echo $_SESSION broken - php

When I run the site, this dissapears on it:
<?php
echo $_SESSION["UserID"];
?>
I don't know why, it seems obvious it should work, it did in a video I watched? It kind of works when I make it:
<?php
echo '$_SESSION["UserID"]';
?>
But then it just echo's:
$_SESSION["UserID"]
And not the actual session id
Here is the whole script:
<?php require 'Connections/Connections.php'; ?>
<?php
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Titled Document</title>
<link href="C:/Users/Mikkel/Desktop/HTML & CSS/bootstrap.css" rel="stylesheet" />
<link href="CSS/Layout.css" rel="stylesheet" type="text/css" />
<link href="CSS/Menu.css" rel="stylesheet" type="text/css" />
</head>
<body>
<br><?php echo $_SESSION["UserID"]; ?>
<div id="Holder">
<div id="Header"></div>
<div id="NavBar">
<nav>
<ul>
<li>Login</li>
<li>Register</li>
<li>Forgot Password</li>
</ul>
</nav>
</div>
<div id="Content">
<div id="PageHeading">
<h1>Page Heading</h1>
</div>
<div id="ContentLeft">
</div>
<div id="ContentRight"></div>
</div>
<div id="Footer"></div>
</div>
</body>
</html>
And here is the script that makes it:
<?php require 'Connections/Connections.php'; ?>
<?php
if(isset($_POST['submit'])){
$UN = $_POST['username'];
$PW = $_POST['password'];
$result = $con->query("select * from user where Username='$UN' AND Password='$PW'");
$row = $result->fetch_array(MYSQLI_BOTH);
session_start();
$_SESSION["UserID"] = $row['UserID'];
header('Location: account.php');
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
<link href="C:\Users\Mikkel\Desktop\HTML & CSS" rel="stylesheet" />
<link href="CSS/Layout.css" rel="stylesheet" type="text/css" />
<link href="CSS/Menu.css" rel="stylesheet" type="text/css" />
<link href="CSS/Bootstrap.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="Holder">
<div id="Header"></div>
<div id="NavBar">
<nav>
<ul>
<li>Login</li>
<li>Register</li>
<li>Forgot Password</li>
</ul>
</nav>
</div>
<div id="Content">
<div id="PageHeading">
<h1>Page Heading</h1>
</div>
<div id="ContentLeft">
<h2>Your Message Here </h2><br />
<h6>Your Message</h6>
</div>
<div id="ContentRight">
<form id="form1" name="form1" method="post">
<div class="FormElement">
<p>
<input name="text" type="text" required="required" id="username" placeholder="Username">
</p>
<p> </p>
</div>
<div class="FormElement">
<p>
<input name="password" type="password" required="required" id="password" placeholder="Password">
</p>
<p> </p>
</div>
<div class="FormElement">
<p>
<input name="submit" type="submit" class="btn-primary" id="submit" value="Submit">
</p>
<p> </p>
</div>
</form>
</div>
</div>
<div id="Footer"></div>
</div>
</body>
</html>


It is usually best practices to start the session in the beginining of the document and not in the middle. However, your issue is that when you make the query, it does not bring in the variables $UN and $PW. Since you started it off with a " then, PHP will not parse the inside of it. You can "pause" it with: "select * from user where Username='" . $UN . "' AND Password='" . $PW . "'"
So, the session is never being properly set.
However, since the above method is unconventional, and since you are doing authentication, you should be using prepared statements. http://www.w3schools.com/php/php_mysql_prepared_statements.asp

Related

how to prevent from going back to login page after logging in

I have developed a website in php. The index.php is a login form. After logging in dashboard.php is coming. But when I press the back button in the browser it is redirecting to the login page. How to prevent it. If there is any solution please tell. Thanks in advance. The codes are given below:
index.php
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title></title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/bootstrap.min.css">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.2/css/all.css" integrity="sha384-fnmOCqbTlWIlj8LyTjo7mOUStjsKC4pOpQbqyi7RrhN7udi9RwhKkMHpvLbHG9Sr" crossorigin="anonymous">
<link rel="stylesheet" type="text/css" href="style.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
</head>
<body style="background-image: url('https://www.pixelstalk.net/wp-content/uploads/2016/05/HD-Black-Picture.jpg');">
<section id="login">
<div class="container">
<div class="row">
<div class="col-sm-2"></div>
<div class="col-sm-8 col1">
<div class="row">
<div class="col-sm-7 co2">
<h1 class="h1">Orbit Shifters Employee Site</h1>
<h2 class="h2">Login Here <i class="fas fa-long-arrow-alt-right"></i></h2>
</div>
<div class="col-sm-5 co1">
<form method="post" action="func.php">
<div>
<input type="text" name="username" class="i1" placeholder="Enter Your Username">
</div>
<div>
<input type="password" name="password" class="i1" placeholder="Enter Your Password">
</div>
<div>
<input type="submit" name="submit" class="btn btn1">
</div>
</form>
</div>
</div>
</div>
<div class="col-sm-2"></div>
</div>
</div>
</section>
</body>
</html>
func.php
<?php
session_start();
$con=mysqli_connect("localhost","root","","login");
$connect = new PDO('mysql:host=localhost;dbname=login', 'root', '');
if(isset($_POST['submit'])){
$username=$_POST['username'];
$password=$_POST['password'];
$query="select * from signup where username='$username' and password='$password';";
$result=mysqli_query($con,$query);
$row=mysqli_fetch_assoc($result);
if(mysqli_num_rows($result)==1)
{
$_SESSION["username"] = $username;
$_SESSION['status']="Active";
header("Location:dashboard.php?name=".$row['name']);
exit;
}
else{
echo "<script>alert('Enter Correct Details!!')</script>";
echo "<script>window.open('index.php', '_self')</script>";
}
}
?>
dashboard.php
<?php
session_start();
if($_SESSION['status']!="Active")
{
header("location:index.php");
}
else{
$name=$_GET['name'];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title></title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/bootstrap.min.css">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.2/css/all.css" integrity="sha384-fnmOCqbTlWIlj8LyTjo7mOUStjsKC4pOpQbqyi7RrhN7udi9RwhKkMHpvLbHG9Sr" crossorigin="anonymous">
<link rel="stylesheet" type="text/css" href="style.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
</head>
<body style="background:url(https://i.pinimg.com/originals/e5/f3/af/e5f3af2b9186af6e86187c84f4ad930e.jpg);">
<nav class="navbar navbar-inverse">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="dashboard.php?name=<?php echo $name; ?>">Dashboard</a>
</div>
<div class="collapse navbar-collapse" id="myNavbar">
<ul class="nav navbar-nav navbar-right">
<li class="li1"><span class="glyphicon glyphicon-log-in"></span> Logout</li>
</ul>
</div>
</div>
</nav>
<section id="dashboard">
<div class="container">
<div class="row ro1">
<p class="p1"> Hello <?php echo $name; ?>, Welcome to Orbit Shifters EMployee Site.</p>
</div>
<div class="ro1">
<div class="col-sm-4 col2">
<button class="btn btn2">Project 1 <br>Report <br>Submission</button>
</div>
<div class="col-sm-4 col2">
<button class="btn btn2">Project 2 <br>Monthly Report <br>Submission</button>
</div>
<div class="col-sm-4 col2">
<button class="btn btn2">Project 3 <br>Feedback <br>Submission</button>
</div>
</div>
</div>
</section>
</body>
</html>
<?php
}
?>
logout.php
<?php
session_start();
session_destroy();
$_SESSION = array();
unset($_SESSION['username']);
unset($_SESSION['status']);
header("Location:index.php");
?>

I am not sure if I understand the problem correctly, but what if you add a check at the beginning of the index.php file that would redirect you to the dashboard if you are logged in ? Something like this
// index.php
<?php
session_start();
if (isset($_SESSION['status']) && $_SESSION['status'] === "Active") {
header("location: dashboard.php");
}
?>
<!DOCTYPE html>
<html>
<head>
...
this way, if you click back in the browser, you will still go to index.php, but then you will be redirected to the dashboard again if you are already logged in

IIS - PHP page load only after reloading 2-3 times

So i have this page setup for my private game server. I host the game server and web on the same dedicated server running windows server 2016. I use IIS to host the website. Right now am facing a problem, page only loads after reloading for 2-3 times. Till then it returns HTTP error 500. Once the page is loaded, i have to refresh multiple times to load each content. What is going on ?
Page -> www.ram-sro.com
Index.php
<?php
include("_incl/config.inc.php");
$sec = new Security();
$conf = new Config();
$mssql = new mssql();
$mssql->dbOpen($conf->accountDbName);
$modDir = "mod/";
$modExt = ".php";
session_start();
?>
<div id="google_translate_element"></div><script type="text/javascript">
function googleTranslateElementInit() {
new google.translate.TranslateElement({pageLanguage: 'en', layout: google.translate.TranslateElement.InlineLayout.SIMPLE}, 'google_translate_element');
}
</script><script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title><?php echo "$conf->siteName" ?></title>
<link type="text/css" rel="stylesheet" media="all" href="css/style.css" />
<link rel="shortcut icon" href="img/favicon.png" type="image/x-icon" />
<meta name="description" content="<?php echo $conf->description; ?>" />
<meta name="keywords" content="<?php echo $conf->keywords; ?>" />
<script type="text/javascript">
<!--
function clearText(formfield){
if (formfield.defaultValue==formfield.value) {
formfield.value = ""
}
}
-->
</script>
</head>
<body>
<center>
<div id="page-body">
<div class="page-body topbox">
<div class="page-body blackspace"></div>
<div class="page-body topbox-content">
<div class="topbox-webtitle">
</div>
<div class="topbox-user">
<div class="social-networks">
<img src="img/fb-icon.png" width="40px" height="40px;" alt="Visit us at facebook!" />
<img src="img/tw-icon.png" width="40px" height="40px;" alt="Visit us at twitter!" />
</div>
<div class="form">
<?php include($modDir."user".$modExt);?>
</div>
</div>
</div>
</div>
<div class="page-body spacer"></div>
<div class="page-body menubox">
<div class="menubox-content">
<div id="menubar">
<ul>
<?php
include($modDir."menu".$modExt);
?>
</ul>
</div>
</div>
</div>
<div class="page-body spacer"></div>
<div class="page-body content">
<div class="page-body leftblock">
<?php
include($modDir."page".$modExt);
?>
</div>
<div class="page-body rightblock">
<?php
include($modDir."social".$modExt);
?>
<div class="page-body spacer"></div>
<div class="page-body info">
<?php
include($modDir."info".$modExt);
?>
</div>
</div>
</div>
<div class="clear"></div>
</div>
</center>
</body>
</html>

How to change pages without changing url?

I am currently working on a project, but I'm just stuck on something. I know there are a lot of questions related to this, but I couldn't find any useful information.
I'm new to PHP and I need to write php code which changes pages and doesn't change the URL (i.e if I am going to login.php, the URL should still be home.php) and I need to use the GET method.
I'm sorry if there are some mistakes in my code, but thanks for any help.
Here is my home.php file:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<link rel="stylesheet" type="text/css" href="Layout.css" />
<link rel="stylesheet" type="text/css" href="Menu.css" />
<meta http-equiv="Content-Type" content="text/html"; charset=utf-8" />
<title> Title </title>
</head>
<body>
<div id="Holder"></div>
<div id="Header"></div>
<div id="NavBar">
<nav>
<ul>
<li> Home </li>
<li>Login </li>
<li>Register </li>
</ul>
</nav>
</div>
<div id="Content">
<div id="PageHeading">
<h1> Welcome to HOME page </h1>
</div>
</div>
<div id="Footer"></div>
</body>
</html>
Here is my login.php file:
<?php
session_start();
$db = mysqli_connect ("localhost", "root", "","information1");
if (isset($_POST['Register'])){
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$sql = "SELECT username, password FROM user WHERE username='$username' AND
password='$password'";
$base =mysqli_query ($db, $sql);
if (mysqli_num_rows($base) == 1) {
header ("location: nav_menu.php");
}
else
{
echo "Passwords does not match";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="Layout.css" />
<link rel="stylesheet" type="text/css" href="Menu.css" />
<meta http-equiv="Content-Type" content="text/html"; charset=utf-8" />
<title> Title </title>
</head>
<body>
<div id="Holder"></div>
<div id="Header"></div>
<div id="NavBar">
<nav>
<ul>
<li> Home </li>
<li>Login </li>
<li>Register </li>
</ul>
</nav>
</div>
<div id="Content">
<div id="PageHeading">
<h1> Welcome to HOME page </h1>
</div>
<div id="ContentRight">
<h2> Text2 </h2> </br>
<h6> Text3 </h6 </br>
</div>
<div id="ContentLeft">
<form name ="form2" method="POST" action="login.php">
<div class = "ContentTable">
<table width="400" border="0" align ="left">
<tbody>
<h4> Username: </h4>
<input type="text" name= "username" id="username" required></td>
</tr>
<tr>
<td> </td>
</tr>
<h4> Password: </h4>
<input type="text" name= "password" id="password" required></td>
</tr>
<td><input type="submit" name="Register" id="RegisterButton" value="Register"></td>
</div>
</div>
</form>
<div id="Footer"></div>
</body>
</html>

HTTP Error 500 PHP

I am getting an HTTP Error 500 on my website. The PHP code checker doesn't see anything suspicious.
I think it's caused by PDO but I'm not sure because when I remove all the PHP code it still gives me the same error.
Here's my code:
Index.php:
<?php
include_once('includes/db_connect.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, user-scalable="no>
<!-- Custom CSS -->
<link rel="stylesheet" href="css/custom.css">
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/latest/css/bootstrap.min.css" />
<!-- Optional theme (flatly) -->
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootswatch/latest/flatly/bootstrap.min.css" />
<!-- Font awesome -->
<link href="//maxcdn.bootstrapcdn.com/font-awesome/latest/css/font-awesome.min.css" rel="stylesheet" />
<link rel="stylesheet" href="css/contact.css" rel="stylesheet">
<!-- jQuery -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
<script src="js/contact.js"></script>
<!-- Latest compiled and minified JavaScript -->
<script src="//netdna.bootstrapcdn.com/bootstrap/latest/js/bootstrap.min.js"></script>
<title><?php
foreach($dbh->query('SELECT * FROM page_info') as $row) {
echo $row['title'];
}
?></title>
</head>
<body>
<div class="banner">
<div class="name"><?php
foreach ($dbh->query('SELECT * FROM page_info') as $row) {
echo $row[“name”];
}
?></div>
</div>
<div class="about">
<div class="about-container">
<div class="about-main-text">
<h1>About me:</h1>
<?php
foreach ($dbh->query('SELECT * FROM about') as $row) {
echo '
<span>'.$row["text"].'</span>
';
}
?>
</div>
</div>
</div>
<div class="projects">
<div class="projects-container">
<div class="projects-main-text">
<h1>My projects:</h1>
</div>
<div class="row">
<?php
foreach($dbh->query('SELECT * FROM projects') as $row) {
echo '
<div class="col-md-4 nopadding">
<div class="project-box">
<img src="data:image/jpeg;base64,'.base64_encode( $row['image'] ).'" alt="Project Image">
<h1>'.$row["name"].'</h1>
<p>'.$row["desc"].'</p>
</div>
</div>
';
}
?>
</div>
</div>
</div>
<div class="contact">
<div class="contact-container">
<div class="contact-main-text">
<h1>Contact me:</h1>
</div>
<div class="row">
<form action="contact/send.php" method="post" style="float: left;">
<div class="field name-box">
<input type="text" id="name" name="name" placeholder="Who Are You?"/>
<label for="name">Name</label>
<span class="ss-icon">check</span>
</div>
<div class="field email-box">
<input type="text" id="email" name="email" placeholder="name#email.com"/>
<label for="email">Email</label>
<span class="ss-icon">check</span>
</div>
<div class="field msg-box">
<textarea id="msg" rows="4" placeholder="Your message goes here..."/></textarea>
<label for="msg">Msg</label>
<span class="ss-icon">check</span>
</div>
<input class="button" type="submit" value="Send" />
</form>
</div>
</div>
</div>
<div class="footer">
<span class="copyright">
© <?php
foreach ($dbh->query('SELECT * FROM page_info') as $row) {
echo $row['copyright'];
}
echo ' ' . date("Y");
?> - All rights reserved
</span>
</div>
</body>
</html>
And here is db_connect.php:
<?php
$uname = ‘rik_root’;
$upass = ‘*********’;
$dbh = new PDO('mysql:host=localhost;dbname=nijdeken’, $uname, $upass);
?>
I hope someone can help me. Thanks in advance!

Don't use a word processor to edit your code:
$uname = ‘rik_root’;
^--------^
those are not valid php quote characters, and are probably killing your code with a fatal parse error:
$dbh = new PDO('mysql:host=localhost;dbname=nijdeken’, $uname, $upass);
^--start of string ^--NOT an end-of-string

favicon will not show up after I point my noip to my domain name

My favicon will not show up on three different web browsers opera, Firefox, and Chrome and I have cleared cookies and cache so it’s not that. This started happening after I pointed my noip my domain name. What did I do wrong? How can I fix it?
http://404tool.dns.net has the favicon
http://404tool.com favicon is gone
<?php
session_start();
include('inc/config.php');
include('inc/functions.php');
BlockIP();
LoggedInTrue();
?>
<html>
<head>
<title>404Tool - Home</title>
<link rel="icon"type="image/ico"href="img/favicon.ico">
<link rel="stylesheet" href="css/main.css" type="text/css"
media="screen" />
</head>
<body>
<div id="wrapper">
<div id="sidebar">
<div id="menu">
<div id="menu-header">
<div id="title">
<span>404</span>Tools
</div>
</div>
<div id="menu-account">
<div id="account-info">
<table>
<tr>
<td>User</td>
<td><span><?php echo $_SERVER['REMOTE_ADDR']; ?></span></td>
</tr>
<tr>
<td>Level</td>
<td><span>Guest</span></td>
</tr>
</table>
</div>
</div>
<div id="menu-menu">
<div class="menu-news">
<h2 class="current">Home</h2>
</div>
<div id="menu-login">
<ul>
<li id="loginstrip"class="current">Login</li>
<div id="dropdown">
<form method="POST">
<div id="dropdown-strip">
<div id="dropdown-text">
<input type="text" name="username" placeholder="Username" autocomplete="off" />
</div>
</div>
<div id="dropdown-strip">
<div id="dropdown-text">
<input type="password" name="password" placeholder="Password" autocomplete="off" />
</div>
</div>
<div id="dropdown-strip2">
<div id="dropdown-text">
<span id="loginbutton"><input type="submit" value="Login" name="login" /></span>
</div>
</div>
<?php Login(); ?>
</form>
</div>
</ul>
</div>
</div>
</div>
</div>
<div id="main-news">
<div id="main-header">
<div id="main-title">
Home
</div>
</div>
<div id="main-content-news">
This is a Private Service and accounts are created by filling out the form below. Please wait 48 hours for the account to be created before submitting another account request!
</div>
<div id="main-content-news">
<div id="box">
<br />
<br />
<div id="box-header">
</div>
<div id="box-content">
<div id="box-title">
</div>
</div>
<div id="box-content">

It currently looks like you are serving different version of the app. Look at the source code from each of those sites and you'll see that 404tools.com does not have a favicon link in the <head>...</head>
http://404tools.ddns.net/:
<head>
<title>404Tools - Home</title>
<link rel="icon" type="image/ico" href="img/favicon.ico">
<link rel="stylesheet" href="css/main.css" type="text/css" media="screen">
</head>
http://404tools.com/
<head>
<title>404 tools</title>
<meta name="keywords" content="email bomber, skype resolver, skype, 404, tools, sms bomber, geo location, ip logger,">
<meta name="description" content="">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<style type="text/css"></style>
</head>

Categories