Session missing after redirect (live server only)

Session missing after redirect (live server only) - php

I have been created a login page for user to login. The code is working properly in localhost but not in live server. User can't login on live server and I found out that everytime redirect to index.php, the session will lost, so that user can't login due to lost of session. You have any idea on this?
<?php
session_start();
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
echo "<script>window.location = \"index.php\";</script>";
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
Index.php
<? session_start();?>
<script>alert ('<?php echo $_SESSION['username']; ?>');</script>

Check session in your index.php page.just start session and echo user session. if you get then try if condition.
<?php session_start();
echo $_SESSION["username"];
if($_SESSION["username"]){
echo "bla bla";
}?>

<?php
session_start();
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username1 = $_POST['username']; // change it
$password1 = $_POST['password']; // change it
$username = stripslashes($username1); // change it
$password = stripslashes($password1); // change it
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
echo "<script>window.location = \"index.php\";</script>";
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
You write same name username /password before strip the username/password as well as after , so change the name and try once

In the below code,
<?php session_start(); // your header.php file should not have a session start in that file
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
?><script>alert ('<?php echo $_SESSION['username']; ?>');</script><?
echo "<script>window.location = \"index.php\";</script>";
exit();
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
You need to use session_start() function at the first line of the page after the php script starts

Related

php Header location not letting me into admin area

I recently started learning PHP. I've been working on a basic login page. Everything works great locally, but when it's uploaded to ipage, it just reloads the login page. If I enter incorrect login info, it tells me that I entered something wrong.
Here's my code...
login.php:
<?php
ob_start();
session_start();
require 'connect.inc.php';
if (isset($_POST['submit'])) {
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$uid = strip_tags($uid);
$pwd = strip_tags($pwd);
$uid = stripcslashes($uid);
$pwd = stripcslashes($pwd);
$uid = mysqli_real_escape_string($db, $uid);
$pwd = mysqli_real_escape_string($db, $pwd);
$sql = "SELECT * FROM users WHERE uid='$uid' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['pwd'];
$pwd = password_verify($pwd, $row['pwd']);
if ($pwd == $db_password) {
//$_SESSION['username'] = $uid;
$_SESSION['id'] = $id;
header("Location: http://website.com/dashboard.php");
exit;
}else {
echo 'You didn\'t enter the correct information';
}
}
?>
dashboard.php:
<?php
ob_start();
session_start();
require 'connect.inc.php';
if (!isset($_SESSION['id'])) {
header("Location: http://website.com/login.php");
exit();
}
?>
any help would be appreciated very much...

I think the problem of your code lies in here
if ($pwd == $db_password) {
//$_SESSION['username'] = $uid;
$_SESSION['id'] = $id;
header("Location: http://website.com/dashboard.php");
exit;
}else {
echo 'You didn\'t enter the correct information';
}
password_verify() returns TRUE or FALSE and you are trying to check if it is equal to $db_password. As fas as I know this will not be true so even though the password you are typing in is correct, the page won't go anywhere because the if statement is not working properly.
So in your case, this is how I think you should have your code
<?php
ob_start();
session_start();
require 'connect.inc.php';
if (isset($_POST['submit'])) {
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$uid = strip_tags($uid);
//$pwd = strip_tags($pwd);
$uid = stripcslashes($uid);
//$pwd = stripcslashes($pwd);
$uid = mysqli_real_escape_string($db, $uid);
//$pwd = mysqli_real_escape_string($db, $pwd);
$sql = "SELECT * FROM users WHERE uid='$uid' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['pwd'];
$pwd = password_verify($pwd, $db_password);
if ( $pwd === TRUE ) {
//$_SESSION['username'] = $uid;
$_SESSION['id'] = $id;
header("Location: http://website.com/dashboard.php");
exit;
}else {
echo 'You didn\'t enter the correct information';
}
}

How to do i hide the content in user page to the unregistered users?

this is the my login.php code. if someone logged, i want to redirect student-area.php . and if unregisterd member direct goes to the student-area.php, i want to hide the content in student-area.php
<?php
#mysql_connect('localhost', 'root', '');
$select_db = mysql_select_db('register');
session_start();
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM `users` WHERE username='$username' and password='".md5($password)."' ";
$result = mysql_query($query) or die(mysql_error());
$rows = mysql_num_rows($result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: student-area.php");
}else{
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}else
?>

Use $_SESSION in page student-area.php to check if user is logged or not.
if(isset($_SESSION['username']))
//User logged
else
//User not logged
N.B. the beginning of the php file remembers to put session_start();

why is nothing displaying when I run my php code using mamp

I have created a page with an image slide showing jQuery. I also have a search that that a user can search for a house from a database and this code works find. When I added php code in so that the user is allowed to log in and tried to run it the page comes up blank, why is this?
Here is my code
session_start();
include "connect.php";
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query = ($con "SELECT * FROM login WHERE username='$username' and password= '$password'");
$result = mysqli_query($query) or die(mysqli_error());
$count = mysqli_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else {
echo "Invalid Login Credentials.";
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hello " . $username . "";
echo "This is the Members Area";
echo "<a href='logout.php'>Logout</a>";
}
?>

Firstly, you're not passing your connection to your query and you have one missing brace.
The one for if (isset($_POST['username']) and isset($_POST['password'])) which should encapsulate your entire PHP.
Sidenote: Using $con as the connection variable's parameter.
<?php
session_start();
include "connect.php";
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM login WHERE username='$username' and password='$password'";
$result = mysqli_query($con, $query) or die(mysqli_error());
$count = mysqli_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else {
echo "Invalid Login Credentials.";
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hello " . $username . "";
echo "This is the Members Area";
}
} // closing brace for if (isset($_POST['username']) and isset($_POST['password']))
echo "<a href='logout.php'>Logout</a>";
?>
I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.
I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

Register Session Error (null)

Problem :
After login, it redirect to index.php not home.php.
From my observation, session register for both is NULL.
Can someone help me?
I'm new with PhP.
Thanks, sorry for bad grammar/english.
Check login :
<?php ob_start();
include ("connect/db.php");
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM users WHERE login='$username' and passwd='$password'";
if (!mysql_query($sql, $con)){
die('Error: ' . mysql_error());
}
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$rows = mysql_fetch_array($result);
$member = $rows['member_id'];
$_SESSION["iduser"] = $username;
$_SESSION["idmember"] = $member;
echo '<center>Login Successfull!<br>Username : <i>' .$_SESSION["iduser"]. ' [' .$_SESSION["idmember"]. ']</i><br><br>';
echo "<input class='button' type='button' value='Enter' onClick=\"javascript:window.location.href='home.php'\"></center>";
}
else {
echo '<center>Login Error!<br>Invalid Username or Password.<br><br>';
echo "<input class='button' type='button' value='Back' onClick=\"javascript:window.location.href='index.php'\"></center>";
}
ob_end_flush();
?>
Home :
<?php
session_start();
if(!isset($_SESSION['member'])){
header("location:index.php");
}
$username = $_SESSION['iduser'];
$member = $_SESSION['idmember'];
?>

In the page Check Login, add session_start() at the top as in page - Home.
In the page Home, line
if(!isset($_SESSION['member'])){
should be
if(!isset($_SESSION['idmember'])){

Do you have started session on your first script with session_start(); ?
$_SESSION isset but is empty so into home try with : var_dump(!empty($_SESSION[val]));
If you did, you should try to add some var_dump(expression); in order to see where is the problem, for exemple to verify your sql result.

php admin session session

I'm trying to make an admin account for my website using php. I'm using the following code and I get "500 internal Server Error" I have no idea what i'm doing wrong.
I have the following php script in my index.php file for admin.
<?php
session_start();
if(!isset($_SESSION["manager"])){
header("Location: admin_login.php");
exit();
}
$id = preg_replace('#[^0-9]#i', '', $_SESSION["id"]);
$manager = preg_replace('#[^0-9]#i', '', $_SESSION["manager"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);
include "../scripts/db_connect.php";
$sql_str = mysql_query("SELECT * FROM admins WHERE userName = '$userName' AND password = '$password' LIMIT 1");
$exist_Count = mysql_num_rows('$sql_str');
if($exist_Count == 0){
header('location: ../index.php');
exit();
}
?>
and the following code is for admin_login.php file where I ask the user to sign in
<?php
if(isset($_POST["userName"]) && isset($_POST["password"])){
$manager = $_POST["userName"];
$password = $_POST["password"];
include "../scripts/db_connect.php";
$results = mysql_query("SELECT id FROM admins WHERE userName = '$manager' AND password ='$password' LIMIT 1");
$existCount = mysql_num_rows($results);
if($existCount == 1){
while($row = mysql_fetch_array($results)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("Location: index.php");
exit();
}
else{
echo 'Invalid Information';
exit();
}
}
?>

You forgot to add session_start() on your admin_login.php
<?php
session_start(); //<---------- Here
if(isset($_POST["userName"]) && isset($_POST["password"])){
$manager = $_POST["userName"];
$password = $_POST["password"];
include "../scripts/db_connect.php";
$results = ......
//.... rest of your code............

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Session missing after redirect (live server only) - php

Check session in your index.php page.just start session and echo user session. if you get then try if condition. <?php session_start(); echo $_SESSION["username"]; if($_SESSION["username"]){ echo "bla bla"; }?>

Related

php Header location not letting me into admin area

How to do i hide the content in user page to the unregistered users?

why is nothing displaying when I run my php code using mamp

Register Session Error (null)

php admin session session

Categories

Resources