I have a page name authentication.php once licked login it will show the session information in the same page, but when i try to display the same logged user information in another page like userprofile.php it won't show anything
<?php
if ($_POST) {
$logdb = new PDO('mysql:host=localhost;dbname=mydbname', 'root', '12345');
$logdb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $logdb->prepare("SELECT * FROM users WHERE username=:username AND password=:password");
$stmt->bindParam(":username", $_POST['username']);
$stmt->bindParam(":password", $_POST['password']);
$stmt->execute();
$atributes = $stmt->fetch(PDO::FETCH_OBJ);
if ($atributes) {
session_start();
//$_SESSION["loggedIn"] = true;
$_SESSION['username'] = $_POST['username'];
$_SESSION["ID"] = $atributes->ID;
$_SESSION["country"] = $atributes->country;
} else {
echo 'Login failed!';
}
} else {
echo '<form name="login" action="" method="POST">
Username: <br />
<input type="text" name="username"/><br />
Password: <br />
<input type="password" name="password"/><br />
<button type="submit">Login</button>
Register</form>';
}
?>
<?php
echo ($_SESSION["ID"]);
echo ($_SESSION["username"]);
echo $atributes->country;
?>
Here is what i use in a new page to display logged user information but am not getting any result and also no error please can you assist me on that?
<?php
session_start();
if(!isset($_SESSION['username'])) {
$_SESSION["ID"] = $atributes->ID;
$_SESSION["username"] = $atributes->username;
$_SESSION["country"] = $atributes->country;
} ?>
<?php
echo ($_SESSION["ID"]);
echo ($_SESSION["username"]);
echo $atributes->country;
?>
Also at the header of my page i have a navbar like this
<?php if(!isset($_SESSION['username'])) {
include($root . 'includings/unloggedU.php');
}else{
include($root . 'includings/loggedU.php');
} ?>
On the first page set $_SESSION['country'] = $atributes->country; as there is currently no session variable set for that in your code.
And on the second page you should have access to all of the session variables - which you can test individually to see if they are set if you want to.
<?php
session_start(); // always put this at the top of the page see Ryan's comments
echo $_SESSION["ID"] . "<br />";
echo $_SESSION["username"] . "<br />";
echo $_SESSION["country"] . "<br />";
?>
Related
I've been working on a website login, and so far, I have the database and register page set up, but I'm trying to work on a Login page. I've been trying to retrieve data from the Database's Table. I was successfull at doing so on my register page to make sure there aren't multiple usernames of the same name, so I copied some of the code and pasted it onto this page. The problem: it returns blank. Please help... ._.
`
KHS SiteSpace
<div id="header">
<img src="./IMAGES/khslogo2.png" style="margin-left:4;float:left;" width="100" hieght="100">
<b>KHS<span id="name">SiteSpace</span></a>
<!--img src="./IMAGES/Menu.png" style="float:right;margin-right:6;" height="100" width="90"-->
</div>
<div id="content">
<p id="subTitle">Login</p>
<div style="float:left;height:30%;">
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" id="register"><br>
Username:<br>
<input type="text" name="name"><br><br>
Password:<br>
<input type="password" name="pass">
<br><br>
<input type="submit" value="Confirm">
</form>
</div>
<div style="float:right;width:50%;border-style:none none none solid; border-color:222222;border-width:4;height:30%;">
<p style="margin-left:20;font-size:20;">Output:</p>
<p style="margin-left:20;padding-bottom:15;">
<?php
error_reporting(0);
#ini_set('display_errors', 0);
session_start();
$conn = new mysqli("localhost", "shanedrgn", "getting321", "Users");
if (!$conn) {die("Failure to connect");}
$name = trim($_POST['name']);
$pass = trim($_POST['pass']);
if (empty($name) or empty($pass)) {echo "Empty Fields";} else {
$name = trim($_POST['name']);
$pass = trim($_POST['pass']);
echo "Check: The fields arent empty...";#OUTPUT
echo "Testing Variables...";#OUTPUT
//Error Trapping
$sql = "SELECT Username FROM Users where Username = '$name'";
$Data = mysqli_query($conn, $sql);
if($record=mysqli_fetch_array($Data)) {
$nameTrap = $record['Username'];
}
$sql = "SELECT Address FROM Users where Address = '$address'";
$Data = mysqli_query($conn, $sql);
if($record=mysqli_fetch_array($Data)) {
$ipTrap = $record['Address'];
}
if ($nameTrap == $name) {
echo "Check: Username Exists...";
if ($passTrap == $pass) {
echo "Password is correct!";
$_SESSION['User'] = $name;
$sql = "SELECT * FROM Users where Username = '$name'";
$Data = mysqli_query($conn, $sql);
$record=mysqli_fetch_array($Data);
session_start();
$_SESSION['id'] = $record['id'];
echo "<script>alert('You have successfully logged in!')</script>";
sleep(4);
header("Location: ./index.php"); /* Redirect browser */
exit();
} else { echo "Password Invalid";}
} else {echo "That username doesn't exist!";echo $name.";;";echo $nameTrap;}
}
?>
</p></div>
</div>
</body>
</html>`
EDIT: Added missing code
You are doing this:
echo "<script>alert('You have successfully logged in!')</script>";
sleep(4);
header("Location: ./index.php"); /* Redirect browser */
I understand, what you try, but it can't work. You can't set an Header after sending Body-Content - what you do using echo.
You should use JavaScript for your redirect, after the 4 second timeout. Use setTimeout and window.location.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have three questions to my code.
how can I display only the user's name who is logged profile.php file? Because my current code display's every username no matter who logs in.
How can I restrict the profile.php page so it can only be seen if a user is logged in?
How can create a logout page that works?
Below is my code in order by each file config.php //connect to data base, login.php, profile.php, and logout.php:
//------------------------config.php---------------
<?php
mysql_connect("localhost","root","");
mysql_select_db("login2");
?>
//------------------------login.php---------------
<?php
session_start();
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$salt = '';
$pass = md5 ($pass . $salt);
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
}else{
$form = <<<EOT
<form action="login.php" method="POST">
Username : <br />
<input type="text" name="uname" />
<br />
<br />
Password : <br />
<input type="password" name="pass" />
<br />
<br />
<input type="submit" name="submit" value="log in" />
</form>
EOT;
echo $form;
}
?>
//------------------------profile.php---------------
<?php
require('config.php');
?>
<html>
<head>
</head>
<body>
<?php
$sql = mysql_query("SELECT * FROM users ");
while($row = mysql_fetch_array($sql)){
$name = $row['name'];
$lname = $row['lname'];
$uname = $row['uname'];
}
?>
<p>Welcome <b><?php echo $name; ?></b></p>
logout
</body>
</html>
//------------------------logout.php---------------
<?php
require('config.php');
session_destroy();
header('location: login.php');
exit();
?>
The answer to all your questions: Use $_SESSIONs in PHP. I forgot to mention, but you will need to have session_start() at the top of every page on which you plan on using $_SESSION.
// User Login
if(mysql_num_rows($sql) > 0){
$_SESSION['user_name'] = $_POST['uname'];
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
// Profile (Check if user is logged in)
if(isset($_SESSION['user_name']) && !empty($_SESSION['user_name'])){
// Show page
}
How can I create a logout page that works?
You're going to need to start reading, I recommend a great new book called Google.
To display the username, save the username in a session value once he's authenticated
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
$_SESSION['username'] = $uname;
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
To restrict access to the profile.php page, add on top and right after calling session_start()
if(!isset($_SESSION['username'])) // not logged in
To make a logout page, you'll need to destroy the session
logout.php
session_start();
if(isset($_SESSION['username'])) session_destroy();
else // not logged in
try this
if(mysql_num_rows($sql) > 0){
session_start();
$_SESSION['userName']=$_POST['uname'];
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
profile.php
<?php
session_start();
if (!$_SESSION['userName']){
header('location: login.php');
}else{
echo $_SESSION['userName'];
}
?>
<html>
<head>
</head>
<body>
<?php
$sql = mysql_query("SELECT * FROM users ");
while($row = mysql_fetch_array($sql)){
$name = $row['name'];
$lname = $row['lname'];
$uname = $row['uname'];
}
?>
<p>Welcome <b><?php echo $name; ?></b></p>
logout
</body>
</html>
logout.php
unset($_SESSION['userName']);
The answer to your question is simple because currently whatever you do on login.php has no bearing in your profile.php.
In login.php, you check their username and password, and if correct, you send them to profile.php but then you echo out everything from the db in a new query, by doing this on profile.php:
"SELECT * FROM users "
This has no data or reference to your checking their credentials on login.php.
What you should do is when you check their login on login.php, set a session with their correct logged in details, like so:
//------------------------login.php---------------
<?php
session_start();
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$salt = '';
$pass = md5 ($pass . $salt);
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['name'] = $row['name'];
$_SESSION['logged_in']['lname'] = $row['lname'];
$_SESSION['logged_in']['uname'] = $row['uname'];
}
// END ADDITIONAL CODE
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
?>
//------------------------profile.php---------------
<?php
session_start();
require('config.php');
?>
<html>
<head>
</head>
<body>
<?php
// ADDITIONAL CODE
if ( !isset($_SESSION['logged_in']) )
{
header('location: login.php');
exit();
}
// END ADDITIONAL CODE
// Then use the session data to echo their name:
<p>Welcome <b><?php echo $_SESSION['logged_in']['name']; ?></b></p>
logout
</body>
</html>
//------------------------logout.php---------------
<?php
// ADDITIONAL CODE
session_start();
unset($_SESSION['logged_in']);
// END ADDITIONAL CODE
session_destroy(); //if you want..
header('location: login.php');
exit();
This is a simple example, however, and NOTE: On profile.php, my additional code simply checks if a logged_in session is set, which isn't highly secure.
Depending on what data is shown on profile.php, you could/should check their logins again. Perhaps check in the DB their session data, or IP, or both or more.
Important Notes:
The code you are using is fairly unsecure, and uses depreciated functions.
mysql_query() is now depreciated, and you should use PDO or Mysqli, with prepared statements.
If you insist on still using this function, at least change from mysql_escape_string() and instead use mysql_real_escape_string().
Additionally, md5() is no longer considered a secure method, see here:
http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash
And as for salting, using your own (and currently is NULL) is not recommended. Try using:
http://php.net/manual/en/function.crypt.php
Try this its working :
//------------------------config.php---------------
<?php
mysql_connect("localhost","root","");
mysql_select_db("login2");
?>
//------------------------login.php---------------
<?php
session_start();
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$salt = '';
$pass = md5 ($pass . $salt);
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
header("location: profile.php?username=$uname&pass=$pass");
exit();
}else{
echo "Wrong password or username";
}
}else{
?>
<form action="login.php" method="POST">
Username : <br />
<input type="text" name="uname" />
<br />
<br />
Password : <br />
<input type="password" name="pass" />
<br />
<br />
<input type="submit" name="submit" value="log in" />
</form>
<?php
}
?>
//------------------------profile.php---------------
<?php
require('config.php');
$user = $_REQUEST['username'];
$passwd = $_REQUEST['pass']
?>
<html>
<head>
</head>
<body>
<?php
$sql = mysql_query("SELECT * FROM users where `uname` = '$user' AND `pass`= '$passwd' ");
do{
$uname = $row['uname'];
$_SESSION['uname'] = $uname;
$username = $_SESSION['uname'];
}while($row = mysql_fetch_array($sql));
?>
<p>Welcome <b><?php echo $name; ?></b></p>
logout
</body>
</html>
//------------------------logout.php---------------
<?php
require('config.php');
session_destroy();
header('location: login.php');
exit();
?>
I apologize for the wall of text but I've been banging my head against the wall around this problem for awhile so I'm gonna try to provide as much information as possible.
I'm not quite sure if the problem I'm getting has to do with user sessions (I'm new to PHP), but that's what it seems to me.
I ask a user to enter his login information (id and password) to enter the system in ask_login.php:
<div class="login_box">
<h1>Login</h1>
<form method="POST" action="login.php">
<p><input type="text" name="username" placeholder="UserID"></p>
<p><input type="password" name="password" placeholder="Password"></p>
<input type="submit" name="submit" value="Login"></p>
</form>
</div>
If the login details (id and password) are found in the database the user gets logged in to his user portal (login.php) where he can check his details, exams dates, etc..
My problem is whenever I login, if I click for example on the details button to check the user details, it redirects me to my ask_login.php page asking for my login details again saying that I didn't enter any ID/Password details.
I've tried removing the code where it checks if the login forms were submitted blank, and it eventually started working and I was able to click the 'Details' button or any other button, without getting redirected to ask_login.php.
But now when I click on the 'Details' button my "Welcome, username" line doesn't show the username, which makes me think that it has something to do with php sessions. Furthermore, any query that I make won't show the result.
Here's my login.php code:
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if($username && $password) {
$conn_error = 'Could not connect.';
$mysql_db = '------';
if(!mysql_connect('localhost', '------', '') || !mysql_select_db($mysql_db)) {
die($conn_error);
}
$query = mysql_query("SELECT * FROM users WHERE id='$username' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows!== 0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['id'];
$dbpassword = $row['password'];
}
if($username==$dbusername && $password==$dbpassword) {
//echo "You are logged in!";
#$_SESSION['id'] = $username;
}
else {
echo "<script>alert('Username/Password are incorrect');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Wrong username/password!");
}
}
else {
echo "<script>alert('User doesn't exist.');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("That user doesn't exist!");
}
}
else if(empty($username) || empty($password)) {
echo "<script>alert('You didn't enter an ID/Password');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Please enter an ID and password!");
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Logged in | FCUL</title>
<link rel="stylesheet" href="css/stylesheet_loggedin.css" type="text/css"/>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link rel="shortcut icon" href="img/vitor-20130904-favicon.ico"/>
</head>
<body>
<div id="header">
<br/>
<img src="/img/fcul_cent_logo_001.png" width="510" height="70"/>
</div>
<div id="loggedinas">
<br/>
Welcome,
<?php
$result = mysql_query("SELECT nome FROM users WHERE id='$username'");
while($row = mysql_fetch_assoc($result)) {
echo $row["nome"];
}
?>
( <?php echo $username; ?> )
<br/>
<div id="logout">
<font size="2"><u>[Logout]</u></font></a>
</div>
<hr/>
</div>
<?php
//FETCH USER'S BI
if(isset($_POST['username'] )) {
$ID = $_REQUEST['username'];
$query = "SELECT bi FROM users WHERE id='$ID'";
//if query is successful
if($query_run = mysql_query($query)) {
//if it returns 0 rows
if(mysql_num_rows($query_run)==NULL) {
echo "<script>alert('Unexpected Error 004');</script>";
echo "<script language='javascript'>window.location = 'index.php';</script>";
}
while($query_row = mysql_fetch_assoc($query_run)) {
$bi = $query_row['bi'];
//echo $bi;
}
}
}
?>
<br/>
<center>
<div id="buttons">
<form method="POST" action="login.php">
<input type="submit" name="details" value="details">
</form>
<?php
//**print user's BI if he clicks on 'Details' button**
if($_POST['detalhes']){
echo '<div id="content">' . $bi . '</div>';
}
?>
</div>
</center>
</body>
</html>
you cannot access session on first time you insert it in $_SESSION['id'] = $username variable.
you can only access it on the second run of session_start();
try this.
1. make login.php
2. make welcome.php
try to separate the module where login.php will only process for checking
the login process then if this condition success then
<?
if($username==$dbusername && $password==$dbpassword) {
//echo "You are logged in!";
$_SESSION['id'] = $username;
header("location: welcome.php");
}
?>
in welcome.php
<?
session_start();
// this is for the checking if user is loged in
if (!$_SESSION['id']) {
header("location: ask_login.php");
exit;
}
?>
You are not checking if the user is already logged, so, after receiving your post from ask_login.php, when you click anything in your page $username and $userpassword will be null.
Just wrap all your code after session_start with
if($_SESSION['id'] === false)
{
//Your code
$username = $_POST['username'];
$password = $_POST['password'];
if($username &&...
}
wrap your code with this
if ($_SESSION['id']){
//your login checking here
};
e.g
if ($_SESSION['id']){
if($username && $password) {
$conn_error = 'Could not connect.';
$mysql_db = '------';
if(!mysql_connect('localhost', '------', '') || !mysql_select_db($mysql_db)) {
die($conn_error);
}
$query = mysql_query("SELECT * FROM users WHERE id='$username' AND password='$password'");
$numrows = mysql_num_rows($query);
if($numrows!== 0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['id'];
$dbpassword = $row['password'];
}
if($username==$dbusername && $password==$dbpassword) {
//echo "You are logged in!";
#$_SESSION['id'] = $username;
}
else {
echo "<script>alert('Username/Password are incorrect');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Wrong username/password!");
}
}
else {
echo "<script>alert('User doesn't exist.');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("That user doesn't exist!");
}
}
else if(empty($username) || empty($password)) {
echo "<script>alert('You didn't enter an ID/Password');</script>";
echo "<script language='javascript'>window.location = 'ask_login.php';</script>";
die();
//die("Please enter an ID and password!");
}
}
?>
The following script works fine, it allows a user to log in.
After they log in, this line of code requests them to click on a link to go to the members.php page.
die("You are now logged in. Please <a href='members.php'>" ."click here</a> to continue.<br /><br />");
Is there a way that I can get the page to automatically redirect to members.php after they log in?
<?php // login.php
include_once 'header.php';
echo "<div class='main'><h3>Please enter your details to log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
$pass_hash = md5($pass);
if ($user == "" || $pass == "")
{
$error = "Not all fields were entered<br />";
}
else
{
$query = "SELECT user,pass FROM members
WHERE user='$user' AND pass='$pass_hash'";
if (mysql_num_rows(queryMysql($query)) == 0)
{
$error = "<span class='error'>Username/Password
invalid</span><br /><br />";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php'>" . "click here</a> to continue.<br /><br />");
}
}
}
echo <<<_END
<form method='post' action='login.php'>$error
<span class='fieldname'>Username</span><input type='text'
maxlength='16' name='user' value='$user' /><br />
<span class='fieldname'>Password</span><input type='password'
maxlength='16' name='pass' value='$pass' />
_END;
?>
<br />
<span class='fieldname'> </span>
<input type='submit' value='Login' />
</form><br /></div></body></html>
Yes, there is:
header('Location: members.php');
exit;
Remember to include the exit so that your code stops running even if there is a problem processing the header.
Also note, this needs doing before any output is made whatsoever.
http://php.net/manual/en/function.header.php
<?php
if(isset($_POST['user'])){
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
$pass_hash = md5($pass);
if ($user == "" || $pass == ""){
$error = "Not all fields were entered<br />";
}else{
$query = "SELECT user,pass FROM members WHERE user='$user' AND pass='$pass_hash'";
if (mysql_num_rows(queryMysql($query)) == 0){
$error = "<span class='error'>Username/Password invalid</span><br /><br />";
}else{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
header('Location: members.php');
exit;
}
}
}
include_once 'header.php'; //Any output must be after your header code
echo <<<_END
<form method='post' action='login.php'>$error
<span class='fieldname'>Username</span><input type='text' maxlength='16' name='user' value='$user' /><br />
<span class='fieldname'>Password</span><input type='password' maxlength='16' name='pass' value='$pass' />
_END;
?>
<br />
<span class='fieldname'> </span>
<input type='submit' value='Login' />
</form><br /></div></body></html>
BTW - I have not checked any of your code except that which I mention above
At the point where you have the die() line, you can do this
ob_clean();
header('Location: http://www.example.com');
exit;
If headers are giving you a hard time, you can use this alternate (meta) method:
Where you presently have die("You are now logged in... do:
echo "You are not logged in. You will be redirected in 5 seconds...";
echo "<meta http-equiv=Refresh content=5;url=http://www.yoursite.com/members.php>";
Sidenote: Replace the 5 in content=5 with the amount of seconds you wish to take for the redirection. Using 0 will redirect right away.
It's not the best method but it works in many instances.
Another method is to add ob_start(); under your opening <?php tag which works at times.
Example:
<?php
ob_start();
// login.php
include_once 'header.php';
echo "<div class='main'><h3>Please enter your details to log in</h3>";
$error = $user = $pass = "";
...
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
// die("You are now logged in....
// keep the http:// and replace with your website address
header('Location: http://www.example.com/members.php');
exit;
...
I have a login.php file that after a valid login it does not seem to be starting a session or storing any information in the session array? Any help would be appreciated. Thank you.
<?php
include_once 'accounts/db.php';
include_once 'accounts/dbfunctions.php';
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}
if ($_POST['doLogin']=='Login')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}
$user_email = $data['usr_email'];
$pass = $data['pwd'];
if (strpos($user_email,'#') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";
}
$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE
$user_cond
AND `banned` = '0'
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);
if(!$approved) {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "Account not activated. Please check your email for activation code";
//header("Location: login.php?msg=$msg");
//exit();
}
//check against salt
if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
if(empty($err)){
// this sets session and logs user in
session_start();
session_regenerate_id(true); //prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['user_name'] = $full_name;
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
//set a cookie
if(isset($_POST['remember'])){
setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
}
header( 'Location: http://www.example.com' ) ;
}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
//$err[] = "Invalid Login. Please try again with correct user email and password.";
header("Location: index.html?p=problem1");
}
} else {
header("Location: index.html?p=problem2");
//$err[] = "Error - Invalid login. No such user exists";
}
}
?>
<script type="text/javascript" src="jquery/jquery.validate.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$("#logForm").validate();
});
</script>
<?php
/******************** ERROR MESSAGES*************************************************
This code is to show error messages
**************************************************************************/
if(!empty($err)) {
echo "<div class=\"msg\">";
foreach ($err as $e) {
echo "$e <br>";
}
echo "</div>";
}
/******************************* END ********************************/
?>
<div>
<?php
echo "session user id " . $_SESSION['user_id'];
echo "session id" . $sess_user_id;
echo "cookie id" . $cook_user_id;
echo "Session A " . $test1;
Print_r ($_SESSION);
$sid = session_id();
if($sid) {
echo "Session exists!" . session_id();
} else {
echo "NOTHING!";
}
echo $_SESSION['user_name'];
echo $_COOKIE['user_id'];
echo $_COOKIE['user_key'];
?>
<a id="11" href="#colorbox" class="Link">Login</a>
</div>
<div style='display:none'>
<div id="colorbox">
<div id="LoginBox">
<form action="login.php" method="post" name="logForm" id="logForm">
<div class="Fields">
<div id="userName">UserName:</div>
<input name="usr_email" type="text" class="required" size="25">
</div>
<div class="Fields" style="padding-top:5px;">
<div id="passWord">Password:</div>
<input name="pwd" type="password" class="required password" size="25">
</div>
<div class="Fields" style="padding-top:5px;">
<input name="remember" type="checkbox" id="remember" value="1">
Remember me</div>
<div class="Fields" style="padding-top:5px;text-align:center;">
<input name="doLogin" type="submit" id="doLogin3" class="button" value="Login">
</div>
</form>
<div id="forgotPasswordLink">
<a class="sitelink" id="colorboxForgot" href="forgot.php">Forgot Password</a></div>
</div>
</div>
</div>
Right now after login I see url index.html?p=problem instead of http://www.example.com
the following echos are empty so I believe that means no information is going into the session array
<?php
echo "session user id " . $_SESSION['user_id'];
echo "session id" . $sess_user_id;
echo "cookie id" . $cook_user_id;
echo "Session A " . $test1;
Print_r ($_SESSION);
$sid = session_id();
if($sid) {
echo "Session exists!" . session_id();
} else {
echo "NOTHING!";
}
echo $_SESSION['user_name'];
echo $_COOKIE['user_id'];
echo $_COOKIE['user_key'];
?>
keep in mind that you should start session at the very top of thd page,ie before anything start.else you will get empty values for session variables. if you wish to use session variables.Move
session_start();
to fist line.
sure this will solve ur problem