i am creating a simple log in form with using of the sessions but the problem that when i press the login it redirect me to index.php but i need to go the home.php. in the logout.php i destroy the session and i redirect to index.php but is someway the login button redirect me to the index.php like ther were no a success in the login process how to fix this error i need so badly .
index.php
<?php
require_once('global.php');
if(#$logged == 1)
{
header("Location: home.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>index page</title>
</head>
<body>
<h1> this is the index page</h1>
Login
</body>
</html>
global.php
<?php
session_start();
require_once('connect.php');
// cheking if the sessions are set
if(isset($_SESSION['username']))
{
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['password'];
$session_id = $_SESSION['id'];
//cheking if the member exist
$query = mysql_query("SELECT * FROM members WHERE id = '".$session_id."' AND password = '".$session_pass."' LIMIT 1") or die("could not select memeber");
$count_count = mysql_num_rows($query);
if($count_count > 0)
{
$logged = 1;
while($row = mysql_fetch_array($query))
{
$session_username = $row['username'];
}
$_SESSION['username'] = $session_username;
$_SESSION['pass'] = $session_pass;
$_SESSION['id'] = $session_id;
}
else
{
header("Location: logout.php");
exit();
}
}
else
{
// if the user not loged in
$logged = 0;
}
?>
login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass))
{
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0)
{
$message = 'your info was inccorrect';
}
else
{
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query))
{
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
}
header("Location: home.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>login to membership website </title>
</head>
<body>
<h1> login to my website</h1>
<p><?php print("$message"); ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="email adress" /><br />
<input type="password" name="password" placeholder="password" /><br />
<input type="submit" value="Login" />
</form>
</body>
</html>
home.php
<?php
require_once('global.php');
if($logged == 0)
{
header("Location: index.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<h1>this the home page</h1>
</body>
</html>
logout.php
<?php
session_start();
session_destroy();
/*
if(session_is_registered('username'))
{
echo "you are loged in we can not log you out";
exit();
}
*/
//else
//{
header("Location: index.php");
//}
?>
When you are checking session with $_SESSION['username'], you don't need the logged variable.
you can allow the user to access the page when $_SESSION['username'] exists and if it doesn't redirect him to login page
To be honest this is rather spagetti coded, a bit of a mess, but the problem is that login.php does not set $logged = true so login.php redirects to home.php and then home.php redirects to index.php
So try this
Login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email'])) {
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass)) {
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0) {
$message = 'your info was inccorrect';
} else {
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query)) {
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
// NEW LINE
$logged = 1;
}
header("Location: home.php");
}
}
?>
Related
i had some problems with this code, seen some guides and arrived to this. I just started php few days ago. How exactly do you do a search of database, then compare the user input to the database username and password?
the $sqlQuery i left it empty for the sql search and maybe someone can explain what you call the "->" symbol in the loop?
I allready managed to understand and do a sign up but the tutorials never explain exactly what is going and just type.
Thanks.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = '';
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
PHP PDO login with session - It's secure
index.php,general message.php, logout.php, site life.php (this page for session and put it in the other pages by required)
Database:
connection.php
<?php
$dsn = "mysql:host=localhost;dbname=mg";
$username = "root";
$password = "";
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
try{
$conn = new PDO($dsn,$username,$password,$options);
} catch (PDOException $e){
echo "Error!".$e->getMessage();
}
?>
index.php:
<?php
session_start();
if(isset($_SESSION['user'])){
header("location: general message.php");
}
require "connection.php";
if(isset($_POST['login'])){
$user = $_POST['username'];
$pass = md5($_POST['password']);
$messeg = "";
if(empty($user) || empty($pass)) {
$messeg = "Username/Password con't be empty";
} else {
$sql = "SELECT username, password FROM users WHERE username=? AND
password=? ";
$query = $conn->prepare($sql);
$query->execute(array($user,$pass));
if($query->rowCount() >= 1) {
$_SESSION['user'] = $user;
$_SESSION['time_start_login'] = time();
header("location: general message.php");
} else {
$messeg = "Username/Password is wrong";
}
}
}
?>
Site life.php (and I will put it in the the other pages by require "site life.php")
//The lives of session is one hour 60*60=3600
<?php
session_start();
if(isset($_SESSION['user'])){
if((time() - $_SESSION['time_start_login']) > 3600){
header("location: logout.php");
} else {
$_SESSION['time_start_login'] = time();
}
} else {
header("location: logout.php");
}
?>
logout.php
<?php
session_start();
session_destroy();
header("location: index.php");
?>
General message.php I put this in the header (to make a refresh every hour):
// 60*60=3600 one hour
<meta http-equiv="Refresh" content="3600" >
<?php
require ('site life.php');
?>
The -> is an object operator. so you can access attribute num_rows from $result.
This is the naive example (vulnerable to SQL injection) to give you an idea, it works.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = "SELECT * FROM user WHERE username = '$username' and password = '$password'";
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
This is the checklogin.php page. The whole idea is that based on your status (1 or 0) the program should guide you to the right page (red_form or yellow_form). At the moment this code will let me to login no matter who I am (not in database) or then will let me to login as a person from the database, but won't guide me correctly. What am I doing wrong?
<?php
require_once "connection.php";
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$username= $_POST['username'];
$password= sha1($_POST['password']);
$sql = "SELECT * FROM information WHERE username = '$username' AND password
='$password'";
$result = mysqli_query($connection, $sql);
if($result){
echo "Yippii";
} else {
echo "Error";
}
$rowcount = mysqli_num_rows($result);
if($rowcount > 0){
echo "Uspw ok";
$row = mysqli_fetch_assoc($result);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['status'] = $row['status'];
$_SESSION['username'] = $username;
$_SESSION['login'] = true;
echo $_SESSION['username'];
echo $_SESSION['id'];
if($_SESSION['status'] == "1"){
header('Location: red_form.php');
} else {
header('Location: yellow_form.php');
}
}
}
?>
</body>
</html>
You have given "else" condition in the wrong place. Your login is working fine, You can follow the code,
<?php
include("connection.php");
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$username= $_POST['username'];
$password= sha1($_POST['password']);
$sql = "SELECT * FROM chklogin WHERE username = '$username' AND password
='$password'";
$result = mysqli_query($conn, $sql);
if($result){
echo "Yippie";
} else {
echo "Error";
}
$rowcount = mysqli_num_rows($result);
echo ($rowcount);
if($rowcount > 0)
{
echo "Uspw ok";
$row = mysqli_fetch_assoc($result);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['status'] = $row['status'];
$_SESSION['username'] = $username;
$_SESSION['login'] = true;
echo $_SESSION['username'];
echo $_SESSION['id'];
if($_SESSION['status'] == "1"){
header('Location: red_form.php');
}
}
else
{
header('Location: yellow_form.php');
}
}
?>
<form method="post" action="">
<input type="text" name="username" placeholder="enter name"><br><br>
<input type="text" name="password" placeholder="enter password"><br><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
I am having index.php page as follow which have a login form, that calls login.php page. It creates session values over there.
<?php
session_start();
$con=mysqli_connect("localhost","root","","sam");
if (mysqli_connect_errno($con))
{
echo "Could not connect " . mysqli_connect_error();
}
$id = $_SESSION["id"];
$user_login = $_SESSION["user_login"];
$password_login = $_SESSION["password_login"];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Samsung Ops Guide</title>
<link href="css/index.css" rel="stylesheet" type="text/css" />
</head>
<body>
Tracker
<form action="login.php" method="post" id="login">
<input id="email" placeholder="T-ID" type="text" name="em" />
<input id="email" placeholder="Password" type="password" name="pwd"/>
<input id="loginButton" type="submit" value="Login" name="log" />
</form>
<div id="error1"></div>
</body>
</html>
<?php
if (isset($_SESSION["user_login"]) && isset($_SESSION["password_login"])) {
$query = mysqli_query($con,"select * from employees where Tid='$user_login' and password='$password_login'");
while($row = mysqli_fetch_array($query)){
$ptype = $row["designation"];
}
if($ptype=="agent")
{
header("location:/new/l1/");
}
if($ptype=="l2")
{
header("location:/new/l2/");
}
}
?>
Then having a login.php page which is called when the login form is called.
Login form calls and fetch values from the database and create session according to that.
login.php is as follows :
<?php
session_start();
include "inc_files/connection.php"; // it is only creating a connection with database nothing else
$user_login=$_POST['em'];
$password_login=$_POST['pwd'];
$password_login = md5($password_login);
if(empty($user_login) || empty($password_login))
{
die (retmsg(0,"Please fill T-ID and Password"));
}
$query = mysqli_query($con,"select * from employees where Tid='$user_login' and password='$password_login'");
$read = mysqli_num_rows($query);
if(!$read)
{
die (retmsg(0,"Incorrect T-ID or Password"));
}
else
{
while($row = mysqli_fetch_array($query)){
$id = $row["id"];
$ptype = $row["designation"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
if (isset($_SESSION["user_login"]) && isset($_SESSION["password_login"]))
{
if ($ptype == "l1")
{echo retmsg(1,"l1");}
if ($ptype == "l2")
{echo retmsg(1,"l2");}
}
}
function retmsg($status,$txt)
{
return json_encode(array('status' => $status, 'txt' => $txt));
}
?>
i am getting an error that
$id = $_SESSION["id"];
$user_login = $_SESSION["user_login"];
$password_login = $_SESSION["password_login"];
are not defined. in index.php
Here, the session variables will be set only when you have logged in. At first time, they are not set and you are trying to access them in these lines (in index.php).
$id = $_SESSION["id"];
$user_login = $_SESSION["user_login"];
$password_login = $_SESSION["password_login"];
firstly you have to check whether they are set, and then access it like:
if(isset($_SESSION["id"]))
$id = $_SESSION["id"];
if(isset($_SESSION["user_login"]))
$user_login = $_SESSION["user_login"];
if(isset($_SESSION["password_login"]))
$password_login = $_SESSION["password_login"];
When you are using the same page for form submission, you can access
$user_login=$_POST['em'];
$password_login=$_POST['pwd'];
only if the form is submitted. ie, On page load the form won't be submitted, which means there won't be any POST variables in the page. So surely it will create problem (the same issue we have discussed above). So here, you have to make sure that the form variables are accessed only if the form is submitted. You can do it by the following lines,
if (!empty($_POST)) // if there are any posted variables
{
$user_login=$_POST['em'];
$password_login=$_POST['pwd'];
$password_login = md5($password_login);
..............................
}
Also make sure that you have added all the code for form submission inside this if condition.
I don't know the exact error. Let try with single quotes.
$id = $_SESSION['id'];
$user_login = $_SESSION['user_login'];
$password_login = $_SESSION['password_login'];**
i am creating a simple login and logout script using php and mysql but when i try to enter the login.php or the index file i get an error message that say :
**The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept
cookies.**
i do not know how to solve or what is the error if anyone help me i will be appreciate
index.php
<?php
require_once('connect.php');
ob_start();
session_start();
//checked wether the user is loged in or not
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
$user = $_SESSION['username'];
header("Location: index.php");
exit();
}
else
{
header("Location: home.php");
}
// login script
if(isset($_POST['username'])&& isset($_POST['password']))
{
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']);
$user_password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password']);
$md5password = md5($user_password);
$sql = mysql_query("SELECT id FROM members WHERE username = '".$user_login."' AND password = '".$user_password."'") or die ("could not select from database");
$userCount = mysql_num_rows($sql);
if($userCount ==1)
{
while($row = mysql_fetch_array($sql))
{
$id = $row['id'];
}
$_SESSION['id'] = $id;
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: index.php");
exit();
}
else
{
echo "that info is incorrect";
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="login.php" method="post">
<input name="username" type="text" value="username" size="32" />
<input name="pass" type="password" value="password" size="32" />
<input name="login" type="submit" value="login" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>
home.php
<?php
//home.php
session_start();
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
logout.php
<?php
session_start();
session_destroy();
header("Location: index.php");
?>
In index.php you need to put this if condition on top after 'session_start();'
if($_SESSION['username'])
{
header("Location: home.php");
exit();
}
In while loop it should be header("Location: home.php"); instead of header("Location: index.php");
In home.php page you should put on top after opening php tag
ob_start();
session_start();
Hope it will work.
++++++++++++++++++++++++++++++++++++++++++
Use this code
index.php
<?php
require_once('connect.php');
ob_start();
session_start();
//checked wether the user is loged in or not
$user = $_SESSION['username'];
if($_SESSION['username'])
{
$user = $_SESSION['username'];
header("Location: home.php");
exit();
}
// login script
if(isset($_POST['username'])&& isset($_POST['password']))
{
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']);
$user_password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password']);
$md5password = md5($user_password);
$sql = mysql_query("SELECT id FROM members WHERE username = '".$user_login."' AND password = '".$user_password."'") or die ("could not select from database");
$userCount = mysql_num_rows($sql);
if($userCount ==1)
{
while($row = mysql_fetch_array($sql))
{
$id = $row['id'];
}
$_SESSION['id'] = $id;
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: home.php");
exit();
}
else
{
echo "that info is incorrect";
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="login.php" method="post">
<input name="username" type="text" value="username" size="32" />
<input name="pass" type="password" value="password" size="32" />
<input name="login" type="submit" value="login" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>
home.php
<?php
ob_start();
session_start();
//home.php
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
logout.php is correct
First, in index.php you don't need to "//checked wether the user is loged in or not", we should check that in home.php.
This code is causing your error : "The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete". You made a repetition (The session is not created but it is checked ...).
Second, in home.php, You have to write session_start() method, this is the code require when using session.
Refer my code:
index.php
<?php
ob_start();
session_start();
//check session is existed
if (isset($_SESSION['username'])) {
header("Location: home.php");
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$user_login = $_POST['username'];
$user_password = $_POST['password'];
if ($user_login == 'namluu' && $user_password =='123456') {
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: home.php");
exit();
} else {
echo 'Infor not correct';
exit();
}
}
?>
<html>
<head></head>
<body>
<form action="index.php" method="post">
<input type="text" name="username" />
<input type="text" name="password" />
<input type="submit" name="login" value="login" />
</form>
</body>
</html>
<?php
ob_end_flush();
?>
home.php
<?php
session_start();
//home.php
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
You haven't got session_start() at the top of home.php, which means you will have created an infinite loop between home.php and index.php.
Currently what is happening is when you access index.php, it recognises the session and redirects the user to home.php. As there is no session_start() in home.php, it doesn't recognise the session and redirects the user back to index.php. Thus you have an infinite loop.
I'm creating a website that contains a login page, profile page and logout page. I'm using sessions but I have a problem with dealing with sessions and I cannot understand what the error is or where it is to fix it.
The error I get is in the profile.php **(("you need to be loged in to view profiles"))line 8**
anyone have an idea or a solution plz tel me
login.php
<?php
require_once('for members/scripts/global.php');
$message = "";
if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
//error handeling
if((!$email)||(!$pass)){
$message = "please insert both fields";
}else{
// secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = "the information was incorrect!";
}else{
//start the sessions
$_SESSION['pass']=$pass;
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
/* to create a cookie on the HDD OF THE user
if($remember == "yes"){
//create the cookies
setcookie("id_cookie", $id, time()+60*60*24*100,"/");
setcookie("pass_cookie", $pass, time()+60*60*24*100,"/");
}
*/
header("Location:profile.php");
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style/stylesheet.css"rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="container center">
<p><?php print("$message") ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="Email Adress" /><br />
<input type="password" name="pass" placeholder="Password" /><br />
<input type="submit" name="login" value="Login" />
<strong> Register</strong>
</form>
</div>
</body>
</html>
profile.php
<?php
ob_start();
session_start();
require_once('for members/scripts/global.php');
if($logged == 0){
echo("you need to be loged in to view profiles");
exit();
}
if(isset($_GET['id'])){
$id=$_GET['id'];
$id= preg_replace("#[^0-9]#","",$id);
}else{
$id=$_SESSION['id'];
}
//collect member information
$query = mysql_query("SELECT * FROM members WHERE id='$id'LIMIT 1") or die("could not collect user information ");
$count_mem = mysql_num_rows($query);
if($count_mem == 0){
echo("the user does not exit");
exit();
}
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$fname = $row['firstname'];
$lname = $row['lastname'];
$profile_id= $row['id'];
if($session_id == $profile_id){
$owner = true;
}else{
$owner = false;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php print("$fname"); ?> <?php print("$lname"); ?>'s profile</title>
<link href="style/stylesheet.css" type="text/css"/>
</head>
<body>
<div class="container center">
<h1><?php print("$username"); ?></h1>
<?php
if($owner == true ){
header("Location: profile.php");
?>
<!--
edit profile<br />
account settings<br />
-->
<?php
}else{
header("Location: index.php");
?>
<!--
private message<br />
add as friend<br />
-->
<?php
}
?>
</div>
</body>
</html>
<?php flush(); ?>
logout.php
<?php
session_start();
session_destroy();
/*
if(isset($_COOKIE['id_cookie'])){
setcookie("id_cookie", "", time()-50000,"/");
setcookie("pass_cookie", "", time()-50000,"/");
}
*/
if(isset($_SESSION['username'])){
echo("we could not log out try again!");
exit();
}else{
header("Location: home.php");
}
?>
global.php
<?php
if(!isset($_SESSION))
{
session_start();
}
require_once('connect.php');
//checking if sessions are set
if(isset($_SESSION['username'])){
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['pass'];
$session_id = $_SESSION['id'];
//check if the member exist
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
while($row = mysql_fetch_array($query)){
$session_username = $row['username'];
}
//create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;
}else{
header("Location: logout.php");
exit();
}
}
$logged = 0;
/*
elseif(isset($_COOKIE['id_cookie'])){
$session_id = $_COOKIE['id_cookie'];
$session_pass = $_COOKIE['pass_cookie'];
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count > 0){
//loged in stuff here
$logged = 1;
}else{
header("Location: logout.php");
exit();
}
//if user is not log in
}
*/
?>
You're using $_SESSION without properly starting the session with line session_start() in your login.php page.
There are a few thing that can be wrong with what you have written. The $logged == 0 is defined in global.php I suppose. Is it starting the session in it as well (i.e., do you have session_start() in global.php)?
As far as I can see $logged could be whatever and thus you get the error. Starting the session in logging.php also should be fixed if not in global.php.
ok. Take everything out of global.php. If you want leave only session_start() but remove it from login.php and profile.php.
Then you have to move the sql query that checks the password and the username against the database to login.php instead of global.php and have it like this.
//check if the member exist
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
header("Location: profile.php");
while($row = mysql_fetch_array($query)){
$session_username = $row['username'];
}
//create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;
}else{
$logged = 0;
header("Location: logout.php");
exit();
}
you do not need these in login.php (replace them with the code above)
$message = "";
if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
//error handeling
if((!$email)||(!$pass)){
$message = "please insert both fields";
}else{
// secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = "the information was incorrect!";
}else{
//start the sessions
$_SESSION['pass']=$pass;
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;