So I've searched this site about this issue and tried what has been suggested and still no luck. I thought maybe it was my 'server' (On my tablet using KSWEB, no computer right now) so I created 2 simple files to share a session variable between the two and it worked fine. I have no idea why this isn't working for these two. I'm trying to create a login page (an insecure one, I know). The error function USED to work (this is what gets me), and now it doesn't. The files are below. I only included the top portion of admin.php because I've commented out the rest. It really shouldn't matter. Right now, if you submit the form without entering anything into the admin prompt, an error should display next to the asterisk saying "Admin needs to be filled out". Despite my best efforts, this doesn't work anymore and I'm completely stumped as to why.
Login.php
<?php
session_start();
?>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<script>
function submitForm()
{
document.adminform.submit();
}
</script>
</head>
<?php echo $_SESSION["adminErr"];?>
<h2>Administrator login page</h2>
<form method="post" action="admin.php" name="adminform">
Admin: <input type="text" name="admin" style="position:absolute; left:100px">
<span class="error" style="position:absolute; left:285px">*<?php echo $_SESSION["adminErr"];?></span>
<br><br>
Password: <input type="password" name="password" style="position:absolute; left:100px">
<span class="error" style="position:absolute; left:285px">*<?php echo $_SESSION["passwordErr"];?></span>
<br><br>
<button onclick="submitForm()">Submit</button>
</form>
<br><br><br>
<p><?php echo $_SESSION["flogin"];?></p>
</html>
<?php
session_destroy();
?>
Admin.php
<?php
session_start();
if ($_SERVER["REQUEST_METHOD"] == POST)
{
if (empty($_POST["admin"])) // Check to make sure Admin field is filled out
{
$_SESSION["adminErr"] = "Admin field must filled"; // Set error if not filled
header("location:login.php"); // Return to login page
}
}
?>
Don't destroy the session at the end of the file..
</html>
<?php
session_destroy();
?>
Also you should put exit; after each header('Location: ...');.
When sending the header, the browser recognized to change the location but the script does not end. The browser in fact, would not even have to follow the header, it can also just go on with the script. You have to stop the script because the headers do not exit the script.
instead of
<button onclick="submitForm()">Submit</button>
use
<input type="submit" value="Submit">
Then put a check before echoing
<?php echo isset($_SESSION["adminErr"])? $_SESSION["adminErr"]: "not set" ;?>
further debugging:
var_dump($_POST);
var_dump($_POST["admin"]);
var_dump($_SESSION);
var_dump($_SESSION["adminErr"]);
Related
I've spent a lot of time today researching this site for my solution but I have had no luck. I'm currently trying to learn php and working on my second project. I can only use PHP. I originally had my delete session and redirect in a separate logout.php file. This was working but then I found out that I can't do this. I've been instructed that I need to "clear the login, delete the session, and redirect back to the login page" and do this within an isPostBack in the results.php file. After a lot of research today I thought I was understanding how to do this but I can't get it to work. Hoping I can get some help.
<?php
session_start();
//require_once('cookies.php');
$isPostBack = filter_input(INPUT_GET, 'submit');
//this is where I need to do the isPostBack for user clicking "logout".
if ($isPostBack) {
// clear ALL session data from memory
// clean up the session and remove the session ID.
// redirect to index.php
endSession();
session_destroy();
header("Location: index.php");
} else {
// user did not click logout doNothing();
}
?>
<html lang="en">
<head>
<title>Results</title>
<link rel="stylesheet" type="text/css" href="">
</head>
<body>
<form action="results.php">
<input type="submit" id="submit" name="submit" value="Logout" />
</form>
<section>
<?php
foreach($_SESSION['answers'] as $answer){
echo "<p>$answer</p>";
}
?>
</section>
</body>
Try to provide name attribute
<input type="submit" id="submit" value="Logout" name="logout"/>
and use only logout variable in place of submit or provide two different fields
$isPostBack = filter_input(INPUT_GET, 'submit');
$isPostBack = filter_input(INPUT_GET, 'logout');
I seem to have found my solution. I needed to give the isPostBack variable a name that matched the name given to the logout button. I also needed to include !==NULL after the isPostBack. I changed endSession(); to $_SESSION = array(); According to my research, endSession(); "removes all session variables". It seems to be working as it should now. Here is my edited code.
<?php
session_start();
$isPostBack = filter_input(INPUT_GET, 'submit')!==NUll;
//this is where I need to do the isPostBack for user clicking "logout".
if ($isPostBack) {
// clear ALL session data from memory
// clean up the session and remove the session ID.
// redirect to index.php
$_SESSION = array();
session_destroy();
header("Location: index.php");
} else {
// user did not click logout doNothing();
}
?>
<html lang="en">
<head>
<title>Results</title>
<link rel="stylesheet" type="text/css" href="">
</head>
<body>
<form action="results.php">
<input type="submit" id="submit" name="submit" value="Logout" />
</form>
<section>
<?php
foreach($_SESSION['answers'] as $answer){
echo "<p> $answer</p>";
}
?>
</section>
</body>
If you need to remove se particular session values you can use unset()
unset ($_SESSION['userid'])
I've created a working session (with help from here I might add) and I've managed to get it to store a variable across multiple files without any problems.
When $username isn't filled, there's a prompt for the user to submit their username and upon submitting $username is assigned the value of the user's name and the form is replaced with text, no longer prompting the user to enter a username, in theory.
Here's the code I have right now:
<?php
session_start();
?>
<header>
<!DOCTYPE html>
<link rel="stylesheet" type="text/css" href="style/main.css">
<title>webshop</title>
</header>
<div id="LogIn">
<?php
if(isset($_SESSION['username'])){
echo 'Current session username: '.$_SESSION['username'];
echo '<br />Destroy current session';
} else {
?>
<form class="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name"
class="required" role="input"
aria-required="true"/></span>
<input class="submit transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
}
}
?>
</div>
cart<br />
index
The problem I'm having is that once the user has entered their username into the form and clicks "next", the page reloads and the form is still there. If you then refresh that page, it replaces the form with the text and the session variable $username parsed as plain text with a link to logout (session_destroy()).
My question is why do I have to refresh the page for the session variable to be displayed properly? Is it something to do with the if statement?
Thanks in advance.
You simply have a logic / ordering problem.
Move this piece of code that is currently below your form:
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
}
to the top of your file, just below the session_start(), and it will behave as you intend.
The way your code is written now, the session variable is not set until AFTER the form displays. You want the session variable to be set BEFORE the form displays (if in fact the $_POST username is set).
I'm developing a simple member management system with php, and I've met a problem:
The user logs in and it is redirected to a main page and the user ID is saved in the session; there are some links to other pages in the main page, after the user clicks and is trying to go back to main by pressing browser "Back" button, sometimes the user ID in the session is lost.
I've checked the session save path, a new session file is created when I click "Back" button, so I assume the session_start() creates a new session for it; but I still don't know why, it's a random case...
Is there any way to solve it?
main.php:
<?php session_start(); ?>
<?php
$echo_string = '
<body>
a
b
</body>';
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
login.php:
<?php
session_start();
if (isset($_POST['userLogin'])) {
$_SESSION['user'] = $_POST['userLogin'];
// check userLogin in db
...
}
header("Location: main.php");
?>
<form novalidate="" method="post" action="login.php">
<label class="hidden-label" for="Username">Username</label>
<input id="Username" name="userLogin" type="text" placeholder="Username" value="" spellcheck="false" class="">
<label class="hidden-label" for="Passwd">Password</label>
<input id="Passwd" name="userPassword" type="password" placeholder="Password" class="">
<input id="signIn" name="signIn" class="rc-button rc-button-submit" type="submit" value="Log in">
</form>
a.php:
<?php session_start(); ?>
<!DOCTYPE html>
<html lang="en">
<head>...</head>
<?php
$echo_string = '...'; // a html format string
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
</html>
b.php is almost same as a.php
Thanks.
BR,
Sean
session_start()-docs:
"session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie."
so you see, that when a session exists it doesnt create a new, that means when you set something like $_SESSION['logged_in'] = true; you should check before if $_SESSION is already filled with your infos
I am doing a project in school, I need to know a simple way to stop poeple from entering the site without a session. I have alot of pages I don't believe I spent the time pasting code on every page. Also I have menu bar that is included in every page thanks to php, so i was wondering wat type of code would I have to put in the menu to block user without a session. The rest of the content code is on the pages that I want to hide. I believe that you can login by typing out the url and allow users to see hidden pages that are for logged in users.
Please do not use a plain cookie. Sessions are the way to go. Or if can't use sessions and must use a cookie, sign the cookies first to be able to verify that your application was really the one to set it.
<?php
session_start();
if (!isset($_SESSION['authenticated'])) {
header('Location: login.php');
exit;
}
... whatever logged in users should see ..
If you don't want to use session, then use cookie.
<?php
/*Just add this piece of PHP code to top of any page you
don't want not-logged in users to see */
if (!isset($_COOKIE['logged']))
header("Location: login.php"); //It redirects the user to your login page
?>
<html>
<body>
...
</body>
</html>
Login page could be like this:
<?php
if (isset($_COOKIE['logged']))
header("home.php");
if ($_POST['submit']) {
//get username and password
$uname = $_POST['uname'];
$pass = $_POST['password'];
if ($uname=="correct" && $pass=="correct"){ //EDIT
setcookie('logged','1');
header("Location: home.php"); //Redirect to home page
}
else echo "Wrong combinaton!";
}
?>
<html>
<body>
<form action="login.php" method="post">
<label>Username</label><input type="text" name="uname" /><br />
<label>Password</label><input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Login" />
</form>
</body>
</html>
Hello Webmasters iam trying to redirect the webpage to a different URL/webpage after submitting the form elements ...i tried many ways but could not fix it... please check the codes below that i have tried so far...
<?php
if(isset($_REQUEST['down'])){
header("header("location: domainpath/kothi.html");
}
?>
<html>
<body>
<form action="glitter.php" method="post">
<input type="radio" name="font" value="fonts/darkcrystaloutline.ttf"/>
<input type="radio" name="font" value="fonts/darkcrystalout.ttf"/>
</form>
</body>
</html>
i have also tried
<?php
if(isset($_REQUEST['font'])){
header("location: domainpath/kothi.html");
};
?>
i also tried
<?php
header("location: domainpath/kothi.html");
?>
please help me to fix the problem....
Is that file glitter.php? The redirection script should be kept in glitter.php as that is the page that will be loaded when you submit the form.
There are several ways to do a redirect.
via meta tag: http://webdesign.about.com/od/metataglibraries/a/aa080300a.htm
via header: http://php.net/manual/en/function.header.php (you have to put exit after the header statement)
via Javascript: http://www.tizag.com/javascriptT/javascriptredirect.php
Firstly, the below:
<?php
if(isset($_REQUEST['down'])){
header("header("location: domainpath/kothi.html");
}
?>
This is incorrect, the header is incorrectly declared, replace header with the header below:
<?php
if(isset($_REQUEST['down'])){
header("location: domainpath/kothi.html");
}
?>
Secondly, why $_REQUEST? You're making a POST, and thirdly, where is down coming from? You form is submitting font so the following is what you need:
<?php
if(isset($_POST['font'])){
header("Location: domainpath/kothi.html");
exit();
}
?>
exit() is added to stop the rest of the page loading too, by the way...
Update
It may also be best if you submitted the data too, so include the below inbetween the <form> tags
<input type="submit" name="submit" value="Submit this form">
And like others point out, I hope this PHP page is called glitter.php so it can submit to itself...
Update 2
Based on your comment, then you'd want the following:
<?php
if(isset($_POST['down'])){
header("location: domainpath/kothi.html");
exit();
}
?>
<html>
<body>
<form action="glitter.php" method="post">
<input type="radio" name="font" value="fonts/darkcrystaloutline.ttf"/>
<input type="radio" name="font" value="fonts/darkcrystalout.ttf"/>
<input type="submit" name="down" value="down">
</form>
</body>
</html>
Though the above form will go to glitter.php and the header will not redirect anywhere - one has to assume that another form/page submits to this one...
You have action="glitter.php", which means after submitting the form the result inputs will be accessible into glitter.php file. So in that file you have to redirect to whatever url you wanna go.
You already asked this question once, but here add this :
error_reporting(E_ALL);
But i have a assumption: You have to make an exit() after header() cos the rest is not allowed to be give an output. If it gives an output the header will be set to a HTML-Document and can therefore not be reset.
So try this:
<?php
if(isset($_REQUEST['down']))
{
header("location: /kothi.html");
exit();
}
?>
<html>
<body>
<form action="glitter.php" method="post">
<input type="radio" name="font" value="fonts/darkcrystaloutline.ttf"/>
<input type="radio" name="font" value="fonts/darkcrystalout.ttf"/>
</form>
</body>
</html>
BTW: I hope this form is in glitter.php and where is the input for down?
If this file is not glitter, add this in glitter:
<?php
if(isset($_POST['font'])){
header("Location: domainpath/kothi.html");
exit();
}
?>
And kill the php in the form-page.