Login Not Working PHP MySQL

Login Not Working PHP MySQL - php

I'm trying to fix my login page...
It works fine on the login.php with redirecting but on the index it doesn't redirect even if the session is empty. Any pointers? I'm new to this, so forgive me if it's really obvious.
<?php
require_once('../includes/config.php');
session_start();
if(!isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='no'){
// not logged in
header("location: login.php");
exit();
} else {
$_SESSION['loggedin'] = 'yes';
}
?>
<?php
include("../includes/config.php");
$error = NULL;
$atmpt = 1;
if (!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='yes'){
// logged in
header("location: index.php");
exit();
}
if(isset($_POST['login']))
{
/* get username and password */
$username = $_POST["username"];
$password = $_POST["password"];
/* MySQL Injection prevention */
$username = mysqli_real_escape_string($mysqli, stripslashes($username));
$password = mysqli_real_escape_string($mysqli, stripslashes($password));
/* check for user in database */
$query = "SELECT * FROM admin_accounts WHERE username = '$username' AND password = '$password'"; // replace "users" with your table name
$result = mysqli_query($mysqli, $query);
$count = $result->num_rows;
if($count > 0){
//successfully logged in
$_SESSION['username']=$username;
$_SESSION['loggedin']='yes';
$error .= "<div class='alert alert-success'>Thanks for logging in! Redirecting you..</div>";
header("refresh:1;url=index.php");
} else {
// Login Failed
$error .= "<div class='alert alert-danger'>Wrong username or password..</div>";
$_SESSION['loggedin']='no';
$atmpt = 2;
}
}
?>

The line
session_start();
should be the very first line in the php script.

Just modify first three lines.
As session_start() should be put before any output has been put on the browser (even space).
<?php
session_start();
require_once('../includes/config.php');
if (empty($_SESSION['loggedin']) && $_SESSION['loggedin']=='no') {
...

Related

direct user access of pages through url

hi i want to block direct URL access to my pages using below php codes but if I include it to my forms I can't login even after typing my username and password it's like I'm locked out of my application. can someone help please
that's my security.php file
<?php
if(!isset ($_SESSION['user']))
{
header ('location:user_login.php');
}
?>
and the user login file
<?php
if (isset($_POST['btnLogin']))
{
$user = $_POST['user'];
$password = $_POST['password'];
//sql injection security
$user = mysqli_real_escape_string($con,$user);
$password = mysqli_real_escape_string($con,$password);
//select database
$db = mysqli_select_db($con,'nesthet');
$query = "SELECT * from users where user='$user' AND password='$password'";
$query_run = mysqli_query($con,$query);
$role = mysqli_fetch_array($query_run);
//user redirection base on user role
if($role['role'] == "admin"){
session_start();
$_SESSION['user'] = $user;
header('location: admin.php');
}
else if($role['role'] == "user") {
$_SESSION['user'] = $user;
header('location: mdi_parent.php');
}
else {
$_SESSION['status'] = "Username or password is invalid";
header('location: index.php');
}
}
?>

In security.php you should execute session_start() before using $_SESSION variable
<?php
if(!isset ($_SESSION['user']))
{
header ('location:user_login.php');
}
?>
In your code, you just only start session when role is admin
if($role['role'] == "admin"){
session_start();
$_SESSION['user'] = $user;
header('location: admin.php');
}
else if($role['role'] == "user") {
$_SESSION['user'] = $user;
header('location: mdi_parent.php');
}
else {
$_SESSION['status'] = "Username or password is invalid";
header('location: index.php');
}

session login keep refreshing page

I'm doing a login system for my webpage, when i key in the correct login id and password the page refresh back to the login page. I did all the things correct but the session keep messing things up and I don't know where is the error.
index.php
session_start();
if(!isset($_SESSION['loggedin'])){
header("location:login.php");
}
server.php
if(isset($_POST['login'])){
$username = mysqli_real_escape_string($db,$_POST['Username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
if (empty($username)){
array_push($errors, "Username is required");
}
if (empty($password)){
array_push($errors, "Password is required");
}
if(count($errors) == 0){
$password = md5($password);
$query = "SELECT * FROM register where username='$username' AND password = '$password'";
$result = mysqli_query($db, $query);
if(mysqli_num_rows($result) == 1){//user found
$logged_in_user = mysqli_fetch_assoc($result);
if ($logged_in_user['type'] == 'admin') {
$_SESSION['loggedin'] = true;
$_SESSION['Username'] = $username;
$_SESSION['id'] = $id;
header('location: admin.php');
}
else{
$_SESSION['loggedin'] = true;
$_SESSION['Username'] = $username;
header('location: index.php');
}
}
}
}

Both pages should have session_start() at the top of code
for example
index.php
<?php
session_start();
server.php
<?php
session_start();
and so on
Another thing offtopic. Prefer using PDO instead of mysqli_ for database access
http://nl1.php.net/manual/pt_BR/book.pdo.php

echo don`t show when use unset global variables

I have started a session on config page, then $_SESSION['logged_out'] = 1; and on index page that:
if(isset($_SESSION['logged_out']))
{
echo "You have been logged out !";
unset($_SESSION['logged_out']);
}
But the echo not workig, like unset is before him. And i don`t understand why, please help me.
EDITED:
Config page:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
ob_start();
session_start();
include 'connection.php';
include 'functions.php';
$logged_in = 0;
if(isset($_SESSION['username']) && isset($_SESSION['password']))
{
$username = sec($link, $_SESSION['username']);
$password = sec($link, $_SESSION['password']);
$udata = get_row($link, "SELECT * FROM accounts WHERE Username= '$username' && Password= MD5('$password')");
if(isset($udata['ID']))
{
$logged_in = 1;
if(isset($_GET['logout']))
{
unset($_SESSION['username']);
unset($_SESSION['password']);
$_SESSION['logged_out'] = "1";
mysqli_query($link, "UPDATE accounts SET rpgon = '0' WHERE Username = '$username'");
header('location: index.php');
}
}
} ?>
Index page:
if(isset($_SESSION['logged_out']))
{
echo "You have been logged out !";
unset($_SESSION['logged_out']);
}?>
This is it ...

If echo doesn't show anything is because the if condition is evaluated to false. This mean that $_SESSION['logged_out'] isn't set.

You have to start_session() on every page that uses the $_SESSION. In fact if you are using $_SESSION anywhere in your site, its best to start it on all your pages.
So add start_session() just after the first <?php to ensure it is always started for all pages
<php
start_session();
. . .
if(isset($_SESSION['logged_out']))
{
echo "You have been logged out !";
unset($_SESSION['logged_out']);
}
Added after additional info given
I think this may be one of your problems
$udata = get_row($link,
"SELECT * FROM accounts
WHERE Username= '$username'
&& Password= MD5('$password')"
);
The && should be AND, then this query should return a result. You should really be checking the result status from all query command like so:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
session_start();
ob_start();
include 'connection.php';
include 'functions.php';
$logged_in = 0;
if(isset($_SESSION['username']) && isset($_SESSION['password']))
{
$username = sec($link, $_SESSION['username']);
$password = sec($link, $_SESSION['password']);
$udata = get_row($link, "SELECT * FROM accounts
WHERE Username= '$username'
AND Password= MD5('$password')"
);
// this would have shown the error in the sql query
// if it had been here before
if ( ! $udate ) {
echo mysqli_error($link);
exit;
}
// now this if will be executed
// although this if is probably no longer required
if(isset($udata['ID']))
{
$logged_in = 1;
if(isset($_GET['logout']))
{
unset($_SESSION['username']);
unset($_SESSION['password']);
$_SESSION['logged_out'] = "1";
mysqli_query($link, "UPDATE accounts SET rpgon = '0' WHERE Username = '$username'");
header('location: index.php');
// you should also follow a header() call with an exit;
exit;
}
}
}
?>

PHP Session to restrict access to file

index.php
session_start();
if(isset($_POST['login'])){
$username = mysqli_real_escape_string($con,$_POST['username']);
$pass = mysqli_real_escape_string($con,$_POST['userpass']);
$sel_user = "select * from users where user_name='$username' AND user_password='$pass'";
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user>0) {
$_SESSION['loggedIn'] = true;
$_SESSION['user_name']=$username;
header("location:display.php");
die();
}
else {
echo "<script>alert('Username or Password is not correct, please try again!')</script>";
}
}
display.php
session_start();
if(!$_SESSION['loggedIn']) {
header("location: index.php");
die();
}
Hello, I'm trying to figure out why my index.php is not letting me properly login and access my display.php The password and username is right, but keeps redirecting me to index.php Any ideas why?

Why don't you use Cookies instead?
In your login.php page instead of:
if($check_user>0) {
$_SESSION['loggedIn'] = true;
$_SESSION['user_name']=$username;
header("location:display.php");
die();
}
Do this:
if($check_user>0) {
$_SESSION['user_name']=$username;
$Month = 86400 + time();
setcookie('user', $username, $Month);
header("Location:display.php");
}
and then on your display.php
session_start();
if(!isset($_COOKIE['user']))
{
header("location:index.php");
die();
}

Undefined variable : error in login page

is there any way to fix undefined variable on login page? I can't solve it by refering the php manual.What can I do to fix the ($error).Here is my login script on the top of html page and undefined variable code:
<?php
include("dbconnect.php");
if (!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='yes'){
// logged in
header("location: index.html");
exit();
}
/* check to see if user attempted logging in */
if($_GET["atmpt"] != NULL){
if($_GET["atmpt"] == 2){
// forgotten password
$error .= "Did you forget your password?<br>";
}
/* get username and password */
$username = $_POST["username"];
$password = $_POST["password"];
/* MySQL Injection prevention */
$username = mysqli_real_escape_string($mysqli, stripslashes($username));
$password = mysqli_real_escape_string($mysqli, stripslashes($password));
/* check for user in database */
$query = "SELECT * FROM member WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($mysqli, $query);
$count = $result->num_rows;
if($count > 0){
//successfully logged in
$_SESSION['username']=$username;
$_SESSION['loggedin']='yes';
header("Location: index.html");
exit();
} else {
// Login Failed
$error .= "Wrong Username or Password";
$_SESSION['loggedin']='no';
$atmpt = 2;
}
} else {
$atmpt = 1;
}
?>
Notice: Undefined variable: error in /home/tz005/public_html/COMP1687/login.php on line 111
<span><?php echo($error) ?></span>

is there any way to fix undefined variable on login page?
Yes. Your undefined variable is $error, so at the top of your script, give it a default value:
$error = '';

try this
<?php
include("dbconnect.php");
if (!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='yes'){
// logged in
header("location: index.html");
exit();
}
/* check to see if user attempted logging in */
if($_GET["atmpt"] != NULL){
if($_GET["atmpt"] == 2){
// forgotten password
$error = "Did you forget your password?<br>";
}
else
{
$error = "";
}
/* get username and password */
$username = $_POST["username"];
$password = $_POST["password"];
/* MySQL Injection prevention */
$username = mysqli_real_escape_string($mysqli, stripslashes($username));
$password = mysqli_real_escape_string($mysqli, stripslashes($password));
/* check for user in database */
$query = "SELECT * FROM member WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($mysqli, $query);
$count = $result->num_rows;
if($count > 0){
//successfully logged in
$_SESSION['username']=$username;
$_SESSION['loggedin']='yes';
header("Location: index.html");
exit();
} else {
// Login Failed
$error .= "Wrong Username or Password";
$_SESSION['loggedin']='no';
$atmpt = 2;
}
} else {
$atmpt = 1;
}
?>

You have to initialize $error first.
Put $error=''; above $error .= "Did you forget your password?<br>";
It's now trying to concatenate the current value value of error with "Did you forget your password?" and since there is now current value for error since it isn't initialized or assigned with another value before, and hence throws and undefined variable error.

I would clear the cache using the following command in terminal:
php artisan config:cache

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Login Not Working PHP MySQL - php

The line session_start(); should be the very first line in the php script.

Just modify first three lines. As session_start() should be put before any output has been put on the browser (even space). <?php session_start(); require_once('../includes/config.php'); if (empty($_SESSION['loggedin']) && $_SESSION['loggedin']=='no') { ...

Related

direct user access of pages through url

session login keep refreshing page

echo don`t show when use unset global variables

PHP Session to restrict access to file

Undefined variable : error in login page

Categories

Resources