Jump to content

login page does not execute a else statement

crawlerbasher

By crawlerbasher
in PHP Coding Help

 Share

Recommended Posts

crawlerbasher Member

crawlerbasher

Posted
Posted

I've created a login page using sessions.

When an incorrect user name or password is entered then a custom messege error message apears.

 

But if a correct user name and password is used then notthing happens, no error message and I'm still on the login form.

 

This is the code below.

What am I'm doing wrong?

 


<?php
include("config.php");

$id = strip_tags($_GET['id']);

if ($id == "do") {
$user = strip_tags($_POST['username']);
$pass = strip_tags($_POST['password']);

		if ($user == $username and $pass == $password) {

		session_start();
  		    session_register('authorized');
  		    $_SESSION['authorized'] = true;

  		    header("Location: admin.php");
   		    exit;

							} else {
							echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>";
							}
	} else {

?>
<form method="POST" action="login.php?id=do">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="Login">
</form>
<?php
}
?>

Link to comment
Share on other sites
crawlerbasher Member

crawlerbasher

Posted
  • Author
Posted 
<?php
$db_name = "Name";		// Database Name
$db_username = "Username";	// Database Username
$db_password = "password";			// Database Password
$db_server = "localhost";			// Database Location, normaly localhost.

$username = "username";
$password = "password";

$home_page = "http://www.crawlerbasher.net"; // Your home page url.

// Do not edit or remove copyright
$copyright = "<p align=\"center\">Moogle Book Version 1.0 Beta, Copyright 2010 <a href=\"http://www.crawlerbasher.net\" target=\"_blank\">Crawlerbasher</a></p>";
?>

Link to comment
Share on other sites
tail Member

tail

Posted
Posted

First of all, you want to require "config.php" instead of including it. If for some reason it doesn't load, someone can submit a blank form and be granted access. Next, session_start() must be called before anything is outputted to the browser.

 

This code should work:

session_start();
require("config.php");
if (!isset($_POST['submit'])) {
echo '<form method="POST" action="login.php"><input type="text" name="username"><input type="password" name="password"><input type="submit" name="submit" value="Login"></form>';
} else {
if ($_POST['username'] == $username && $_POST['password'] == $password) {
	$_SESSION['authorized'] = true;
	header("Location: admin.php");
} else {
	echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>";
}
}

Link to comment
Share on other sites
jeremy0 Newbie

jeremy0

Posted
Posted

using the full url for the Location has not worked nether.

crap - in your admin.php page you're forwarding it to the login.php page.  When you login in login.php, you then forward it to admin.php, which goes back to login.php,  make sense?

ok I found the problem, since when I tryed it with the new code the same thing happened.

 

This is the admin.php code.

There is notthing on it part from the session.

 

<?php
if ($_SESSION['authorized'] != true) 
{
    header("Location: login.php");	
    exit;
}
?>
Admin Page

Link to comment
Share on other sites
jeremy0 Newbie

jeremy0

Posted
Posted

That being the case, look at $_SESSION['authorized'].  That is the variable that isn't working properly.

 

So, two things:

 

1.  move session_start() to the beginning of the php file in login.php.  Don't need it where it is.

    Also include session_start() at the top of your php file 'admin.php'.

2.  get rid of the following line in login.php:

session_register('authorized');

Link to comment
Share on other sites
tail Member

tail

Posted
Posted

using the full url for the Location has not worked nether.

 

Try enabling output_buffering in your "php.ini". If this fails, use a meta refresh instead of header:Location

<meta http-equiv="refresh" content="0;url=http://www.link/to/admin.php">

 

Edit: You need to put quotes around "true" when checking the session variable on admin.php

Link to comment
Share on other sites
tail Member

tail

Posted
Posted

Just use these codes.

 

login.php

session_start();
require("config.php");
if (!isset($_POST['submit'])) {
echo '<form method="POST" action="login.php"><input type="text" name="username"><input type="password" name="password"><input type="submit" name="submit" value="Login"></form>';
} else {
if ($_POST['username'] == $username && $_POST['password'] == $password) {
	$_SESSION['authorized'] = 1;
	header("Location: admin.php");
} else {
	echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>";
}
}

 

admin.php

<?php
if ($_SESSION['authorized'] != 1) {
    header("Location: login.php");   
} else {
//insert admin code here
}
?>

Link to comment
Share on other sites
tail Member

tail

Posted
Posted

You can change the max lifetime for a session with the function ini_set().

ini_set("session.gc_maxlifetime", "18000");

 

This will set the max lifetime of the script to 5 hours. You have to use this in every script that you want to change the default lifetime for.

 

If you want to know the lifetime of your current script, you can use: 

echo ini_get("session.gc_maxlifetime");

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.