All geek questions in one place

Simple php login session

Unable to start session. I have already looked at my code in the last couple of hours, and I cannot understand what is wrong with it. The problem I am facing is that every time I enter a username and password, it just redirects me to the login page to re-enter the information when it should show the protectedpage.php file ..

Here is my code:

loginproc.php page . This page executes if statements and goes straight to else

<?php // Inialize session session_start(); // Include database connection settings include('../../model/database.php'); // Retrieve username and password from database according to user input $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string($_POST['password']) . "')"); // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: securedpage.php'); } else { // Jump to login page header('Location: index.php'); } ?>

securepage.php page

 <?php // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); } ?> <html> <head> <title>Secured Page</title> </head> <body> <p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b> <br>You can put your restricted information here.</p> <p><a href="logout.php">Logout</a></p> </body> </html>

database.php page

 <?php $dsn = 'mysql:host=localhost;dbname=sports_db'; $username = ''; $password = ''; $options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION); try { $db = new PDO($dsn, $username, $password, $options); } catch (PDOException $e) { $error_message = $e->getMessage(); include 'errors/db_error_connect.php'; exit; } function display_db_error($error_message) { global $app_path; include 'errors/db_error.php'; exit; } ?>
+6
source share
3 answers

You cannot mix PDO and mysql. You create a query in PDO and use mysql_* Try changing your code to

 <?php // Inialize session session_start(); // Include database connection settings include('../../model/database.php'); // Retrieve username and password from database according to user input $stmt = $db->prepare("SELECT * FROM user WHERE (`username` = :username) and (`password` = :password)"); $result = $stmt->execute(array(':username'=>$_POST['username'],':password'=>$_POST['password'])); $num_rows = $stmt->rowCount(); // Check username and password match if ( $num_rows > 0) { // Set username session variable $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: securedpage.php'); } else { // Jump to login page header('Location: index.php'); } ?>

see reference

+8
source

Probably the problem is here:

  if (mysql_num_rows ($ login) == 1) {

Use the ternary equation if you want to check the integer 1. Most likely, this is due to the input / pass failure.

And this:

  $ _SESSION ['username'] = $ _POST ['username'];

- Bad practice, even if you get a valid answer.

0
source

I have a suggestion for you:

1) Do not store user-provided data directly in your session variable.

2) First check if the user account exists in your table, select the appropriate row and then save the received data in a session variable.

0
source

Source: https://habr.com/ru/post/946376/

More articles:


All Articles