Jump to content

Login logic - confusing :S

silkfire

By silkfire
in PHP Coding Help

 Share

Recommended Posts

silkfire Member

silkfire

Posted
Posted

I have a simple login form with only one input value - the passphrase. But the logic is not working properly and I tried going thru all possible situtations but it just won't do right.

 

[*]If we enter index.php for the first time ($_SESSION['logged_in'] is not set), then show the login page.

[*]If we have a $_POST['pass'] and it's not correct, then show the login page again.

[*]If we have a $_POST['pass'] and it is correct, then show the main page (www.domain.com/subfolder/).

 

[*]If we're already logged in and come to login page - redirect to subfolder (main page).

[*]If we enter subfolder directly and $_SESSION['logged_in'] is not set, then redirect to www.domain.com (my login page.)

 

 

  session_start();

   if (!isset($_SESSION['logged_in']) && isset($_POST['pass']) && $_POST['pass'] != '66cfe7ad1ddf5795fb6ccf3577e8....') {
      // Show login page
   }
   else {
      $_SESSION['logged_in'] = true;
      header('Location: /subfolder/');
   }

 

Currently it fails at 2 and 4. Thanks in advance.

Link to comment
https://forums.phpfreaks.com/topic/240731-login-logic-confusing-s/
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

It's kinda neat hashing in JavaScript before sending it. You don't have to worry about someone stealing a raw password if you don't have SSL

 

Simple logic error. I'll take out the redundant info.

 

if ( !isset($_SESSION['logged_in']) ||
( isset($_POST['pass']) && $_POST['pass'] != '66cfe7ad1ddf5795fb6ccf3577e8....') ) {

silkfire Member

silkfire

Posted
  • Author
Posted

Sorry xyph it didn't work =/. Now I can't login.

 

I know why - if the first part of the || is true - then everything is true.

If I'm not logged in, then it will always show me the login page even if I've got correct password. While POSTing, I'm still not logged in, remember.

 

Help me, this is pretty urgent.

EdwinPaul Newbie

EdwinPaul

Posted
Posted

Maybe this will help:

 

<?php
session_start();

if ((isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === TRUE){
header('Location: /subfolder/');
exit();
}
$_SESSION['logged_in'] = FALSE;

if($_SERVER['REQUEST_METHOD'] == 'POST'){
if (isset($_POST['pass']){
	if ($_POST['pass'] == 'opensesame'){           //        
		$_SESSION['logged_in'] = TRUE;
		header('Location: /subfolder/');
		exit();
	}
}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<!-- put your login-form here with action="" -->


</body>
</html>

 

Note: $_POST['pass'] is NOT hashed !

xyph Advanced Member

xyph

Posted
Posted

Yeah, my mistake. It's possible to get your logic, but it's much easier to rewrite your logic like this

 

session_start();

if( (isset($_POST['pass']) && $_POST['pass'] == 'pass') || isset($_SESSION['logged_in']) ) {
$_SESSION['logged_in'] = true;
echo 'redirect here';
} else {
echo '<form action="" method="post"><input type="text" name="pass"><input type="submit"></form>';
}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.