I have a page which loads completely when it is on a local server i uploaded the site on the server and some of my pages won't load here is the example of my pages
should i do something more when it is on server?what is the common problems in this situations?
<?php include("includes/manager_session.php");?>
<?php require_once("includes/connection.php");?>
<?php
$message="";
if(isset($_POST['submit'])){
$uname= mysqli_real_escape_string($cnn,$_POST['uname']);
$pass= mysqli_real_escape_string($cnn,$_POST['pass']);
$hashed_pass=sha1($pass);
function redirect_to($location){
header('Location:'.$location);}
//checking for available users
$query="select manager_id,uname,hashed_pass from manager where uname='{$uname}' and hashed_pass='{$hashed_pass}'";
$result=mysqli_query($cnn,$query);
//if query returns a thing
if($result){
$num_rows = mysqli_num_rows($result);
//agar user peida shod
if($num_rows == 1){
$found_user=mysqli_fetch_array($result);
$_SESSION['manager_id']=$found_user['manager_id'];
$_SESSION['manager_pass']=$found_user['hashed_pass'];
redirect_to("manager_profile.php");
}
//useri peida nashod
else{
echo "can not find user";
redirect_to("manager_login.php");
}
}else{echo mysqli_error($cnn);}
}
?>
<html lang='fa'>
<head>
<meta charset="utf-8">
<title>
کیمیافکر
</title>
<link rel="stylesheet" type="text/css" href="stylesheets/login-form.css" />
</head>
<body>
<div id="wrapper">
<form name="login-form" class="login-form" action="" method="post">
<input type="text" name="uname"/>
<input type="pass" name="pass"/>
</div>
</body>
</html>
<?php
mysqli_close($cnn);
?>
all pages that has the session part comes up with nothing in it (on of the sessions) when it is online so what is the problem her am i missing something ?
Related
newbie here...
so yeah, i already tried searching all those page-related about my question, but im still stuck...
anyway, my problem is that i always keep getting back at my login page, which is my index.php
oh btw, im still using PHP version 4.4.8
here is my code for my problematic main page, main.php
<?php
session_start();
include '../config.php';
if(!isset($_SESSION['admin'])){
header("location:index.php");
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>KSP Setia Finance</title>
</head>
<body>
<h1>test page</h1>
</body>
</html>
and here is my login page code, which is index.php
<?php
session_start();
include '../config.php'; ?>
<!DOCTYPE html>
<html >
<head>
<title>Login Form</title>
</head>
<body>
<div class="login">
<h1>Login</h1>
<form action="login_act.php" method="post">
<input type="text" name="username" placeholder="Username" required="required" />
<input type="password" name="password" placeholder="Password" required="required" />
<button type="submit" name="login" value="Login" class="btn btn-primary btn-block btn-large">Log In</button>
</form>
</div>
<script src="js/index.js"></script>
</body>
</html>
since everyone asking, here my login_act.php, already inserted with session_start
<?php
session_start();
include('../config.php');
if(isset($_POST['login'])){
$user = mysql_real_escape_string(htmlentities($_POST['username']));
$pass = mysql_real_escape_string(htmlentities(md5($_POST['password'])));
$sql = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$pass'") or die(mysql_error());
if(mysql_num_rows($sql) == 0){
echo 'User not found';
}else{
$row = mysql_fetch_assoc($sql);
if($row['level'] == 1){
$_SESSION['admin']=$user;
echo '<script language="javascript">alert("u are Login as Admin!"); document.location="index.php";</script>';
}else
echo 'sorry, u cant access this one';
}
}
?>
print value of $_SESSION on main.php and check if there is any key as 'username' and check login.php, what values are you storing in $_SESSION array
so i recently asking my friends, and here is the results:
all i need is just put those $SESSION_START above all, or make another php and link them all. so here my latest result that worked :
main.php
<?php
include 'access.php';
?>
<!DOCTYPE HTML>
<html>
<head>
<title>KSP Setia Finance</title>
</head>
<body>
<h1>test page</h1>
</body>
</html>
access.php
<?php
session_start();
if(!isset($_SESSION['admin'])){
echo '<script language="javascript">alert("you must Login!"); document.location="../index.php";</script>';
}
?>
and last, config.php
<?php
session_start();
mysql_connect("localhost","root","");
mysql_select_db("koperasi");
?>
i deleted that broken login_act.php, and making all the page i had to be linked directly with the access.php, which make it easier to manage the session. thank you to all that bear with my php problem and stupidity. hope this all gonna help those who still wandering and asking the same question.
I ran into another problem with my website that I can't get around.
I'm trying to make it so when the admin logs in he will be taken to the admin page but for some reason when I enter the correct details into the log in and press the submit button it just brings me back to the admin log in page again.
Here is a Gyazo of my problem
https://gyazo.com/34f133fea4b20ec285ee7ff491053145
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="UTF-8">
<title>Login</title>
<script src="https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js" type="text/javascript"></script>
<link href='https://fonts.googleapis.com/css?family=Ubuntu:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://s3-us-west-2.amazonaws.com/s.cdpn.io/148866/reset.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css">
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<body>
<main id="cd-main-content">
<section id="cd-intro">
<h1>Admin Log In</h1>
<header class="cd-header">
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
// removes backslashes
$adminusername = stripslashes($_REQUEST['adminusername']);
//escapes special characters in a string
$adminusername = mysqli_real_escape_string($con,$adminusername);
$adminpassword = stripslashes($_REQUEST['adminpassword']);
$adminpassword = mysqli_real_escape_string($con,$adminpassword);
//Checking is user existing in the database or not
$query = "SELECT * FROM `admin` WHERE username='$adminusername'
and password='".md5($adminpassword)."'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['username'] = $adminusername;
// Redirect user to admin page /////////////////////////////////////////////////////////////////////
header("Location: adminpage.php");
}else{
echo "<div class='form'>
<h3>Username/password is incorrect.</h3>
<br/>Click here to <a href='admin.php'>Login</a></div>";
}
}else{
?>
<div class="form">
<form action="" method="post" name="login">
<input type="text" name="adminusername" placeholder="Username" required />
<input type="password" name="adminpassword" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
</div>
<?php } ?>
<a class="cd-menu-trigger" href="#main-nav">Menu<span></span></a>
</header>
<div class="cd-blurred-bg"></div>
</section> <!-- cd-intro -->
</main>
<div class="cd-shadow-layer"></div>
<nav id="main-nav">
<ul>
<li><span>Login</span></li>
<li><span>What's On</span></li>
<li><span>Favourites</span></li>
<li><span>About</span></li>
<li><span>Admin</span></li>
</ul>
Close<span></span>
</nav>
</body>
<script src='js/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
You are doing:
if (isset($_POST['username'])) {
//...
}
Try this
if (isset($_POST['adminusername'])) {
//...
}
As a note, I suggest you to try use a framework, like laravel.
first I would debug by var_dump($_POST) and see what you get. I would bet that since you dont have an ID set for the input value name it is not working. If anything checking for ISSET($_POST['username']) would never work because you do not have a vairable set for that name.
var_dump($_POST) and see what you get. If not add an ID='username' to the input
try this :-
if (isset($_POST['submit'])){
// rest of code...
}
index.php
<?php session_start(); ?>
<?php include('dbcon.php'); ?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="form-wrapper">
<form action="#" method="post">
<h3>Login here</h3>
<div class="form-item">
<input type="text" name="user" required="required" placeholder="Username" autofocus required></input>
</div>
<div class="form-item">
<input type="password" name="pass" required="required" placeholder="Password" required></input>
</div>
<div class="button-panel">
<input type="submit" class="button" title="Log In" name="login" value="Login"></input>
</div>
</form>
<?php
if (isset($_POST['login']))
{
$username = mysqli_real_escape_string($con, $_POST['user']);
$password = mysqli_real_escape_string($con, $_POST['pass']);
$query = mysqli_query($con, "SELECT * FROM users WHERE password='$password' and username='$username'");
$row = mysqli_fetch_array($query);
$num_row = mysqli_num_rows($query);
if ($num_row > 0)
{
$_SESSION['user_id']=$row['user_id'];
header('location:home.php');
}
else
{
echo 'Invalid Username and Password Combination';
}
}
?>
</div>
</body>
</html>
Here is my page for login the system. When the username and password is then it will go to home pages. It work properly. but if I write in browser after log out.
localhost/logg/home.php it is automatically go to that pages it not asking for login. So How to make proper login page where it asking log or automatically it will go login panned for all the pages is that is connected with home page.
home.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Management System</title>
<link rel="stylesheet" type="text/css" href="css/style_entry.css" />
<link rel="stylesheet" type="text/css" href="css/home_menu.css" />
<link rel="stylesheet" type="text/css" href="css/container.css" />
</head>
<body style="background-color:gray"/>
<div class="container">
<div class="dropdown">
<button class="dropbtn">Entry</button>
<div class="dropdown-content">
Market Information
bank Information
Client Information
</div>
</div>
Edit
Bill Process
Bill Print
Bill Posting
Report
Admin
Help
Help
<li style="float:right"><a class="active" href="logout.php">Logout</a></li>
</body>
logout.php
<?php
session_start();
session_destroy();
header('location:index.php');
?>
How can I secure it ?? how can I set if I write the url in browser then it will automatically go to the login page.
1st : On top of every page you need to check session is exists or not . if session exists allow user to see the page otherwise redirect the page to login page .
if(!isset($_SESSION['user_id'])){
header('Location:login.php');
exit();
}
Note : Session is globally accessible variable . Based on that you need to make logic .
make a file 'login_check.php'
<?php
if(isset($_SESSION['user_id'])){
}else{
header("location:login.php");
}
?>
include this file in those pages which should only be accessible to logged in user.
index.php
<?php
require 'linessystem/connection.php';
$msg = "";
if (isset($_SESSION['username']) && !empty($_SESSION['username'])) {
if ($_SESSION['level']=='admin' or $_SESSION['level']=='user') {
header("location:linessystem/administrative/index.php");
}
if ($_SESSION['level']=='agent' && !empty($_SESSION['lang'])) {
if ($_SESSION['lang']=='ar') {header("location:linessystem/agent/ar/index.php");}
if ($_SESSION['lang']=='hr') {header("location:linessystem/agent/hr/index.php");}
if ($_SESSION['lang']=='en') {header("location:linessystem/agent/en/index.php");}
}
}
if (isset($_POST['username']) && !empty($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query="select * from users where username='$username' AND password='$password'";
$result = mysqli_query($conn,$query) or die(mysql_error($conn));
$login = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if($login>0){
$_SESSION['username'] = $username;
$_SESSION['lang']=$row['language'];
$_SESSION['agent_id']=$row['agent_id'];
$_SESSION['level']=$row['level'];
if (isset($_SESSION['username']) && !empty($_SESSION['username'])) {
if ($_SESSION['level']=='admin' or $_SESSION['level']=='user') {
header("location:linessystem/administrative/index.php");
}
if ($_SESSION['level']=='agent' && !empty($_SESSION['lang'])) {
if ($_SESSION['lang']=='ar') {header("location:linessystem/agent/ar/index.php");}
if ($_SESSION['lang']=='hr') {header("location:linessystem/agent/hr/index.php");}
if ($_SESSION['lang']=='en') {header("location:linessystem/agent/en/index.php");}
}
}
}else{$msg= ' <div align="center" style="color:red;font-weight: bold;font-size:15px;"> wrong username or password </div><br>';
}}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<!-- Bootstrap -->
<link href="assets/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/login-style.css">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="login-page">
<div class="form" align="center" >
<form class="login-form" method="post" action="index.php" id="loginid" >
<input type="text" name="username" required="" placeholder="username"
autocomplete="off">
<input type="password" name="password" required="" placeholder="password"
autocomplete="off ">
<p class="message"><?php echo $msg; ?></p>
<button>login</button>
</form>
</div>
</div>
</body>
</html>
I have an error in the server code of above one. I bought adomain and hosting and wh web siter is run already in other server but in this new hosting isnt run when it reserve the value but don't redirect me to the main page and the url of new hosting is http://www.quicklineltd.com.
where is the problem that I could not make it ?
User name is 2 and pass is 2.
Do you even make it into the if statement? Try an echo instead of header.
And did you use a session_start(); at the beginning of your php file?
Or did you include the file above inside another file wich already echo'd some output, because then header wont work either.
Or you should have to put a slash in front of the path, or even use a full url as in http://
Please use session_start(); at the beginning of the file. Without starting the session, the sessions used in the file will not work.
I really don't know how to describes this, but here goes. I'm trying to make a Login for an online multiplayer game (cluedo to be exact) that is written using mainly the LAMP stack (php,js,etc), and creating a session when someone logs in/registers works for me and all and I even save it to a sql database, but it seems that as soon as a next user Logs in/registers the session id to the previous user is overridden to the new ones details. In other words they both now have the same session for some reason.
My Game LogIn basically:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="StyleSheet.css">
<meta charset="UTF-8">
<title>Game Setup</title>
</head>
<body>
<header>
<h1>Game Setup</h1>
</header>
//My form for user details and character select
<form name="Registration" id=Form1 action="Lobby.php" method="POST">
<fieldset>
<legend>Player information:</legend>
<label for="Pid">Player Name(required): </label><br>
<input autofocus type="text" id="Pid" name="Pid" placeholder="Player ID" required><br>
<label for="Avatar">Character(required):</label><br>
<select name="Avatar">
<option value="Miss White">Miss White</option>
<option value="Col Mustard">Col Mustard</option>
<option value="Miss Scarlet">Miss Scarlet</option>
<option value="Mr Green">Mr Green</option>
<option value="Madame Plum">Madame Plum</option>
<option value="Benjamin Blue">Benjamin Blue</option>
</select><br><br>
<input type="submit" value="Register">
</fieldset>
</form>
</body>
and the lobby (where I wait for someone to press game start or for more people to register)
<?php
session_start() ;
session_regenerate_id();
$_SESSION["UserName"]=$_POST['Pid'];
$_SESSION["Avatar"]=$_POST['Avatar'];
?>
<?php require 'DatabaseConnect.php' ?>
<?php include 'Users.php' ?>
<?php
$PlayerID = mysqli_real_escape_string($conn, $_POST['Pid']);
$PlayerChar = mysqli_real_escape_string($conn, $_POST['Avatar']);
$SesID = session_id();
$sql = "INSERT INTO users (UserName, Avatar, sessionID)
VALUES ('$PlayerID', '$PlayerChar','$SesID')";
if ($conn->query($sql) === TRUE) {
echo "Welcome $PlayerID , currently in Lobby: <br>";
$User = new Users();
$User->setUserName($_SESSION['UserName']);
$User->setAvatar( $_SESSION['Avatar']);
$User->isPlaying = false;
$_SESSION['User'] = serialize($User);
?>
<html>
<body>
<div id="Players"> </div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
<script src ="Display.js"></script>
</body>
</html>
<?php
}
else {
if($conn->errno == 1062){//when a userName or Character already in use
$sql = "SELECT * FROM users";
$result = $conn->query($sql);
$sql = "ALTER TABLE users AUTO_INCREMENT = ".$result->num_rows;
$conn->query($sql);
echo "<script type='text/javascript'>alert('ERROR :Username or Character already in use!')</script>";
echo" <script>
window.location = 'LogIn.php';
</script>";
}
}
?>
and then the Display.js runs in a loop until either 6 people connect or a user presses start. It also displays everyone currently waiting for a game by outputting the SQL database, but I don't think that code is necessary to add, but then when that's done I go to the Cluedo.php page and if I echo session_id() there on two different browsers(same machine) I get the same session_id()
<?php
session_start() ;
?>
<?php require 'DatabaseConnect.php' ?>
<?php include 'Users.php' ?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="StyleSheet.css">
<meta charset="UTF-8">
<title>Cluedo</title>
</head>
<body>
<?php
$User = unserialize($_SESSION['User']);
echo session_id();
?>
</body>
</html>
Also I'm using XAMPP and running it all locally at the moment so don't know if there's a problem there maybe?
Here's an example of my database with the saved values, the table saves unique sessions however when the session_id() is echoed at the Cluedo.php page it is always the last registered user:
UserTable