i'm a little lost working without cookies.
I want to create a session passing the SID through the url, but i don't know how to pass and get data from another page.
I've googled a lot but 90% of the examples are with cookies.
Here is what i have.
index.php
<?php
ini_set("session.use_cookies",0);
ini_set("session.use_only_cookies",0);
ini_set("session.use_trans_sid",1);
session_start();
?>
<html>
<head>
<title>Index</title>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<link rel="STYLESHEET" type="text/css" href="style.css">
</head>
<body>
Index
Second
<form action="access.php" method="POST">
User: <input type="text" name="user" size="15"/><br>
Pass: <input type="password" name="pass" size="15"/><br>
<button type="submit"/>Ok</button>
<button type="reset"/>Reset</button>
</form>
Logged as: <?php print $_SESSION["name"]; ?>
</body>
</html>
access.php last part
........
.......
....
if($count==1){
// Register $myusername and redirect to file "second.php"
ini_set("session.use_cookies",0);
ini_set("session.use_only_cookies",0);
ini_set("session.use_trans_sid",1);
session_name('test');
session_start();
$_SESSION['name'] = $myusername;
header("location:second.php?".SID);
exit;
}
else {
echo "Wrong Username";
}
ob_end_flush();
?>
second.php
<?php
ini_set("session.use_cookies",0);
ini_set("session.use_only_cookies",0);
ini_set("session.use_trans_sid",1);
session_start();
?>
<html>
<head>
<title>Second</title>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<link rel="STYLESHEET" type="text/css" href="style.css">
</head>
<body>
Index
Second<br>
Logout<br>
Logged as: <?php print $_SESSION["name"]; ?>
</body>
</html>
logout.php
<?php
ini_set("session.use_cookies",0);
ini_set("session.use_only_cookies",0);
ini_set("session.use_trans_sid",1);
session_start();
session_unset();
session_destroy();
header('Location: index.php');
exit;
?>
-What do i have to put in "Logged as:" ?. "print $_SESSION["name"];" shows nothing.
-When i log in, i'm redirected to second.php, then i click on any link and the actual logged session dies and SID changes.
thx!
I just copied your code and tested it out myself. Everything is good but do not use, session_name('test') in your access.php file. Not really sure what that does but it breaks when I have it included. Instead, I used the $_SESSION['name'] without calling the session_name() function and all is working.
In order to pass anything through a URL you must use the proper syntax:
your.url.com/?key=value&key2=value2... and so on
Then to retrieve this data:
echo $_GET['key'] and echo $_GET['key2']
Related
I've spent a lot of time today researching this site for my solution but I have had no luck. I'm currently trying to learn php and working on my second project. I can only use PHP. I originally had my delete session and redirect in a separate logout.php file. This was working but then I found out that I can't do this. I've been instructed that I need to "clear the login, delete the session, and redirect back to the login page" and do this within an isPostBack in the results.php file. After a lot of research today I thought I was understanding how to do this but I can't get it to work. Hoping I can get some help.
<?php
session_start();
//require_once('cookies.php');
$isPostBack = filter_input(INPUT_GET, 'submit');
//this is where I need to do the isPostBack for user clicking "logout".
if ($isPostBack) {
// clear ALL session data from memory
// clean up the session and remove the session ID.
// redirect to index.php
endSession();
session_destroy();
header("Location: index.php");
} else {
// user did not click logout doNothing();
}
?>
<html lang="en">
<head>
<title>Results</title>
<link rel="stylesheet" type="text/css" href="">
</head>
<body>
<form action="results.php">
<input type="submit" id="submit" name="submit" value="Logout" />
</form>
<section>
<?php
foreach($_SESSION['answers'] as $answer){
echo "<p>$answer</p>";
}
?>
</section>
</body>
Try to provide name attribute
<input type="submit" id="submit" value="Logout" name="logout"/>
and use only logout variable in place of submit or provide two different fields
$isPostBack = filter_input(INPUT_GET, 'submit');
$isPostBack = filter_input(INPUT_GET, 'logout');
I seem to have found my solution. I needed to give the isPostBack variable a name that matched the name given to the logout button. I also needed to include !==NULL after the isPostBack. I changed endSession(); to $_SESSION = array(); According to my research, endSession(); "removes all session variables". It seems to be working as it should now. Here is my edited code.
<?php
session_start();
$isPostBack = filter_input(INPUT_GET, 'submit')!==NUll;
//this is where I need to do the isPostBack for user clicking "logout".
if ($isPostBack) {
// clear ALL session data from memory
// clean up the session and remove the session ID.
// redirect to index.php
$_SESSION = array();
session_destroy();
header("Location: index.php");
} else {
// user did not click logout doNothing();
}
?>
<html lang="en">
<head>
<title>Results</title>
<link rel="stylesheet" type="text/css" href="">
</head>
<body>
<form action="results.php">
<input type="submit" id="submit" name="submit" value="Logout" />
</form>
<section>
<?php
foreach($_SESSION['answers'] as $answer){
echo "<p> $answer</p>";
}
?>
</section>
</body>
If you need to remove se particular session values you can use unset()
unset ($_SESSION['userid'])
newbie here...
so yeah, i already tried searching all those page-related about my question, but im still stuck...
anyway, my problem is that i always keep getting back at my login page, which is my index.php
oh btw, im still using PHP version 4.4.8
here is my code for my problematic main page, main.php
<?php
session_start();
include '../config.php';
if(!isset($_SESSION['admin'])){
header("location:index.php");
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>KSP Setia Finance</title>
</head>
<body>
<h1>test page</h1>
</body>
</html>
and here is my login page code, which is index.php
<?php
session_start();
include '../config.php'; ?>
<!DOCTYPE html>
<html >
<head>
<title>Login Form</title>
</head>
<body>
<div class="login">
<h1>Login</h1>
<form action="login_act.php" method="post">
<input type="text" name="username" placeholder="Username" required="required" />
<input type="password" name="password" placeholder="Password" required="required" />
<button type="submit" name="login" value="Login" class="btn btn-primary btn-block btn-large">Log In</button>
</form>
</div>
<script src="js/index.js"></script>
</body>
</html>
since everyone asking, here my login_act.php, already inserted with session_start
<?php
session_start();
include('../config.php');
if(isset($_POST['login'])){
$user = mysql_real_escape_string(htmlentities($_POST['username']));
$pass = mysql_real_escape_string(htmlentities(md5($_POST['password'])));
$sql = mysql_query("SELECT * FROM user WHERE username='$user' AND password='$pass'") or die(mysql_error());
if(mysql_num_rows($sql) == 0){
echo 'User not found';
}else{
$row = mysql_fetch_assoc($sql);
if($row['level'] == 1){
$_SESSION['admin']=$user;
echo '<script language="javascript">alert("u are Login as Admin!"); document.location="index.php";</script>';
}else
echo 'sorry, u cant access this one';
}
}
?>
print value of $_SESSION on main.php and check if there is any key as 'username' and check login.php, what values are you storing in $_SESSION array
so i recently asking my friends, and here is the results:
all i need is just put those $SESSION_START above all, or make another php and link them all. so here my latest result that worked :
main.php
<?php
include 'access.php';
?>
<!DOCTYPE HTML>
<html>
<head>
<title>KSP Setia Finance</title>
</head>
<body>
<h1>test page</h1>
</body>
</html>
access.php
<?php
session_start();
if(!isset($_SESSION['admin'])){
echo '<script language="javascript">alert("you must Login!"); document.location="../index.php";</script>';
}
?>
and last, config.php
<?php
session_start();
mysql_connect("localhost","root","");
mysql_select_db("koperasi");
?>
i deleted that broken login_act.php, and making all the page i had to be linked directly with the access.php, which make it easier to manage the session. thank you to all that bear with my php problem and stupidity. hope this all gonna help those who still wandering and asking the same question.
php session variables dont carry over from login page to home page. I can see the variables being saved in the session files on the web server with the correct values, but the second page doesn't see them. looks like it is openeing a new session every time.
The home page just redirects back to login page even after successful login. I do see that there have been quite a few questions in the forum on this issue. But most of them have the same solution. use session_start().
I've used session_start() on both pages.
My actual plan was to use MySQL db for saving session data. Login page would write session data to DB but the home page wouldnt read it. I'm trying to use local files now to eliminate any issue with the DB or my code for session management using DB. I still have the same issue with local files as well.
login.php
<?php
session_start();
if(isset($_POST['submit'])) {
//sanitize the data
$user = htmlspecialchars (stripslashes (trim ($_POST['user'])));
$password = htmlspecialchars (stripslashes (trim ($_POST['password'])));
$domain = htmlspecialchars (stripslashes (trim ($_POST['domain'])));
//validate user account from LDAP.
//once authorized, assign session variables and redirect to home page.
$_SESSION['accesslevel'] = "III";
$_SESSION['loggedin'] = "true";
$_SESSION['user'] = $user;
$_SESSION['name'] = $name;
header('location:home.php');
?>
`<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Admin Login</title>
<link rel="stylesheet" href="css/login.css">
</head>
<body>
<div class="logincontainer">
<div class="login">
<h1>Login</h1>
<form action="<?php htmlentities(urldecode($_SERVER['PHP_SELF']));?>"
method="post">
<p><b></b><input type="text" name="user" value="" placeholder="ADM_5-
2-1" required autocomplete="off"></p>
<p><b> </b><input type="password" name="password" value=""
placeholder="Password" required autocomplete="off"></p>
<p><select name="domain">
<option value="DOMAIN">DOMAIN</option>
<option value="domain">NANET</option>
<option value="domain">EUNET</option>
<option value="domain">APNET</option>
<option value="domain">JPNET</option>
</select>
</p>
<p class="submit"><input type="submit" name="submit" value="Login">
</p>
</form>
</div>
</div><br>
<div class="error">
<?php //print_r($_POST);?>
<?php //var_dump($_POST);?>
<?php //echo $msg;?>
</div>
</body>
</html>
home.php
<?php
session_start();
if ((!isset($_SESSION['loggedin'])) or ($_SESSION['loggedin'] != true)) {
header ("location: login.php");
}
<<<<html (php uses session variable (name) for user profile menu>>>>>
?>
In your login.php, Change the $_SESSION['loggedin'] = "true"; to $_SESSION['loggedin'] = true;
So I'm trying to make a secure homepage that checks if you're logged in by getting the text that the user entered on the login page and checking they are correct (so you can't just do www.website.com/home.php to bypass login)
<body onload="OpenPhp()">
<form name="GetLogin" action="GetIfLoggedIn.php">
</body>
The script is :
<script>
function OpenPhp(){
document.GetLogin.submit();
}
</script>
the php script should include the username and password vars from the login script and re-check them
<?php include "Login.php";
if($Username === "*****" and $Password === "******"){
// Return To Page
}else{
//Go Back To Login Page
}
?>
But the include statement makes the home page inaccessible. Every time I go to the home page it just sends me back to the index.html page.
Are there any better ways to secure a web page? If so please tell me or explain why this doesn't work,
For securing a webpage i encourage you to work with sessions.
You use one script (lets call it login.php) to allow the user to login. If the login is correct you store the username as a session variable.
In your secured pages you just check if the username is set in the session.
In all your scripts you need to execute session_start(); to make the $_SESSION superglobal variable available.
For logging out you can just destroy the users session using session_destroy();
Examples:
login.php:
session_start();
function isValidLogin($username_, $password_)
{
if($username_=='sam' && $password_=='secret')
return true;
return false;
}
if(isValidLogin($username, password))
{
$_SESSION['username']=$username;
}
your_secured_page.php:
session_start();
if(isset($_SESSION['username'))
{
// display page
}
else
{
// redirect to login.php
}
logout.php
session_destroy();
Another tutorial i found:
http://www.formget.com/login-form-in-php/
You Might Wanna Use This.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Fetch Array Trick</title>
</head>
<body>
<?php
$con = mysqli_connect("localhost","root","","lesson") or die("Connection Not Established");
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$username = $_POST['username'];
$password = $_POST['password'];
$get=array("0"=>$username,"username"=>$username,'1'=>$password,"password"=>$password);
//Created an array above that matches username and password.
$lol = mysqli_query($con,"Select username,password from users");
while($pre= mysqli_fetch_array($lol)){
//Now we check if, while in the loop, any tuple matches
if (($get == $pre)){
echo '<h1><font color=green>Found</font></h1>';
//Use JavaScript To Redirect or clear headers to use header("location: dashboard.php");
exit;
}
}
echo '<h1><font color=red>Not Found</font></h1>';
}
?>
<form action="" method="post">
<p><label for="u">Username</label><input type="text" name="username" id="u"></p>
<p><label for="password">Password</label><input type="password" name="password" id="password"></p>
<p><input type="submit" name="submit" value="Login" id="submit"></p>
</form>
</body>
</html>
I'm having some difficulty with PHP sessions.
The idea is to prevent users from accessing the administrator panel / pages by using the direct URL.
I have created a login form and that works well (login.php)
Once the username and password are correctly entered, the login form takes the user to the admin panel (admin.php)
However when I added the following script PHP to the (admin.php) page, it does not work.
When I enter the username and password on the login page, it always fails and re-directs me to login.php
The script on the admin.php is used to prevent users from accessing the page if
the session variable is not set
ANY help greatly appreciated :)
<link rel="stylesheet" type="text/css" href="admin_panel.css" media="all">
</head>
<body>
<form method="post">
<input type="text" name="user_name" placeholder="Username" required="required" />
<input type="password" name="user_pass" placeholder="Password" required="required" />
<button type="submit" class="btn btn-primary btn-block btn-large" name="login">Let me in.</button>
</form>
</div>
</body>
//===================================== login.php
<?php
include("includes.php");
if(isset($_POST['login'])) {
echo $user_name = mysql_real_escape_string ($_POST['user_name']);
echo $user_pass = mysql_real_escape_string ($_POST['user_pass']);
$encrypt = md5($user_pass);
$select_user = "select * from users where user_name= '$user_name' AND user_password = '$user_pass'";
$run_user = mysql_query($select_user);
if(mysql_num_rows($run_user)>0){ // what does this function DO?
$_SESSISON['user_name'] =$user_name;
echo "<script> window.open('admin_panel.php?logged=You have logged in','_self' )</script>";
}
else {
echo "<script> alert('Wrong details')</script>";
} }
?>
</html
// admin.php script ====================
<?php
session_start();
if(!isset($_SESSION['user_name'])) {
echo "<script>window.open('login.php','_self')</script>";
}
else { // ELSE CLOSED BOTTOM OF THE PAGE
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin page</title>
<link rel="stylesheet" type="text/css" href="admin_panel.css" media="all">
</head>
<body>
comments(0)
Insert New Post
Admin Logout
<?php
if(isset($_GET['insert_cat'])) {
include("insert_cat.php");
}
if(isset($_GET['insert_post'])) {
include("insert_post.php");
}
?>
</body>
<?php } ?> // CLOSE ELSE
</html>
It's better to use an authentication system from framework like Zend, Symfony, Laravel etc. than $_SESSION included in PHP.
To redirect user you can use function header()
for example:
header('Location: login.php');
it's important to set charset to 'UTF-8 without BOM' and it can't be any output before header()