Jump to content

Creating and retrieving a session object

libido

By libido
in PHP Coding Help

 Share

Recommended Posts

libido Newbie

libido

Posted
Posted

Hi I am learning PHP right now and have a specific problem for class. 

 

.  I have to validate a username and password (which works)

.  Create a session object for the user name if everything validates

.  Then get a page to display only if the session object has been created

 

I cant seem to get the last page to properly call the session, or maybe my coding was incorrect when creating it in the first place.

 

Anyways here is the login page

<?php

//Validate username and password and create session object
   
   if ($_POST['password'] == 'guest' && isset($_POST['username'])) {
       session_start();      
       $_SESSION['username'] = '$username';
       header("location: index.php");    
   } 

$pagevalid = true;
$postback = false;
$postback = $_POST['postback'];
$username = $_POST['username'];
$password = $_POST['password'];

?>

<html></html>
<head>
    <title>Login</title>
</head>
<body>
<center>
<h2>Login</h2><hr>
    <form method="post">
      Please enter your first name:<br>
      <input type="text" name="username" value="<?php echo "$username"; ?>" size="25"><br>
    
    <?php
    
    //Validate Name
      
    If ($_POST['postback'] && strlen($_POST['username'])< 1) {
       echo fRedFont ("Please enter a username");
       $pagevalid = false;
    }

    ?>

      <br><br>

      Please enter your password:<br>
      <input type="password" name="password" size="25"><br>
      (Password is 'guest')<br>
      <br>
    
    <?php
    
    //Validate Password
      
    if($postback && $password != 'guest') {
       echo fRedFont ("Invalid Password");
       $pagevalid = false;
    }

    ?>

      <input type="hidden" name="postback" value="true"><br>
      <input type="submit" value="Login"><br>

    </form>
    <a href="index.php">Try going to the next page without logging on.</a>

<?php
function fRedFont($myString) {
    return "<span style='color:Red; font-size:larger;'>$myString</span>";
}

if (($postback) && ($pagevalid)) {
  echo "Success!";
}
?>

</center>
</body>
</html>

 

And here is the index page (which needs the session object to show)

 

<?php
  session_start();
  //Check for information from login.php
  
  if (!isset($_SESSION["username"])) {
    header("location: login.php"); 
  }
?>
<html>
<head>
    <title>Password Protected Page</title>
</head>
<body>
<center>
<h2>Password Protected Page</h2><hr>

<h2><b><?php echo ($username) ?></b> welcome to our password protected page.</h2>
Your session will end automatically
after 24 minutes (1440 seconds) of inactivity.<br><br>

    <form method="post">
      <input type="hidden" name="abandon" value="true"><br>
      <input type="submit" value="Logout"><br>
    </form>
    
</center>
</body>
</html>

 

Any help would be appreciated, I am stumped!

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Your code is truncated by my phone's browser. But it looks like you're assigning $_SESSION['username'] a literal string value of '$username'. Additionally, you're trying to assign the value of $username to the session var before $username has been defined.

DavidAM Member

DavidAM

Posted
Posted

There are a couple of problems with your login page:

   if ($_POST['password'] == 'guest' && isset($_POST['username'])) {
       session_start();      
       /* $username has not been defined yet so you are not going to get a value here,
           also, you have $username inside of single-quotes, this will NOT evaluate the 
           variable so you are assigning the literal string '$username' to the session.  
           Remove the single quotes and assign $_POST['username']
       ***** YOU REALLY NEED TO SANITIZE THAT VALUE FIRST!! ****  */
       $_SESSION['username'] = '$username';
       header("location: index.php");    
       /* ALWAYS - put an exit(); after a header() redirection.  PHP will continue executing 
           code while the browser is deciding what to do. 
           Make this change in your index page as well */
       exit();
   }

libido Newbie

libido

Posted
  • Author
Posted

OK did some fixes, but still no avail.  I can access the index page through a hyperlink so it is not properly asking for the username session object from the login page.  Sorry, I am very new to this.

 

<?php

//Validate username and password and create session object

$postback = false;
$pagevalid = true;
$username = $_POST['username'];
$postback = $_POST['postback'];
$password = $_POST['password'];
   
   if ($_POST['password'] == 'guest' && isset($_POST['username'])) {
       session_start();
       $_SESSION[username] = $username;
       header("location: index.php");  
       exit();  
   } 
?>

<html></html>
<head>
    <title>Login</title>
</head>
<body>
<center>
<h2>Login</h2><hr>
    <form method="post">
      Please enter your first name:<br>
      <input type="text" name="username" value="<% echo $username %>" size="25"><br>
    
    <?php
    
    //Validate Name
      
    If ($_POST['postback'] && strlen($_POST['username'])< 1) {
       echo fRedFont ("Please enter a username");
       $pagevalid = false;
    }

    ?>

      <br><br>

      Please enter your password:<br>
      <input type="password" name="password" size="25"><br>
      (Password is 'guest')<br>
      <br>
    
    <?php
    
    //Validate Password
      
    if($postback && $password != 'guest') {
       echo fRedFont ("Invalid Password");
       $pagevalid = false;
    }

    ?>

      <input type="hidden" name="postback" value="true"><br>
      <input type="submit" value="Login"><br>

    </form>
    <a href="index.php">Try going to the next page without logging on.</a>

<?php
function fRedFont($myString) {
    return "<span style='color:Red; font-size:larger;'>$myString</span>";
}
?>

</center>
</body>
</html>

 

<?php
  session_start();
  //Check for information from login.php
  
  if (!isset($_SESSION[username])) {
    header("location: login.php");
    exit(); 
  }
?>
<html>
<head>
    <title>Password Protected Page</title>
</head>
<body>
<center>
<h2>Password Protected Page</h2><hr>

<h2><b><?php echo ($username) ?></b> welcome to our password protected page.</h2>
Your session will end automatically
after 24 minutes (1440 seconds) of inactivity.<br><br>

    <form method="post">
      <input type="hidden" name="abandon" value="true"><br>
      <input type="submit" value="Logout"><br>
    </form>
    
</center>
</body>
</html>

libido Newbie

libido

Posted
  • Author
Posted

Alright that works, just forgot that the session was saved to the browser to it was allowing me access until 24 mins was up or I closed the broswer.

 

Last question though, I have to make a logout statement and am having trouble.

 

Again thanks so much for the help!

 

<?php
  session_start();
  //Check for information from login.php
  
  if (!isset($_SESSION[username])) {
    header("location: login.php");
    exit(); 
  }

  $logout = $_POST['adandon'];

  if (isset($logout)){
    session_unset();
    header("location: login.php");
    exit();
  }

?>
<html>
<head>
    <title>Password Protected Page</title>
</head>
<body>
<center>
<h2>Password Protected Page</h2><hr>

<h2><b><?php echo ($_SESSION[username]); ?></b> welcome to our password protected page.</h2>
Your session will end automatically
after 24 minutes (1440 seconds) of inactivity.<br><br>

    <form method="post">
      <input type="hidden" name="abandon" value="true"><br>
      <input type="submit" value="Logout"><br>
    </form>
    
</center>
</body>
</html>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.