Jump to content

login page does not execute a else statement

crawlerbasher

By crawlerbasher
in PHP Coding Help

Recommended Posts

crawlerbasher Member

crawlerbasher

Posted
Posted

I've created a login page using sessions.

When an incorrect user name or password is entered then a custom messege error message apears.

 

But if a correct user name and password is used then notthing happens, no error message and I'm still on the login form.

 

This is the code below.

What am I'm doing wrong?

 


<?php
include("config.php");

$id = strip_tags($_GET['id']);

if ($id == "do") {
$user = strip_tags($_POST['username']);
$pass = strip_tags($_POST['password']);

		if ($user == $username and $pass == $password) {

		session_start();
  		    session_register('authorized');
  		    $_SESSION['authorized'] = true;

  		    header("Location: admin.php");
   		    exit;

							} else {
							echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>";
							}
	} else {

?>
<form method="POST" action="login.php?id=do">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="Login">
</form>
<?php
}
?>

crawlerbasher Member

crawlerbasher

Posted
  • Author
Posted 
<?php
$db_name = "Name";		// Database Name
$db_username = "Username";	// Database Username
$db_password = "password";			// Database Password
$db_server = "localhost";			// Database Location, normaly localhost.

$username = "username";
$password = "password";

$home_page = "http://www.crawlerbasher.net"; // Your home page url.

// Do not edit or remove copyright
$copyright = "<p align=\"center\">Moogle Book Version 1.0 Beta, Copyright 2010 <a href=\"http://www.crawlerbasher.net\" target=\"_blank\">Crawlerbasher</a></p>";
?>

tail Member

tail

Posted
Posted

First of all, you want to require "config.php" instead of including it. If for some reason it doesn't load, someone can submit a blank form and be granted access. Next, session_start() must be called before anything is outputted to the browser.

 

This code should work:

session_start();
require("config.php");
if (!isset($_POST['submit'])) {
echo '<form method="POST" action="login.php"><input type="text" name="username"><input type="password" name="password"><input type="submit" name="submit" value="Login"></form>';
} else {
if ($_POST['username'] == $username && $_POST['password'] == $password) {
	$_SESSION['authorized'] = true;
	header("Location: admin.php");
} else {
	echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>";
}
}

crawlerbasher Member

crawlerbasher

Posted
  • Author
Posted

ok I found the problem, since when I tryed it with the new code the same thing happened.

 

This is the admin.php code.

There is notthing on it part from the session.

 

<?php
if ($_SESSION['authorized'] != true) 
{
    header("Location: login.php");	
    exit;
}
?>
Admin Page

jeremy0 Newbie

jeremy0

Posted
Posted

using the full url for the Location has not worked nether.

crap - in your admin.php page you're forwarding it to the login.php page.  When you login in login.php, you then forward it to admin.php, which goes back to login.php,  make sense?

ok I found the problem, since when I tryed it with the new code the same thing happened.

 

This is the admin.php code.

There is notthing on it part from the session.

 

<?php
if ($_SESSION['authorized'] != true) 
{
    header("Location: login.php");	
    exit;
}
?>
Admin Page

jeremy0 Newbie

jeremy0

Posted
Posted

That being the case, look at $_SESSION['authorized'].  That is the variable that isn't working properly.

 

So, two things:

 

1.  move session_start() to the beginning of the php file in login.php.  Don't need it where it is.

    Also include session_start() at the top of your php file 'admin.php'.

2.  get rid of the following line in login.php:

session_register('authorized');

tail Member

tail

Posted
Posted

using the full url for the Location has not worked nether.

 

Try enabling output_buffering in your "php.ini". If this fails, use a meta refresh instead of header:Location

<meta http-equiv="refresh" content="0;url=http://www.link/to/admin.php">

 

Edit: You need to put quotes around "true" when checking the session variable on admin.php

tail Member

tail

Posted
Posted

Just use these codes.

 

login.php

session_start();
require("config.php");
if (!isset($_POST['submit'])) {
echo '<form method="POST" action="login.php"><input type="text" name="username"><input type="password" name="password"><input type="submit" name="submit" value="Login"></form>';
} else {
if ($_POST['username'] == $username && $_POST['password'] == $password) {
	$_SESSION['authorized'] = 1;
	header("Location: admin.php");
} else {
	echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>";
}
}

 

admin.php

<?php
if ($_SESSION['authorized'] != 1) {
    header("Location: login.php");   
} else {
//insert admin code here
}
?>

crawlerbasher Member

crawlerbasher

Posted
  • Author
Posted

I've tryed changing the session name and value and even tryed the new session value that you given me.

And still having the same problem.

 

Checked the phpinfo() and session is enabled.

 

For some resion the session is not getting created.

tail Member

tail

Posted
Posted

You can change the max lifetime for a session with the function ini_set().

ini_set("session.gc_maxlifetime", "18000");

 

This will set the max lifetime of the script to 5 hours. You have to use this in every script that you want to change the default lifetime for.

 

If you want to know the lifetime of your current script, you can use: 

echo ini_get("session.gc_maxlifetime");

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.