Jump to content

Recommended Posts

Hi

 

I'm not too sure why this isn't working however I am using sessions for logging into an admin section of a website, below is the coding of the Login script:

 

<?php
session_start();

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$password = $_POST['password'];



include("../createadmin/adminconnect.php");

$sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql, $connection);


if(mysql_num_rows($result)) {
$_SESSION['loggedin'] = 1;
header('Location: http://www.website.com/scripts/admin/admin.php');
exit();}
else {
	header('Location: http://www.website.com/scripts/admin/login.php?error1');
	exit();}

// if(!$result){die(mysql_error();}


}

?>

 

Now behind the admin page, I have the following code to validate whether the user is logged in, and if they are not, re-direct them.

 

<?php
session_start();

if(!isset($_SESSION['loggedin'])) {
   header('Location: http://www.website.com/');
   exit();
}
?>

 

The problem is, even when I do login I get re-directed, and can't figure out why, help appreciated.

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/
Share on other sites

Ahh well...first of all, I notice that you're checking if the form has been submitted by using if(isset($_POST['submit'])) which I assume is the submit button. The only problem with this is that if you don't actually click the submit button, ie you just press enter, it is ignored.

 

So yeah, are you sure the form is actually being submitted?

 

And also, maybe try simply echoing the contents of your sessions, to see if they are actually set or not...?

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789973
Share on other sites

Also... you may also to alternatively check if the username and password fields has been set and are not empty. If okay, then you can do the session handling thing.

 

Also, you might want to do some trimming and escaping to be safer from injection. <-- though out of topic. ^^

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789986
Share on other sites

if(mysql_num_rows($result)) {

 

invalid if statement. You'll need to put something like:

if(mysql_num_rows($result) == 1) {

or

if(mysql_num_rows($result) === 1) {

 

And as for the query, it's good practise to use the backticks for table names e.g. `colours` or whatever. You'll also want to use LIMIT 1 at the end of the query- also good practise seeing as you only want one row.

 

In your form (like jackpf said) name the form itself and then use that to check if the form was submitted (includes enter & submit button)

 

Finally like bluejay said, you'll want to trim and escape that query & variables for safety purposes.

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789994
Share on other sites

Hi

 

Thanks for the advice eveyone, I have put a few of those suggestions into practice, however it is still not working, I decided to echo the session 'loggedin' on the admin page, and nothing is returned, therefore it looks like theirs a problem with them, but I haven't been able to figure it out yet :(

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790029
Share on other sites

<?php
session_start();

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$password = $_POST['password'];



include("../createadmin/adminconnect.php");

$sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql, $connection);


if(mysql_num_rows($result) == 1 ) {
$_SESSION['loggedin'] = 1;
header('Location: http://www.website.com/scripts/admin/admin.php');
exit();}
else {
	header('Location: http://www.website.com/scripts/admin/login.php?error1');
	exit();}

// if(!$result){die(mysql_error();}


}

?>

 

And

 

<?php

session_start();

 

// echo "$_SESSION['loggedin']";

 

if(!isset($_SESSION['loggedin'])) {

  header('Location: http://www.website.com/');

  exit();

}

else

{

exit();

}

 

?>

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790048
Share on other sites

try this please.

 

copy and past as if.

 

<?php session_start();

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$password = $_POST['password'];

include("../createadmin/adminconnect.php");
                      
$sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql, $connection) or die(mysql_error());

      
if(mysql_num_rows($result)==1) {
   $_SESSION['loggedin']=1;
   header('Location: http://www.website.com/scripts/admin/admin.php');
   exit();
} else {
      header('Location: http://www.website.com/scripts/admin/login.php?error1');
      exit();
}
   }
   ?>

 

<?php session_start();

if(!isset($_SESSION['loggedin'])) {
   header('Location: http://www.website.com/');
   exit();
}else{
   exit();
}
?>

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790057
Share on other sites

@redarrow, whitespace problems occur with HTML whitespace not PHP whitespace.

 

Also

Ahh well...first of all, I notice that you're checking if the form has been submitted by using if(isset($_POST['submit'])) which I assume is the submit button. The only problem with this is that if you don't actually click the submit button, ie you just press enter, it is ignored.

 

So yeah, are you sure the form is actually being submitted?

 

And also, maybe try simply echoing the contents of your sessions, to see if they are actually set or not...?

 

Are you serious ??

 

Try it, using if(isset($_POST['submit_button'])) works if you press the button or if you press the enter key.

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790245
Share on other sites

Well, it doesn't because I tested it out the other day on my site. Then I realised that if the submit button isn't actually pressed, it doesn't think the form has been submitted.

 

It might just be IE, idk, I haven't tested it in anything else, I just changed it back because it didn't work.

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790253
Share on other sites

try this tell me what happens.

 

don't need to post nothing just go to the page it on ok.

 

<?php session_start();


$_SESSION['redarrow']="hi there mate!";

if(isset($_SESSION['redarrow'])){

echo $_SESSION['redarrow'];

exit;

}



if(isset($_POST['submit'])) {

$username = $_POST['username'];
$password = $_POST['password'];

include("../createadmin/adminconnect.php");
                      
$sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql, $connection) or die(mysql_error());

      
if(mysql_num_rows($result)==1) {
   $_SESSION['loggedin']=1;
   header('Location: http://www.website.com/scripts/admin/admin.php');
   exit();
} else {
      header('Location: http://www.website.com/scripts/admin/login.php?error1');
      exit();
}
   }
   ?>

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790262
Share on other sites

Okay I have been testing this for a while, if I do

 

<?php

$_SESSION['loggedin']=1;
echo $_SESSION['loggedin'];
exit();

?.

 

On either of the pages, it works, 1 is returned, however as soon as I want to transfer the variable value across pages e.g.

 

Login page:

 

 $_SESSION['loggedin']=1; 

 

Admin Page:

 

 echo $_SESSION['loggedin'];

 

It just returns blank  ???

Link to comment
https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790281
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.