And Register and you can only access these two buttons after you log in.
<?php
session_start();
include_once 'dbconnect.php';
?>
<!DOCTYPE html>
<HTML>
<head>
<title>NCS pagina principala</title>
<meta content="width=device-width, initial-scale=1.0" name="viewport" >
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" >
</head>
<body>
<?php if (isset($_SESSION['usr_id'])) { ?>
<FONT size="4%" color="#66ffff" FACE="cursive">Esti conectat cu:</FONT><i><FONT size="5" color="#66ff66"> <?php echo $_SESSION['usr_name']; ?></FONT></i>
<link rel="stylesheet" href="styles/buttonstyle.css">
<a class="button" href="logout.php">Delogheaza-te</a>
<?php } else { ?>
<link rel="stylesheet" href="styles/buttonstyle.css">
<a class="button" href="login.php">Logheaza-te</a>
<a class="button" href="form.html">Cerere cont</a>
<?php } ?>
<head>
<a class="button" href="blacklist.php">BlackList</a>
<CENTER>
<BODY STYLE = "BACKGROUND: url(https://cdn.discordapp.com/attachments/389773843813629972/389781868247253002/thumb-1920-553248.jpg); BACKGROUND-SIZE:130%"></BODY>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
</HTML>
try this (after session_start(); ):
if (!isset($_SESSION['usr_id'])) header("Location:logout.php");
and logout.php must be
<?php
session_start();
session_destroy();
header("Location:login.php");
?>
then, in login.php you write your login code
My reports.php page keeps redirecting me back to the login page even though i have supposedly logged into the website. I am not quite sure what i might be doing wrong here.
reports page:
<?php require_once('dbadmin.php');?>
<?php
session_start();
$user = $_SESSION['users'];
if(!isset($users)){
header("Location:admin_login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>e</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<header><img src="images/eastersealsclevelogo.png" alt="Easter Seals Logo" width="445" height="300"</img> </header>
<nav>
<ul>
<li>Home</li>
<li>Run Sign-Up</li>
<li>Refer-a-Friend</li>
<li>Admin Login</li>
<li>Reports</li>
</ul>
</nav>
<h1>Reports</h1>
<table border="1" style="width:100%">
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>Email</th>
<th>Address</th>
<th>City</th>
<th>State</th>
<th>Distance</th>
</tr>
<?php
include('dbuser.php');
$select = "SELECT `fname`, `lname`, `email`, `distance` FROM runner ORDER BY `lname`";
$result = mysql_query($connect, $select) or die ('Oops! '.mysql_error($connect));
if($rowcnt==0){
echo "<tr><td colspan=3>There are currently no results.</td</tr>";}
while($row = mysql_fetch_assoc($result)) {
echo '<tr><td>'.$row['fname'].'</td>';
echo '<td>'.$row['lname'].'</td>';
echo '<td>'.$row['email'].'</td>';
echo '<td>'.$row['distance'].'</td></tr>';
}
?> </table>
<footer></footer>
</body>
</html>
adminlogin page:
<?php require_once('dbadmin.php');?>
<?php
session_start();
if(isset($_POST['adminlogin'])) {
$username = trim($_POST['user']);
$password = trim($_POST['password']);
include('dbadmin.php');
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die("Invalid query: ".mysql_error());
if(mysql_num_rows($result)==0) {
$confirm = '<h2 style="color:red;">Invalid Credentials!</h2>';
} else {
$_SESSION['user'] = $username;
$confirm = '<h2> Login Successful</h2>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>My Gaming Products Site</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<html lang="en">
<head>
<meta charset="UTF-8">
<title></title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<header><img src="images/eastersealsclevelogo.png" alt="Easter Seals Logo" width="445" height="300"/> </header>
<nav>
<ul>
<li>Home</li>
<li>Run Sign-Up</li>
<li>Refer-a-Friend</li>
<li>Admin Login</li>
<li>Reports</li>
</ul>
</nav>
<h1>Enter Your Login Information</h1>
<?php if(isset($confirm)) echo $confirm; ?>
<form method="post" name="adminlogin" id="adminlogin" title="adminlogin" action="admin_login.php">
<p>User: <br> <input type="text" name="user"></p>
<p>Password: <br><input type="password" name="password"></p>
<p><input type="submit" name="adminlogin" id="adminlogin" value="Login"></p>
</form>
</p>
<footer>| WDD420</footer>
</body>
</body>
</html>
I think it might be something with my reports page but i am not sure if it has anything to do with the login page either.
Try to make your script a bit more readable, I suggest with a function:
<?php
function is_loggedin()
{
return (!empty($_SESSION['users']));
}
session_start();
if(!is_loggedin()){
header("Location:admin_login.php");
exit;
}
?>
By doing $user = $_SESSION['users'] then checking if $user is set, that will always be true because you set it. You will want to check empty().
In your adminlogin.php page the session variable is $_SESSION['user']. But in reports.php page it checks for $_SESSION['users']. Change that to $_SESSION['user'] and change the variable name to $user from $users.
session_start();
$user = $_SESSION['user'];
if(!isset($user)){
header("Location:admin_login.php");
}
Try checking users by this :
session_start();
if(!isset($_SESSION['users']) && empty($_SESSION['users'])){
header("Location:admin_login.php");
}
try this for check the variable is set or not :
session_start();
if(isset($_SESSION['users']) && !empty($_SESSION['users'])) {
print_r($_SESSION['users']);
}
Try this to also to check => var_dump($_SESSION['users']);
Put session_start(); at the first line of your php page.
Note : Also keep in mind, you need to call session_start(); on each and every page if you are making use of session variables.