I'm passing the user variable through sessions. It works fine on the localhost but once on the web server it does weird things.
After logging in, the session variable works as should.....until you click on about three pages and it suddenly goes POOF!
Notice the "Welcome, jordan." as opposed to the "Welcome, ." Also the top left corner.
Session functioning:
http://imageshack.us/photo/my-images/32/loggedins.png/
Session POOF!
http://imageshack.us/photo/my-images/515/loggedinno.png/
Login/Create session variable code:
<?php
if (!isset($_SESSION['user']))
{
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if (preg_match($txtMatch,$user))
{
if ($user == "" || $pass == "")
{
$error = "Please enter all required fields";
}
else
{
$query = "SELECT * FROM gtmembers WHERE user='$user'";
$result = queryMysql($query);
$rank = mysql_result($result, 0, 'rank');
if (!mysql_num_rows($result))
{
$error = "Username does not exist.";
}
else
{
$getPass = mysql_result($result, 0, 'pass');
$salt = substr($getPass, 0, 64);
$hash = $salt . $pass;
for ($i = 0; $i < 100000; $i++)
{
$hash = hash('sha256', $hash);
}
$hash = $salt . $hash;
if ($hash == $getPass)
{
if ($rank != "Banned")
{
$userLow = strtolower($user);
$_SESSION['user'] = $userLow;
$_SESSION['rank'] = $rank;
echo <<<_END
<script type="text/javascript">
window.location.href='index.php';
</script>
_END;
echo "Successfully logged in. Click <a href='index.php'>here</a> to continue.";
}
Header Code:
<?php //gtheader.php
session_start();
include_once 'gtfunctions.php';
$loggedIn = FALSE;
if (isset($_SESSION['user']))
{
$user = $_SESSION['user'];
if ($user) echo "Current User: $user<br />";
else echo "Current User: None<br />";
$rank = $_SESSION['rank'];
$loggedIn = TRUE;
echo "is set SESSION['user']? Yes";
}
else echo "is set SESSION['user']? No";
echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>";
if ($loggedIn == TRUE)
{
$query = "SELECT * FROM gtmessages WHERE recip='$user' AND status='0'";
$result = queryMysql($query);
if (mysql_num_rows($result) == 0) $num = "";
else $num = "[".mysql_num_rows($result)."]";
if ($rank == 'Owner' || $rank == 'Admin')
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />";
}
else
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>]<br />";
}
}
?>
If it works in one environment and not the other, I'm guessing your PHP.ini has session.auto_start = 1 in the environment that works. Best practice is to always call session_start() at the top of your page and not rely on php.ini to be set correctly. This should make it work in any environment.
Solved.
The issue here is that Host Gator registers global variables. So since I use $user, and $_SESSION['user'] gets registered, it gets overwritten.
I fixed the issue by changing $_SESSION['user'] in all files to $_SESSION['myUser']
Thanks for the help.
Must call session_start() at the top of the page
gtheader.php
<?php
session_start();
include_once 'gtfunctions.php';
$loggedIn = FALSE;
.....
Related
i want to make toefl test. so there will be a login button. when someone login in, then the login button will be logout button. but when i login in, the login button was not changed. please help me
function to check login status (i save this function in lib_function.php):
<?php session_start(); ?>
<?php
function check_login(){
$hasil = 0;
if (isset($_SESSION['email'])) {
$mail = $_SESSION['email'];
}
if (isset($_SESSION['pass'])) {
$pass = $_SESSION['pass'];
}
if (!empty($mail) and !empty($pass)){
$hasil = 1;
}
return $hasil;
}
?>
index.php:
<?php session_start();
require_once("connection.php");
?>
<?php include("lib_function.php"); ?>
<--header-->
<?php
$check = check_login();
if ($check == 1){
echo "Login <strong class=\"hover\">";
}else{
echo "Logout <strong class=\"hover\">";
}
?>
this is my login process:
<?php
session_start();
require_once("connection.php");
$email = $_POST['email'];
$password = $_POST['password'];
$cekuser = mysql_query("SELECT * FROM user WHERE email = '$email'");
$jumlah = mysql_num_rows($cekuser);
$hasil = mysql_fetch_array($cekuser);
if($jumlah == 0) {
echo "<script>alert('Email has registered!'); window.location = 'index.php'</script>";
} else {
if($pass > $hasil['password']) {
echo "<script>alert('Wrong password!'); window.location = 'index.php'</script>";
} else {
$_SESSION['email'] = $hasil['email'];
header('location:index.php');
}
}
?>
You check if $_SESSION['pass'] is set in your check_login function, but you never set it during the login process.
Either set $_SESSION['pass'] or remove and !empty($pass) from check_login().
Always try to check if the Session is already active before starting one. You also might want to assign default values of say NULL to the $mail & $pass variables inside your check_login() function because at a point, you were checking if $mail and $pass were empty. What if they were not even set at all? In this case those variables would not have existed at all...
<?php
// FILE:: lib_function.php
function check_login(){
$hasil = 0;
// GET THE $mail & $pass FROM SESSION; ASSIGNING A DEFAULT NULL
// TO EACH OF THEM IF THEY ARE NOT YET SET...
$mail = isset($_SESSION['email']) ? $_SESSION['email'] : null;
$pass = isset($_SESSION['pass']) ? $_SESSION['pass'] : null;
if (!empty($mail) and !empty($pass)){
$hasil = 1;
}
return $hasil;
}
// FILE:: index.php
// START SESSION ONLY IF IT IS NOT ALREADY ACTIVE:
if (session_status() == PHP_SESSION_NONE || session_id() == '') {
session_start();
}
require_once("connection.php");
include("lib_function.php");
// HEADER HERE
$check = check_login();
if ($check == 1){
echo "Login <strong class=\"hover\">";
}else{
echo "Logout <strong class=\"hover\">";
}
?>
try this:
function login($email) {
$_SESSION['email'] = $email;
}
function is_logged() {
return isset($_SESSION['email']);
}
function logout() {
session_destroy();
}
Here is my issue I'm a bigger in PHP I have done a login page and it is working perfectly in my local machine But after uploading to Server its not working.
Session is created but redirection is not happening.
here is my code and any help is really appreciated.
if( isset($_POST['btn-login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
include 'connection.php';
$sql="SELECT * FROM user WHERE name = '$username' AND password = sha1('$password') AND status = '1'";
$result = mysql_query($sql);
$result = mysql_fetch_array($result);
$userId = '';
if( $result) {
$userId = $result['id'];
$_SESSION['userId'] = $userId;
if( $userId == 1) {
header("location:map.php");
} else if( $userId == 2){
header("location:admin/map-settings.php");
} else {
echo "<li class='loginError'>There is an Error in Login Please Contact Administrator</li>";
}
} else {
echo "<li class='loginError'>Invalid Username or Password</li>";
}
make sure to print_r($_SESSION)
If it did not give empty array, then your session is set.
now make sure nothing in your code started output before you set the "Location" header.
and you could use this to redirect your page
if (!headers_sent())
$filename="map.php";
header('Location: '.$filename);
else {
echo '<script type="text/javascript">';
echo 'window.location.href="'.$filename.'";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url='.$filename.'" />';
echo '</noscript>';
}
Hey i have this function :
<?php
if(isset($_POST['login']) && $_POST['login'] == 'LOGARE') {
include('./inc/configurare.php');
mysql_select_db('account');
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$check = "SELECT * from account where login = '" . $user . "' and password = PASSWORD('$pass')";
$query = mysql_query($check);
$num = mysql_num_rows($query);
if($num > 0) {
$array = mysql_fetch_array($query);
// SESSION variable start //
$_SESSION['id'] = $array['login'];
$_SESSION['coins'] = $array['coins'];
$_SESSION['isadmin'] = $array['isadmin'];
$_SESSION['pscadmin'] = $array['pscadmin'];
$_SESSION['email'] = $array['email'];
$_SESSION['real_name'] = $array['real_name'];
$_SESSION['social_id'] = $array['social_id'];
$_SESSION['user_admin'] = $array['web_admin'];
$_SESSION['user_id'] = $array['id'];
$_SESSION['user_name'] = $array['login'];
$_SESSION['user_coins'] = $array['coins'];
$_SESSION['user_email'] = $array['email'];
echo "<meta http-equiv='refresh' content='0; URL=index.php?s=home'>";
} else {
echo "<meta http-equiv='refresh' content='0; URL=index.php?s=login_error'>";
}
}
?>
And i wanna restrict acces on some page , you must login to intro in that page somting like this:
<?php
if(isset($_SESSION['user']) && isset($_SESSION['pass']))
{
auto_unban();
$username = $_SESSION['user'];
$sql = mysql_query("Select * from account.account where login='".$_SESSION['user']."'") or die(mysql_error());
$accc=mysql_fetch_object($sql);
$charss = mysql_query("Select * from player.player where account_id='".$accc->id."'") or die(mysql_error());
$chars = mysql_num_rows($charss);
?>
<script type='text/javascript'>
function myFunction()
{
var jmsg = "<? echo "Blocked : ".$acc->unban_date." pentru ".$acc->motiv_ban.".mlock."; ?>";
if(jmsg){
alert(jmsg);
}
window.onload=myFunction;
}
</script>
Script , script
<?php } else { echo "Please login!";} ?>
That script when i don't login show me this echo : Please login!
and when i'm login also show me that echo : Plase login!
I don't know how to create and read function in php can anyone show me how to make function like this :
if(isset($_SESSION['user']) && isset($_SESSION['pass']))
Your variable $_SESSION['login'] is empty because you forgot to call session_start(); at the beginning of your php script.
Place session_start(); before printing any chars on your page.
ex:
<?php session_start();
$_SESSION['login'] = 'login';
...
Hello Ladies and Gentlemen, I have been working on this project for some time now. And all of a sudden when I go into the web page to login I just get a blank screen at the 'success_login.php' which is literally just the login script that runs once login is clicked on my screen.
Here is the success_login.php script:
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/luke/classes/userFunctions.php');
$userFunctions = new userFunctions();
session_start();
//assign all posted values to a session
if (!empty($_POST)) {
foreach($_POST as $key => $value) {
$_SESSION['login_info'][$key] = $value;
}
}
//Get the username and password
$username = htmlentities($_POST["username"], ENT_QUOTES);
$password = htmlentities($_POST["password"], ENT_QUOTES);
//Get the user id if the login was valid
$userId = $userFunctions->validLogin($username,$password);
if($userId != 0) {
$_SESSION['login_info']['username'] = $username;
$_SESSION['login_info']['password'] = $password;
$_SESSION['login_info']['user_id'] = $userId;
header('LOCATION: home.php');
exit;
}
header('LOCATION: login.php');
exit;
?>
and here is the function it refers to:
public function validLogin($username,$password) {
$dbact = new DbInteraction();
$query = "select * from person";
$result = $dbact->interact($query,true);
$row = mysql_numrows($result);
$valid = false;
$userId = 0;
while ($row = mysql_fetch_array($result)) {
//Check to see if the username and password are valid
$validUsername = strcmp($username,$row['username']);
if($validUsername == 0) {
$hashedPassword = md5($password . Constants::SALTED);
$validPassword = strcmp($hashedPassword,$row['password']);
if($validPassword == 0) {
$valid = true;
$userId = $row['idperson'];
}
}
}
if(!$valid) {
$_SESSION['login_info']['username'] = "error";
$_SESSION['login_info']['password'] = "";
header('LOCATION: login.php');
exit;
return $userId;
} else {
$_SESSION['login_info']['username'] = "";
$_SESSION['login_info']['password'] = "";
return $userId;
}
}
Like I said, its been working for months and now all of a sudden its not anymore, and it has me really worried. Could someone shed some light for me?
Thanks a million for your time!
I have this code and I have tried everything i can think of to get it to work on my WAMP local server any help would be greatly appreciated. I am PHP stupid. This works on a live server but not my WAMP server. I do get logged in just the pages do not seem to be passing the session variable to the proper user level. That's what's not working sorry for the poor description the first time.
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['login']))
{
if ($level == "Administrator") {
echo 'My Content';
}
elseif ($level == "Bank Officer") {
echo "";
}
elseif ($level == "Agent") {
echo "";
}
elseif(!empty($_POST['login']) && !empty($_POST['password']))
{
$login = mysql_real_escape_string($_POST['login']);
$password = $_POST['password'];
$checklevel = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' ");
if(mysql_num_rows($checklevel) == 1)
{
$row = mysql_fetch_array($checklevel);
$level = $row['level'];
$_SESSION['level'] = $level;
}
$checklogin = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' AND level='".$level."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$firstname = $row['firstname'];
$login = $row['login'];
$agent = $row['agent'];
$_SESSION['agent'] = $agent;
$_SESSION['firstname'] = $firstname;
$_SESSION['login'] = $login;
$_SESSION['LoggedIn'] = 1;
Thanks you for any help at all.
if ($_SESSION['level'] == "Bank Officer")
{
header('Location: index3.php');
exit;
}
elseif ($_SESSION['level'] == "Agent")
{
header('Location: index4.php');
exit;
}
elseif ($_SESSION['level'] == "Bank Manager")
{
header('Location: index5.php');
exit;
}
else
{
echo "Contact Administrator";
exit;
}