Jump to content

[SOLVED] Problem validating a session

Wolverine68

By Wolverine68
in PHP Coding Help

 Share

Recommended Posts

Wolverine68 Member

Wolverine68

Posted
Posted

I had this problem last week and thought I had it corrected, but when I go back and test it again it's not working.

 

The user logs in by entering a name and password. The name and password are hard coded into the login page. When submitted it goes to a display page that determines if the correct name and password were entered. If they are correct, it's suppose to display "Welcome, ........". If not, it's suppose to display "You have entered an invalid...."

 

If I enter the correct name and password, it does display the "Welcome...." message. But, if I enter an incorrect name and/or password, it still displays the "Welcome...." message. Why isn't it displaying the "You have entered an invalid....." message?

 

Login. php page:

 


<?php 
$_SESSION['name'] = "ken"; 
$_SESSION['password'] = "welcome"; 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html> 

<head> 
<title>Session Variables</title> 
</head> 

<body> 
<div> 
<form action="display.php" method="POST"> 
<p>Enter your username and password to login:</p> 
<p>Name:<INPUT TYPE="text" SIZE="20" name="name"></p> 
<p>Password:<INPUT TYPE="text" SIZE="20" name="password"></p> 
<p><INPUT TYPE="submit" VALUE="Submit!"></p> 
</form> 
</div> 
</body> 

</html>

 

Display.php page:

 

<?php 
session_start(); 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 

<html> 
<head> 
<title>Validating Session</title> 
</head> 

<body> 
<div> 
<?php 

if (($_POST['name'] == $_SESSION['name']) && ($_POST['password'] == $_SESSION['password'])) { 

$_SESSION['Active'] = "True"; 

} 
else 
{ 
$_SESSION['Active'] = "False"; 
} 
?> 

<?php 
If ($_SESSION['Active'] = "True") { 

echo "Welcome,  " .$_POST['name'].  "you have successfully logged into your session."; 

} 
else 
{ 
echo "You have entered an invalid username and/or password. Access denied"; 
} 
?> 
</div> 
</body> 
</html>

Link to comment
https://forums.phpfreaks.com/topic/148373-solved-problem-validating-a-session/
Share on other sites
Wolverine68 Member

Wolverine68

Posted
  • Author
Posted

I made the change as you suggested but now if the correct name and password are entered, I get "You have entered an invalid....." message. Now that message comes up no matter what is entered.

 

Login. php page:

 

<?php
$_SESSION['name'] = "ken";
$_SESSION['password'] = "welcome";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
<title>Session Variables</title>
</head>

<body>
<div>
<form action="display.php" method="POST">
<p>Enter your username and password to login:</p>
<p>Name:<INPUT TYPE="text" SIZE="20" name="name"></p>
<p>Password:<INPUT TYPE="text" SIZE="20" name="password"></p>
<p><INPUT TYPE="submit" VALUE="Submit!"></p>
</form>
</div>
</body>

</html>

 

Display.php page:

 

<html>
<head>
<title>Validating Session</title>
</head>

<body>
<div>
<?php

if (($_POST['name'] == $_SESSION['name']) && ($_POST['password'] == $_SESSION['password'])) {

$_SESSION['Active'] = "True";

}
else
{
$_SESSION['Active'] = "False";
}
?>

<?php
If ($_SESSION['Active'] == "True") {

echo "Welcome,  " .$_POST['name'].  "you have successfully logged into your session.";

}
else
{
echo "You have entered an invalid username and/or password. Access denied";
}
?>
</div>
</body>
</html>

Wolverine68 Member

Wolverine68

Posted
  • Author
Posted

I didn't get all of the display.php code copied in there.  Here it is again:

 

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title>Validating Session</title>
</head>

<body>
<div>
<?php

if (($_POST['name'] == $_SESSION['name']) && ($_POST['password'] == $_SESSION['password'])) {

$_SESSION['Active'] = "True";

}
else
{
$_SESSION['Active'] = "False";
}
?>

<?php
If ($_SESSION['Active'] == "True") {

echo "Welcome,  " .$_POST['name'].  "you have successfully logged into your session.";

}
else
{
echo "You have entered an invalid username and/or password. Access denied";
}
?>
</div>
</body>
</html>

Wolverine68 Member

Wolverine68

Posted
  • Author
Posted

moved session_start() to the login page (and removed it from the display page) but I still have the same problem.

 

Login. php:


<?php
session_start();
$_SESSION['name'] = "ken";
$_SESSION['password'] = "welcome";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<head>
<title>Session Variables</title>
</head>

<body>
<div>
<form action="display.php" method="POST">
<p>Enter your username and password to login:</p>
<p>Name:<INPUT TYPE="text" SIZE="20" name="name"></p>
<p>Password:<INPUT TYPE="text" SIZE="20" name="password"></p>
<p><INPUT TYPE="submit" VALUE="Submit!"></p>
</form>
</div>
</body>

</html>

 

Display.php:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title>Validating Session</title>
</head>

<body>
<div>
<?php

if (($_POST['name'] == $_SESSION['name']) && ($_POST['password'] == $_SESSION['password'])) {

$_SESSION['Active'] = "True";

}
else
{
$_SESSION['Active'] = "False";
}
?>

<?php
If ($_SESSION['Active'] == "True") {

echo "Welcome,  " .$_POST['name'].  "you have successfully logged into your session.";

}
else
{
echo "You have entered an invalid username and/or password. Access denied";
}
?>
</div>
</body>
</html>

 

 

Wolverine68 Member

Wolverine68

Posted
  • Author
Posted

Ok, got it working now.

 

But, I'm still not quite understanding why I would have to also put session_start() on the display page.  When the form is submitted and the display page called, isn't the session_start() variable "carried" over? The name and password that are entered on the login page are,  since the code on the display page is comparing the values entered by the user with the values hard coded into the login page.

wildteen88 Regular Member

wildteen88

Posted
Posted

Like I said. In order for sessions to work you have to call session_start() in any page that uses $_SESSIONS's

 

if you don't call session_start() PHP wont be able to carry over the $_SESSION variables.

 

$_POST has not relation to sessions.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.