Suppose that I have also coded a similar login form then issue the session by name via $_SESSION['name'] as follows
session_start();
if(!isset($_SESSION['name'])){
header("Location: login.php");
}
then right on the same file (display.php) I also display a form to post a message to the administrator to tell him about how I feel such as
<td>
<form action="tellhim.php" method="POST">
Title:<input type="text" col="30" name="comment_title"/><br/>
Your feeling:<br/><textarea name="comment_content" col="10"></textarea><br/>
<input type="hidden" name="postfeeling" value="TRUE"/>
<input type="submit" value="Submit"/>
</form>
</td>
that means, right after I click the button to submit my feeling I will be directed to tellhim.php. The problem then is that the session seems invalid right after the page is reloaded. Could someone help me out please ?
You should exit(); after header()
file tellhim.php needs that also:
session_start();
AND the session_id has somehow to be added to tellhim.php, automagically like this:
ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', TRUE);
ini_set('url_rewriter.tags', 'a=href,area=href,script=src,link=href,frame=src,input=src,form=fakeentry,form=post,form=action');
session_start();
You need to use session start() before all the files that you want to use
//login.php after login redirect to display.php
session_start();
//set session variable
$_SESSION['name'] = 'xxx';
//display.php
session_start();
if(!isset($_SESSION['name'])){
header("Location: login.php");exit;
}
{rest of the form code goes here}
Related
This question already has answers here:
proper way to logout from a session in PHP
(4 answers)
Closed 7 years ago.
I have a logout button which doesn't seem to work well. After clicking on it I can still see the "Welcome username" and the logout button is still there as in the picture below. Please let me know what's missing on my logout.php.
May I also ask how I could redirect the user back to the orginal page after clicking logout ? I try to use "header('Location: ' . $_SERVER['HTTP_REFERER']);" but it doesn't work ?
Index.php
<?php
ini_set("session.save_path", "sessionData");
session_start();
?>
<?php if (!isset($_SESSION['uName'])) { ?>
<form method="post" action="logonProcess.php">
<div>Username <input type="text" name="userName" placeholder="Username"></div>
<div>Password <input type="password" name="pwd" placeholder="Password"></div>
<div><input type="submit" value="Logon"></div>
</form>
<?php } else { }?>
<?php if (isset($_SESSION['uName'])) {
$username = $_SESSION['uName'];
echo "<p>Welcome $username</p>\n";
?>
Logout
<?php } else { }?>
Logout.php
<?php
unset($_SESSION['user']);
session_destroy(); // Destroying All Sessions
header("Location: index.php"); // Redirecting To Home Page
?>
Try starting session first:
Logout.php
<?php
session_start();
unset($_SESSION['uName']);
session_destroy(); // Destroying All Sessions
header("Location: index.php"); // Redirecting To Home Page
?>
source from: http://www.hackingwithphp.com/10/3/5/ending-a-session
try adding this to your logout file:
unset($_SESSION['uName']);
All your scripts that use sessions need to use the same session.save_path setting. Since you set that in index.php, you also need to set it in logout.php. Otherwise, logout.php won't be able to access the session data.
I am trying to display session information like username, as user login through login page, the session has to capture user entered username and should display in page. Below i have tried php script, but its not echoing the username, Kindly check in the script for errors, thanks in advance.
<?php
session_start();
$_SESSION['test']= $_POST['myusername'];
$name= $_SESSION['test'];
echo $name;
?>
<form action="login.php" method="post">
<p>Username</p>
<input name="myusername" type="text" id="myusername" required>
<p>Password</p>
<input name="mypassword" type="password" id="mypassword"required></br>
<button><img src="http://icons.iconarchive.com/icons/webiconset/application/32/Register-icon.png" /></button>
</form>
login.php
Output i am getting is , simply its going to next page without displaying user name.
You can't access session data until after you call session_start(). So your first if statement is unnecessary and problematic as you can't check if a session variable exists until after you start your session. Also, make sure session_start() is called at the top of every page you wish to use sessions.
<?php
session_start();
$_SESSION['test']= $_POST['myusername'];
You must varify first that is session started or not. you can check it by using this code for Version PHP >= 5.4.0:-
if (session_status() !== PHP_SESSION_ACTIVE) {session_start();}
or
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
or by this code for Version PHP < 5.4.0:-
if (session_id() === "") { session_start(); }
Then you can see all session stored values just by printing them as array.
echo "<pre>";
print_r($_SESSION);
then you can assign to session your post varible value like this.
$_SESSION['test']= $_POST['myusername'];
echo $_SESSION['test'];
You are setting session before post. Please use below code.
login.php
<?php
if(isset($_POST['myusername']))
{
// your code
session_start();
$_SESSION['test']= $_POST['myusername'];
}
?>
<form action="login.php" method="post">
<p>Username</p>
<input name="myusername" type="text" id="myusername" required>
<p>Password</p>
<input name="mypassword" type="password" id="mypassword"required></br>
<button><img src="http://icons.iconarchive.com/icons/webiconset/application/32/Register-icon.png" /></button>
</form>
newpage.php
<?php
session_start();
echo $_SESSION['test'];
?>
I am setting a session variable when a submit button is pressed like so:
<?php
$submit = #$_POST["submit"];
if($submit){
$_SESSION['id'] = $id;
}
?>
<form action="add.php" method="POST">
<input type="submit" name="submit" value="Add">
</form>
However, in the page add.php when I do:
print_r($_SESSION['id'];
I get the following error:
Undefined index: id
I'm new to sessions so still trying to come to grips with them, but I thought the part where I do $_SESSION['id'] = $id; is where I define the index id to be the value of the $id variable? Could someone explain where I am going wrong?
UPDATE:
In case you're wondering if I am using session_start(): At the top of the page with the form, I include my header page which at the top contains require_once './init.php';. At the top of my add.php I just have the line require_once './init.php'; (I do not include the header file in add.php as this page will redirect as soon as it has executed its code.
In the init.php file is the following:
<?php
session_start();
require_once 'configurate.php'; //database info
?>
you should call session_start() before setting any values in $_SESSION
change your code like this
<?php
session_start();
$submit = #$_POST["submit"];
if($submit){
$_SESSION['id'] = $id;
}
?>
<form action="add.php" method="POST">
<input type="submit" name="submit" value="Add">
</form>
I hope you have initialized your session via session_start before setting and retrieving the value from $_SESSION
if the value submitted via $_POST["submit"] compares to false (e.g. "" or 0) your condition if($submit) won't succeed, better use if (isset($_POST['submit'] instead
I'm developing a simple member management system with php, and I've met a problem:
The user logs in and it is redirected to a main page and the user ID is saved in the session; there are some links to other pages in the main page, after the user clicks and is trying to go back to main by pressing browser "Back" button, sometimes the user ID in the session is lost.
I've checked the session save path, a new session file is created when I click "Back" button, so I assume the session_start() creates a new session for it; but I still don't know why, it's a random case...
Is there any way to solve it?
main.php:
<?php session_start(); ?>
<?php
$echo_string = '
<body>
a
b
</body>';
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
login.php:
<?php
session_start();
if (isset($_POST['userLogin'])) {
$_SESSION['user'] = $_POST['userLogin'];
// check userLogin in db
...
}
header("Location: main.php");
?>
<form novalidate="" method="post" action="login.php">
<label class="hidden-label" for="Username">Username</label>
<input id="Username" name="userLogin" type="text" placeholder="Username" value="" spellcheck="false" class="">
<label class="hidden-label" for="Passwd">Password</label>
<input id="Passwd" name="userPassword" type="password" placeholder="Password" class="">
<input id="signIn" name="signIn" class="rc-button rc-button-submit" type="submit" value="Log in">
</form>
a.php:
<?php session_start(); ?>
<!DOCTYPE html>
<html lang="en">
<head>...</head>
<?php
$echo_string = '...'; // a html format string
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
</html>
b.php is almost same as a.php
Thanks.
BR,
Sean
session_start()-docs:
"session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie."
so you see, that when a session exists it doesnt create a new, that means when you set something like $_SESSION['logged_in'] = true; you should check before if $_SESSION is already filled with your infos
I am doing a project in school, I need to know a simple way to stop poeple from entering the site without a session. I have alot of pages I don't believe I spent the time pasting code on every page. Also I have menu bar that is included in every page thanks to php, so i was wondering wat type of code would I have to put in the menu to block user without a session. The rest of the content code is on the pages that I want to hide. I believe that you can login by typing out the url and allow users to see hidden pages that are for logged in users.
Please do not use a plain cookie. Sessions are the way to go. Or if can't use sessions and must use a cookie, sign the cookies first to be able to verify that your application was really the one to set it.
<?php
session_start();
if (!isset($_SESSION['authenticated'])) {
header('Location: login.php');
exit;
}
... whatever logged in users should see ..
If you don't want to use session, then use cookie.
<?php
/*Just add this piece of PHP code to top of any page you
don't want not-logged in users to see */
if (!isset($_COOKIE['logged']))
header("Location: login.php"); //It redirects the user to your login page
?>
<html>
<body>
...
</body>
</html>
Login page could be like this:
<?php
if (isset($_COOKIE['logged']))
header("home.php");
if ($_POST['submit']) {
//get username and password
$uname = $_POST['uname'];
$pass = $_POST['password'];
if ($uname=="correct" && $pass=="correct"){ //EDIT
setcookie('logged','1');
header("Location: home.php"); //Redirect to home page
}
else echo "Wrong combinaton!";
}
?>
<html>
<body>
<form action="login.php" method="post">
<label>Username</label><input type="text" name="uname" /><br />
<label>Password</label><input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Login" />
</form>
</body>
</html>