I have a big problem and i cant solve it. My session variables are exchanged between files but after refresh of the second page they disappear.
Here's the code:
index.php
session_start();
header('Title: So random');
header('charset: UTF-8');
//if index.php?login is requested
if(isset($_REQUEST['login'])) {
//'pass' input box value (from POST) is saved to $pass variable.
$pass = $_POST['password'];
//if pasword matches Password.
if($pass == 'Password') {
//session_start();
$_SESSION['logintoken'] = "approoved";
header("Location: list.php");
die();
} else { $error = true; }
}
if(isset($_SESSION['logintoken'])) {
header('Location: list.php');
die();
}
?>
Random HTML With login page goes here...
And then we have page, which is availble only for logged in. After redirecting from login to it it's okay but after refresh i have "logintoken not defined".
list.php
<?php
session_start();
if($_SESSION['logintoken'] != "approoved") {
//'<meta http-equiv="REFRESH" content="0; url=index.php">'
die();
}
?>
<html> goes here....
header('Title: So random');
header('charset: UTF-8');
$_SESSION['logintoken']='' ;
EDIT:
perhaps this is better
if(isset($_SESSION['logintoken']) && ($_SESSION['logintoken'] != "approoved"))
EDIT 2:
header("Location: list.php?token=".$_SESSION['logintoken']);
list.php
if($_REQUEST['token'] != "approoved") {
//'<meta http-equiv="REFRESH" content="0; url=index.php">'
die();
}
Related
My logout.php file is like this. Is there any mistake in my code
logout.php
<?php
session_start();
session_destroy();
header('Location:index.php');
exit;
?>
Here is my index.php file. If I am set $_SESSION['s_activId'] then it is working properly but when I am trying to put condition if $_SESSION['s_activId'] is not set at that time I want to pass header on index page sometimes it works sometimes it does not work.
<?php
include('include/config.inc.php');
if(!isset($_SESSION['s_activId']))
{
$_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
header("Location:index.php");
}
else
{
$wrong = '';
if(isset($_POST['submit']))
{
$checkLogin = "SELECT userName,password,userType
FROM user
WHERE BINARY userName = '".$_POST['userName']."'
AND BINARY password = '".$_REQUEST['password']."'";
$checkLoginresult = mysql_query($checkLogin);
if($userLoginRow = mysql_fetch_array($checkLoginresult))
{
$_SESSION['s_activId'] = $userLoginRow['userName'];
$_SESSION['s_password'] = $userLoginRow['password'];
$_SESSION['hg_userType'] = $userLoginRow['userType'];
if(!$_SESSION['s_urlRedirectDir'])
{
header("Location:index.php");
}
else
{
header("Location:reminder.php");
}
}
else
{
$wrong = "UserId And Password Is Not Valid";
}
}
}
include("bottom.php");
$smarty->assign('wrong',$wrong);
$smarty->display("index.tpl");
?>
The problem arise in the condition below in index.php:
if(!isset($_SESSION['s_activId']))
{
$_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
header("Location:index.php");
}
When you logout, you are calling session_destroy() on logout.php and redirecting on index.php and the condition above gets true as s_activId is not set in session and again you are redirecting on index.php (without setting s_activId in session). The above condition will be true until the variable s_activId set in session and because of this you are getting ERR_TOO_MANY_REDIRECTS error.
The solution is, on index.php set the variable s_activId in session before calling the header method. Refer the code below:
if(!isset($_SESSION['s_activId']))
{
$_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
$_SESSION['s_activId'] = true;
header("Location:index.php");
}
Dont redirect index.php to index.php. you having redirects loop. Also
if you have code below that also can fire add die in if because after
redirect code below still executes. I didnt read your code, maybe
there isnt problems with this but after
header("Location: lalala"); always add die(); or exit();
here you may find my verification code
with this code i want not to redirect to another page only after logging in
how shall i do ?
<?php
if (isset($_SESSION['login']))
session_start();
if (!isset($_SESSION['login']) || $_SESSION['login'] != 'ok') {
header("location:login.php");
exit();
}
?>
i would use isset combined with empty just for extra precaution
session_start();
if(isset($_SESSION['login']) && !empty($_SESSION['login'])) {
header("location:user.php");
}
else {
header("location:login_form.php");
}
don't use exit(); just redirect
i am currently working on my index.php, what i want to do is when the user logs in he will be redirected to index.php again but this time with a different head.php to store session of the user.
i have tried this one.
if(isset($_SESSION['isCustomer'])){
include 'includes/customer.head.php';
echo "hahaha";
}
else{
include 'includes/head.php';
}
and here is my checklogin.php
if($row['type'] == 'admin'){
$_SESSION['isAdmin'] = true;
header("location: admin/admin.php");
} else if($row['type'] == 'customer'){
$_SESSION['isCustomer'] = true;
header("location: ../index.php");
}
When you say "i have tried this one."
if(isset($_SESSION['isCustomer'])){
include 'includes/customer.head.php';
echo "hahaha";
}
else{
include 'includes/head.php';
}
I'm guessing it didn't work. Make sure you have
session_start();
at the top of the script. You're condition looks right.
i have this code to verify if users have Administrator account to backoffice of my website, but if user don't have it don't redirect user to ..index.php. He stay in this page but no content is shown.
Code of verification
<?php
$Usuario = isset($_SESSION["Usuario"]) ? $_SESSION["Usuario"]: '';
$Rank = isset($_SESSION['Rank']) ? $_SESSION['Rank'] : '';
if ($Usuario != '' && $Rank == 'Administrador'){
}
else
{
echo "<script>alert(\"Area Restrita\");</scrpit>";
header("Location: ../index.php");
}
?>
In this page, (header) i call this file to verify session.
<?php
session_start();
require_once "../config.php";
require "verificar.php";
?>
<div id="header">
<img src="img/logo.png">
</div>
header("Location: ../index.php"); is not going to stop the rest of the code from running - if you just want to redirect him you should die(); or exit; right after you send the Location header
The alert part before the Location header is also unnecessary because the browser will redirect the user before he'll be able to see the alert. and also it is forbidden to call header function after you sent something to the output (for example, like you did with echo)
Another thing that you should consider - is the security issues that raised from validating user solely by looking at values in the $_SESSION - this means - that if someone is logged - you are not able to log him out until the session expires
The better way is to keep some token in the $_SESSION and save the status of the user in the database - that way, you can change his status directly from the DB without relying on the session/changing code
Your index file:
<?php
session_start();
require_once "../config.php";
require "verificar.php";
?>
<div id="header">
<img src="img/logo.png">
</div>
Your verification file:
<?php
$Usuario = isset($_SESSION["Usuario"]) ? $_SESSION["Usuario"]: '';
$Rank = isset($_SESSION['Rank']) ? $_SESSION['Rank'] : '';
if ($Usuario != '' && $Rank == 'Administrador'){
// do some action for administrator
}
else
{
header("Location: ../index.php");
exit();
//echo "<script>alert(\"Area Restrita\");</scrpit>"; <-- you don't need this here
}
?>
Note, that I commented echo. You mustn't output anything before header. If you will output something (and you do in your example) you will get headers already sent error.
Your main mistake is you output something first and after that tried to redirect.
Anyway, I think better to use a bit another approach.
Form and form handler:
<?
$username = $_POST['username'];
$password = $_POST['password'];
// here is some query which will check if this user with this password exists and get the role of the user
// if exists $userExists = true; else $userExists = false;
if($userExists) {
$_SESSION['userLoggedIn'] = true;
if($role == 'administrator') {
$_SESSION['isAdministrator'] = true;
}
else
{
$_SESSION['isAdministrator'] = false;
}
header('Location: index.php');
exit(); // <-- don't forget this
}
else
{
// handler for bad user/password
}
?>
<form action='' method='post'>
<input type='text' name='username' />
<input type='password' name='password' />
</form>
Now, pages which are restricted will start from this code:
<?
$isAdministrator = $_SESSION['isAdministrator'];
if(!$isAdministrator) {
ban_ban_ban();
die('bye bye');
}
// content for administrator
?>
NOTE: This is just example, don't forget to add some check everywhere!!!!!11
But, as you wish :) Hope, this will help you.
So I have a home page where a user can log in. Once they log in I need them to redirect them to index.php that just pulls there information. The Jquery makes a call to index.php where it runs a check against Mysql, if the user doesn't exist it alerts not a valid user. Now if it does I need to send them back to index.php.
Hers is index.php
<?php
include_once 'includes/membersclass.php';
session_start();
$member = new MEMBERS();
if(!isset($_SESSION['id'])) {
if($_POST['action'] == true) {
$result = $member->login($_POST);
if($result) {
$_SESSION['id'] = $result;
echo $_SESSION['id'];
} else {
return false;
}
}
if($_POST['signup'] == 'true') {
$result = $member->signup($_POST);
if($result) {
$_SESSION['id'] = $result;
} else {
header("Location: root.php");
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel='stylesheet' type='text/css' href='css/members.css' />
</head>
<body>
<div id="calendar_container">
<?php $member->drawCalendar(2, 2011); echo $_SESSION['id']; ?>
</div>
</body>
</html>
As you can see Jquery makes the initial call to index.php with a post and get the response back. I set the session to store the user id. On the same page is where the users profile will show. How do I get back here on successful login. Am I even doing it right, should this be separate from the PHP to begin with. Uggghhh, please help.
The question is a bit vague, but if I understand correctly you want to reload the index.php page after a successful login.
if(!isset($_SESSION['id'])) {
if($_POST['action'] == true) {
$result = $member->login($_POST);
if($result) {
$_SESSION['id'] = $result;
echo $_SESSION['id'];
} else {
return false;
}
}
If I'm not mistaken, this piece of code checks if user is already logged in. If not, your checking if the previous Jquery page has given either an 'action' (which I assume is a login call) or a 'signup' (which I assume is to create a new account).
In this case, if 'action' is chosen, you check if the user exists ($result = $member->login($_POST);) and if he does, you create the session ID, and the index-page should show the profile.
Since the $_SESSION['id'] has only been assigned after the page has loaded, it does not check if the $_SESSION['id'] has been assigned again. So you have to reload the page to do this:
if(!isset($_SESSION['id'])) {
if($_POST['action'] == true) {
$result = $member->login($_POST);
if($result) {
$_SESSION['id'] = $result;
echo $_SESSION['id'];
header("Location: index.php");
} else {
return false;
}
}
Now it will call the index.php again, it goes past the if(!isset($_SESSION['id'])) part, since this time the session is created, and to the code (which is not yet present here?) that will take care of the profile.
I have to assume quite a bit here, but tell me how close I am.
PS:
if($_POST['action'] == true)
and:
if($_POST['signup'] == 'true')
Once you have true without quotes, once with. I think you just want to check which one is set? This will suffice:
if(isset($_POST['signup']))
and
if(isset($_POST['action']))
Makes the code more consistent and less prone to errors.