0

cant seem to log in. when ever i hit login button in login.php. than it goes to index.php but user is not loged in. i think its bc session_start problem. any idea why??

    header.php
    <?php
    session_start();
    include("connect.php");

    //check, if user is loged in or not
    if(isset($_SESSION['username']))      /*** user is loged in ***/
    {...
    }
    ?>



-------------------------------------------------------------------------------------------------------------
    index.php


       <?php
        include("include/header.php");
        ?>

        <?php
        //check, if user is loged in or not
        if(isset($_SESSION['username']))      /*** user is loged in ***/
        {
            echo"loged in";
        }
        else /*** user is loged off ***/
        {
        ...
        }...?>





-------------------------------------------------------------------------------------------------------
login.php


    <?php
    include("include/header.php");
    ?>

    <?php
    if($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        $username_p = $_POST['username'];
        $password_p = $_POST['password'];
        $log_error = "";

        if($username_p && $password_p)
        {
            if(strlen($username_p) > 20 && strlen($password_p) > 20)
            {
                $log_error .= "Error - Username or Password too long!";
            }
            else
            {
                $sql = mysql_query("SELECT id FROM user WHERE username='$username_p' AND password='$password_p' LIMIT 1");

                //make sure person exists in database---
                $existCount = mysql_num_rows($sql); //count the row num
                if($existCount == 1) //make sure name is only one in database
                {
                    while($row = mysql_fetch_array($sql))
                    {
                        $id = $row["id"];
                    }
                    //create session variables
                //so site can remember who loged in
                $_SESSION["id"] = $id;
                $_SESSION["username"] = $username;
                $_SESSION["password"] = $password;
                header("location: index.php");

                }
                else
                {
                    $log_error .= 'Error - Incorrect username or password!';
                }
            }
        }
        else
        {
            $log_error .= "Error - Enter all the fields";
        }
            $_SESSION['log_error'] = $log_error;
        //header('Location: index.php');
    }
    ?>


    <head>
        <title>Log In</title>
    </head>

    <div id = 'bg_middle2'>    
        <div id = 'login_content_page_wrapper'>
            <div id = "left_login">
            bnn
            </div>
            <div id = "right_login">
                <form  id='login' action='login.php' method='POST' name=''>
                 <h1>Log in to your account!</h1>
                   <?php
                    //print errors
                    if(array_key_exists('log_error', $_SESSION) && !empty($_SESSION['log_error']))
                    {
                        $log_error_r = $_SESSION['log_error'];
                        echo "<span style='background-color:#D00000;'> $log_error_r <br/></span>";
                        unset($_SESSION['log_error']);
                    }
                  ?>
                    <div>
                        <label>Username:</label> 
                        <input type="text" name="username" id="login_username" class="login_field" value="User name"/>
                    </div>           

                    <div>
                        <label>Password</label>
                        <input type="password" name="password" id="login_password" class="login_field" value="Password"/>
                     </div>          

                    <p class="forgot"><a href="#">Forgot your password?</a></p>
                    <div id="submit">
                         <button type="submit">Log in</button>    
                    </div>
                 </form>
                </div>
            </div>
    </div>

    <?php
    include("include/footer.php");
    ?>
5
Contributors
6
Replies
8
Views
4 Years
Discussion Span
Last Post by diafol
1

In the file login.php to the top file you must will cause function session_start()

1

Sorry not noticed you already this did in the file header.php

Edited by radow

1

After how you executed login, you had in the cookie the variable by name PHPSESSID?

1

Make sure you are actually including the 'Header.php'

When working with PHP, I find that a normal Include shall not work and you need to make sure you state the full directory.

include ($_SERVER['DOCUMENT_ROOT'].'/include/header.php');

If you need to check, just add a die("The Header File is Included"); in the Header.php and if your Login.php ends with that then it works.

3

Why on earth do you want to store someone's password in a session - no need and very insecure???

Regardless of this, your login is obviously working as you get redirected as per your code, but the username stored in the session is incorrect, nowhere in your script have you set a variable $username, you have only set $username_p, therefore your $_SESSION['username'] = $username will never be populated with any information as it should be $_SESSION['username'] = $username_p.

As a side note, your are duplicating the PHP to check if a user is logged in (it is in both your header file and your index file, which already includes the information from your header file).

0

Noted that this is solved. As the OP didn't respond, just to 'me too' simplypixie's point that passwords should never be stored in session vars.

Edited by diafol

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.