Redirect loop in Chrome - php

I have just setup Apache and Mysql on my server and trying to create a website with a session based login system. I have followed the tutorial from this link: http://www.formget.com/login-form-in-php/
Everything seems fine except when testing the login. Once I have entered a correct username and password combination it fails to login succesfully as Chrome shows an error as such
I do not have an .htaccess file on my server, and I am sure the login details are correct as the URL shown on the address bar is pointing to the dashboard page (profile.php according to the tutorial) supposed to be shown on a successful login.
The source code for the login.php page where the querying of the database is done is as follows:
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$db = mysql_select_db("company", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from login where password='$password' AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>
The login page (index.php) is as follows:
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>PHP Login Session Example</h1>
<div id="login">
<h2>Login Form</h2>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
When trying to login using Internet Explorer, IE gets stuck on trying to load the next page (just shows the waiting message with the loading icon).
I have chmod my files based on the link: http://fideloper.com/user-group-permissions-chmod-apache
(replaced /var/www with /var/www/html where all my files are at).
EDIT: Code for profile.php (and session.php)
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout">Log Out</b>
</div>
</body>
</html>
session.php
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("company", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from login where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>

Related

Session in PHP not getting registerd

I am trying to develop a simple login page once login login.php it should show index.php
Below files are in the web directory:
> https://www.myowndomain.com/test/status/login.php
> https://www.myowndomain.com/test/status/auth.php
> https://www.myowndomain.com/test/status/index.php
So when the user enters index.php it checks if the session is created if so it will show index.php if not redirect it to login.php.
If I log in using a valid username and password and click login the PHP file is returning to login.php, not to index.php (Session is created in login.php but when accessing the same on indext.php or auth, session it is blank?
In index.php if I don't include auth.php - The login works fine but doesn't get the session.
login.php:
<?php
include("db.php");
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username']))
{
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
//Checking if user existing in the database or not
$query = "SELECT * FROM users WHERE username='$username' and password='".md5($password)."'";
$result = mysqli_query($con,$query) or die(mysqli_error());
$rows = mysqli_num_rows($result);
echo $rows;
if($rows==1)
{
$_SESSION['username'] = $username;
echo "User in session:" . $username;
header("Location: index.php"); // Redirect user to index.php
}
else
{
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}
else
{
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<h1>Log In</h1>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
<p>Not registered yet? <a href='registration.php'>Register Here</a></p>
</div>
</body>
</html>
auth.php:
<?php
include("db.php");
session_start();
$user_check=$_SESSION['username'];
$ses_sql = mysqli_query($con, "SELECT username FROM users where username='$user_check'");
$row=mysqli_fetch_array($ses_sql);
$login_session=$row['username'];
if(!isset($login_session))
{
header("Location:login.php");
}
?>
What could be wrong here? I have check every bit still issue. Probably someone can recheck my code and tell me the issue? Could it be an issue with the web directory? The files are inside a folder/subfolder/?
Other than the obvious security implications of your code, I don't see anything wrong with it. You could try manually setting the session save location. I've found with some hosting that the session path needs to be explicitly set for sessions to work...
session_save_path("/location/to/save/sessions/");
To find out what your session save path should be, contact your hosting provider. If you are using localhost - a quick google will do it.

Session code not working in php

i am trying to develop a login form so i got online and picked a code. i made a database called "company" with a table "login" having fields; Id, username and password. I have saved some entries in the table.
when i try to login i get a response; The page isn't redirecting properly;
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.This problem can sometimes be caused by disabling or refusing to accept cookies.
and i dont know whats wrong.
Below is my code:
index.php
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>PHP Login Session Example</h1>
<div id="login">
<h2>Login Form</h2>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
login.php
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "", "company");
// To protect MySQL injection for Security purpose
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection, "select * from login where password='$password' AND username='$username'");
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
} else {
$error = "Username or Password is incorrect";
}
mysqli_close($connection); // Closing Connection
}
}
?>
logout.php
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
header("Location: index.php"); // Redirecting To Home Page
}
?>
profile.php
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout">Log Out</b>
</div>
</body>
</html>
session.php
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "","company");
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysqli_query("select username from login where username='$user_check'", $connection);
$row = mysqli_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysqli_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
thank you.
Problem solved.
I have connected to another table with more fields thats is; id, firstname, username and password.
I edited the session.php and changed the mysqli_query using Firstname where Username is $user_check. Im now printing the name of the logged in user.
Thank you guys.

Load json date format from MySQL table into PHP

At University here we have some mysql table structures that has been created by a previous coder/guy. The structure itself is clean and perfect. We use the data from MySQL in order to login into the system. the login system which is in PHP works fine with $username and $password with sessions.
Problem:
We have table for each of us (users) with a expire date. The date which we need everytime swap our security cards. However, i would like to fetch/echo this expire date table and insert into everyones profile.php as soon they login.
The problem here is that it looks like the previous coder has used json.
Example:
table structure: username, password, expdate
Only the table expdate is coded in json (i think), because it has something like: 1544301180 or NULL -> which NULL indicates UNLIMITED and 1544301180 some kind of date. This date is at the moment non-human readable.
How can I implement it?
I will show you the complete php content:
INDEX.PHP (where people do the login)
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>PHP Login Session Example</h1>
<div id="login">
<h2>Login Form</h2>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
LOGIN.PHP (the config and connection to mysql db)
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "changed", "changed");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$db = mysql_select_db("unibebio", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from users where password='$password' AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>
SESSION.PHP (user session checker)
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "changed", "changed");
// Selecting Database
$db = mysql_select_db("unibebio", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from users where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
All this works fine, till we are landing in PROFILE.PHP, which we need to show human readable expiration date format. But i have no clue how to do it and or implement it:
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>UNIBE BIOCHEMIE</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout">Log Out</b>
</div>
</body>
</html>
As you can see, it works and it echo's the username from the table of that specific user.
But how can I do the same for the expiration date that is (I think) json encoded?
As I said, the table structure is: username, password, expdate

How can I secure my HTML page using PHP? I am getting error [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have created session in php and restricted the admin.php page. If user is not logged in he/she or any alien/robot cannot access the page. After login it must go to admin page. But it goes to contact.php which is mentioned in check.php. If I do not include check.php in admin.php. It goes to admin.php after login but admin.php can be access without login also. Can you check where I am wrong?
This is login.php--
<?php
include('connect.php'); // Include connect for login Script
if ((isset($_SESSION['username']) != ''))
{
header('Location: admin.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<link href='http://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'>
<meta charset="UTF-8">
<title>Admin Login</title>
</head>
<body>
<div class="login-block">
<form action="" method="POST">
<h1>Login</h1><span><img src="/img/loginlogo.png"/></span>
<span id="invalid"><?php echo $error; ?></span>
<input type="text" name="username" placeholder="Username" id="username" />
<span><?php echo $usererror; ?></span>
<input type="password" name="password" placeholder="Password" id="password" />
<span><?php echo $pwderror; ?></span>
<input id= "btn" name="submit" type="submit" value=" Login "/>
Forgot Password
Register Now
</form>
</div>
</body>
</html>
This is admin.php--
<?php
include('check.php');
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $login_user;?>!</em></h1>
<br><br><br>
Logout?
</body>
</html>
This is check.php--
<?php
include('db.php');
session_start();
$user_check=$_SESSION['username'];
$sql = mysqli_query($db,"SELECT username FROM credentials WHERE username='$user_check' ");
$row=mysqli_fetch_array($sql,MYSQLI_ASSOC);
$login_user=$row['username'];
if(!isset($user_check))
{
header("Location: contact.php");
}
?>
This is my connect.php--
<?php
session_start();
include("db.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$usererror = "Username can not be left blank";
$pwderror = "Password can not be left blank";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect from MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
//$password = md5($password);
//Check username and password from database
$sql="SELECT id FROM credentials WHERE username='$username' and password='$password'";
$result=mysqli_query($db, $sql);
$row=mysqli_fetch_array($result, MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: admin.php"); // Redirecting To Other Page
}
else
{
$error = "Incorrect username or password.";
}
}
}
?>
I have fixed this issue.
I replaced my code in connect.php from:
$_SESSION['username'] = $login_user; // Initializing Session
to:
$_SESSION['username'] = $username; // Initializing Session
Thanks everyone.
I can help you and say that you should stop following that tutorial. Everything it is telling you about how to use HTML, PHP, MySQL is deprecated, not best pracise and just wrong. STOP using that tutorial, throw your work away and read up on Prepared SQL Statements as well as HTML5 and PHP 7 .
Always put die() or exit after a header("Location: ...); call.
Your login is checking your session value, therefore once you've logged in once correctly, then the session value will be remembered and you will always be "logged in". To break this cycle, clear your browser data for this website. Refresh the page.
I can't provide more detailed help without you Showing me what PHP errors (if any) you are getting and clarifying if you've been able to login correctly at all?

This webpage has a redirect loop - PHP Login

I'm trying out a login page example in php. I get the error: This webpage has a redirect loop
Details say: Error code: ERR_TOO_MANY_REDIRECTS
Here's my code:
index.php
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile.php");
}
?>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
login.php
<?php
session_start();
$error='';
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
$username=$_POST['username'];
$password=$_POST['password'];
$connection = mysql_connect("localhost", "root", "");
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$db = mysql_select_db("rjtest", $connection);
$query = mysql_query("select * from login where myPassword='$password' AND myUserName='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
$error = "Username or Password is invalid";
}
}
}
?>
profile.php
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout">Log Out</b>
</div>
</body>
</html>
session.php
<?php
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("rjtest", $connection);
session_start();
$user_check=$_SESSION['login_user'];
$ses_sql=mysql_query("select myUsername from login where myUsername='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
header('Location: index.php');
}
?>
And logout.php
<?php
session_start();
if(session_destroy())
{
header("Location: index.php");
}
?>
I can't seem figure out why. The site where I got this code is now inactive, so that's why Im asking this here. Hope you guys could help me out. Sorry for the long post though.
Comment to answer:
What I think is going on is that your code is erroring out and you're not seeing it, causing it to fight against what it should be showing you as an error.
You have $login_session =$row['username']; using the "username" as the row, but you're not selecting it in your query select myUsername from login where myUsername.
So, I'm thinking that if that row doesn't in fact exist, you'd need to do
$login_session =$row['myUsername'];

Categories