crawlerbasher Posted January 11, 2010 Share Posted January 11, 2010 I've created a login page using sessions. When an incorrect user name or password is entered then a custom messege error message apears. But if a correct user name and password is used then notthing happens, no error message and I'm still on the login form. This is the code below. What am I'm doing wrong? <?php include("config.php"); $id = strip_tags($_GET['id']); if ($id == "do") { $user = strip_tags($_POST['username']); $pass = strip_tags($_POST['password']); if ($user == $username and $pass == $password) { session_start(); session_register('authorized'); $_SESSION['authorized'] = true; header("Location: admin.php"); exit; } else { echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>"; } } else { ?> <form method="POST" action="login.php?id=do"> <input type="text" name="username"> <input type="password" name="password"> <input type="submit" value="Login"> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
jeremy0 Posted January 11, 2010 Share Posted January 11, 2010 can you post config.php or a modified version of it? Quote Link to comment Share on other sites More sharing options...
crawlerbasher Posted January 11, 2010 Author Share Posted January 11, 2010 <?php $db_name = "Name"; // Database Name $db_username = "Username"; // Database Username $db_password = "password"; // Database Password $db_server = "localhost"; // Database Location, normaly localhost. $username = "username"; $password = "password"; $home_page = "http://www.crawlerbasher.net"; // Your home page url. // Do not edit or remove copyright $copyright = "<p align=\"center\">Moogle Book Version 1.0 Beta, Copyright 2010 <a href=\"http://www.crawlerbasher.net\" target=\"_blank\">Crawlerbasher</a></p>"; ?> Quote Link to comment Share on other sites More sharing options...
jeremy0 Posted January 11, 2010 Share Posted January 11, 2010 I'm still digging around for this - the code looks ok to me. Try using a full url in header ('http://yourdomain.com/admin.php') while i'm looking please. Quote Link to comment Share on other sites More sharing options...
tail Posted January 11, 2010 Share Posted January 11, 2010 First of all, you want to require "config.php" instead of including it. If for some reason it doesn't load, someone can submit a blank form and be granted access. Next, session_start() must be called before anything is outputted to the browser. This code should work: session_start(); require("config.php"); if (!isset($_POST['submit'])) { echo '<form method="POST" action="login.php"><input type="text" name="username"><input type="password" name="password"><input type="submit" name="submit" value="Login"></form>'; } else { if ($_POST['username'] == $username && $_POST['password'] == $password) { $_SESSION['authorized'] = true; header("Location: admin.php"); } else { echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>"; } } Quote Link to comment Share on other sites More sharing options...
crawlerbasher Posted January 11, 2010 Author Share Posted January 11, 2010 ok I found the problem, since when I tryed it with the new code the same thing happened. This is the admin.php code. There is notthing on it part from the session. <?php if ($_SESSION['authorized'] != true) { header("Location: login.php"); exit; } ?> Admin Page Quote Link to comment Share on other sites More sharing options...
jeremy0 Posted January 11, 2010 Share Posted January 11, 2010 sorry - i meant try the following: <?php if ($_SESSION['authorized'] != true) { header ("Location: http://www.yourdomain.com/login.php"); exit; } ?> Quote Link to comment Share on other sites More sharing options...
crawlerbasher Posted January 11, 2010 Author Share Posted January 11, 2010 using the full url for the Location has not worked nether. Quote Link to comment Share on other sites More sharing options...
jeremy0 Posted January 11, 2010 Share Posted January 11, 2010 thanks tail - i tried the code on my server and worked fine. likely due to the placement of session_start(). Quote Link to comment Share on other sites More sharing options...
jeremy0 Posted January 11, 2010 Share Posted January 11, 2010 using the full url for the Location has not worked nether. crap - in your admin.php page you're forwarding it to the login.php page. When you login in login.php, you then forward it to admin.php, which goes back to login.php, make sense? ok I found the problem, since when I tryed it with the new code the same thing happened. This is the admin.php code. There is notthing on it part from the session. <?php if ($_SESSION['authorized'] != true) { header("Location: login.php"); exit; } ?> Admin Page Quote Link to comment Share on other sites More sharing options...
jeremy0 Posted January 11, 2010 Share Posted January 11, 2010 That being the case, look at $_SESSION['authorized']. That is the variable that isn't working properly. So, two things: 1. move session_start() to the beginning of the php file in login.php. Don't need it where it is. Also include session_start() at the top of your php file 'admin.php'. 2. get rid of the following line in login.php: session_register('authorized'); Quote Link to comment Share on other sites More sharing options...
tail Posted January 11, 2010 Share Posted January 11, 2010 using the full url for the Location has not worked nether. Try enabling output_buffering in your "php.ini". If this fails, use a meta refresh instead of header:Location <meta http-equiv="refresh" content="0;url=http://www.link/to/admin.php"> Edit: You need to put quotes around "true" when checking the session variable on admin.php Quote Link to comment Share on other sites More sharing options...
tail Posted January 11, 2010 Share Posted January 11, 2010 Just use these codes. login.php session_start(); require("config.php"); if (!isset($_POST['submit'])) { echo '<form method="POST" action="login.php"><input type="text" name="username"><input type="password" name="password"><input type="submit" name="submit" value="Login"></form>'; } else { if ($_POST['username'] == $username && $_POST['password'] == $password) { $_SESSION['authorized'] = 1; header("Location: admin.php"); } else { echo "<p>Incorect Username or/and Password, Please Go back and try again.</p>"; } } admin.php <?php if ($_SESSION['authorized'] != 1) { header("Location: login.php"); } else { //insert admin code here } ?> Quote Link to comment Share on other sites More sharing options...
crawlerbasher Posted January 11, 2010 Author Share Posted January 11, 2010 I've tryed changing the session name and value and even tryed the new session value that you given me. And still having the same problem. Checked the phpinfo() and session is enabled. For some resion the session is not getting created. Quote Link to comment Share on other sites More sharing options...
crawlerbasher Posted January 11, 2010 Author Share Posted January 11, 2010 Thank you got it. Finaly after alot of effot from everyone. The problem was the mission session_start() on the admin page. Quote Link to comment Share on other sites More sharing options...
tail Posted January 11, 2010 Share Posted January 11, 2010 Ahh, sorry about forgetting that line. Glad to have helped. Quote Link to comment Share on other sites More sharing options...
crawlerbasher Posted January 11, 2010 Author Share Posted January 11, 2010 one question before we finaly rap this up. How long dose session last for? I know how to end the session but if it got left out, how long would the session last before timing out? Quote Link to comment Share on other sites More sharing options...
tail Posted January 11, 2010 Share Posted January 11, 2010 You can change the max lifetime for a session with the function ini_set(). ini_set("session.gc_maxlifetime", "18000"); This will set the max lifetime of the script to 5 hours. You have to use this in every script that you want to change the default lifetime for. If you want to know the lifetime of your current script, you can use: echo ini_get("session.gc_maxlifetime"); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.