ApocalypeX Posted November 25, 2010 Share Posted November 25, 2010 On my local server my script works, I can login to a system I've created and navigate admin controls using cookies/sessions to know who the user is. But when I moved my system to a server I can't logon and I am redirected to the login page.I'm not very good at PHP cookies/sessions but from the looks of it it should work. <form name="form1" method="POST" action="checklogin.php"><input name="myusername" type="text" id="myusername"><input name="mypassword" type="text" id="mypassword"><input type="submit" name="Submit" value="Login"></form> Heres basically whats going on behind the scenes <?php$myusername=$_POST['myusername']; $mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);if($myusername=="Admin" && $mypassword=="Admin"){ session_start(); $_SESSION['user'] = $myusername; header("location:cpanel.php");}else { header("location:adminlogin.html");}?> Then on every page that is an admin page this block of code is at the top to check <?php session_start();if(!isset($_SESSION['user'])){header("location:adminlogin.html");}?> Any insight will be helpful. Link to comment Share on other sites More sharing options...
Fmdpa Posted November 25, 2010 Share Posted November 25, 2010 if($myusername=="Admin" && $mypassword=="Admin"){session_start();$_SESSION['user'];header("location:cpanel.php");} What is that $_SESSION variable doing? It isn't being assigned or used...it's just floating in mid-air. Link to comment Share on other sites More sharing options...
jeffman Posted November 25, 2010 Share Posted November 25, 2010 What is this line supposed to do?$_SESSION['user']; Link to comment Share on other sites More sharing options...
ApocalypeX Posted November 25, 2010 Author Share Posted November 25, 2010 At first it was $_SESSION['user'] = $myusername; but I changed it to $_SESSION['user']; to see if it made any difference. Let me change the OP. Link to comment Share on other sites More sharing options...
jeffman Posted November 25, 2010 Share Posted November 25, 2010 FWIW, if you're just going to see if the variable is set, it really doesn't matter what value you put in there. That's all I do mostly, unless I have multiple apps and different sets of users running on the same box. Link to comment Share on other sites More sharing options...
trevelluk Posted November 26, 2010 Share Posted November 26, 2010 I think this problem relates to a PHP feature known as register globals (see http://uk3.php.net/manual/en/security.globals.php).The page I've linked to explains some more about it, but basically this is the PHP feature that automatically turns an input field with name="myusername" into a PHP variable called $myusername.With this turned off (which is now the recommended and default setting), you should access input values via the $_GET or $_POST arrays (in your case $_POST, because you use POST as the form method).In short, instead of writing: f($myusername=="Admin" && $mypassword=="Admin"){ session_start(); $_SESSION['user'] = $myusername; use: f($_POST['myusername']=="Admin" && $_POST['mypassword']=="Admin"){ session_start(); $_SESSION['user'] = $_POST['myusername']; or alternatively, before your if statement, run: $myusername = $_POST['myusername']; Link to comment Share on other sites More sharing options...
birbal Posted November 26, 2010 Share Posted November 26, 2010 as it is entering in else block (false). that means that condition is not satisfying. i guess it is not problem of session.try to echo after each assighnment. and let see the intended values are coming or not. $myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];//echo both of here$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);//echo both of here Link to comment Share on other sites More sharing options...
gar_onn Posted November 26, 2010 Share Posted November 26, 2010 Try to stop SEssion writing a Link to comment Share on other sites More sharing options...
gar_onn Posted November 26, 2010 Share Posted November 26, 2010 Try adding: session_write_close(); <?php$myusername=$_POST['myusername']; $mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);if($myusername=="Admin" && $mypassword=="Admin"){ session_start(); $_SESSION['user'] = $myusername; session_write_close(); //stop session writing before redirect header("location:cpanel.php");}else { session_write_close();//stop session writing before redirect header("location:adminlogin.html");}?> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.