0

I am trying to create an admin login page. LOGIN PAGE

After I login everything is normal. But when I try to enter another page or refresh the current login page the session resets itself.

Here is a user to test on your own:

username -> test

password -> test

EDIT!!! { Session is started in core.inc.php } !!!

Here is my code of core.inc.php:

 session_start;
 function admin() {
    if ( isset($_SESSION['id']) && !empty($_SESSION['id']) ){
        return true;
    }
}

Here is admin.php: (note: admin.php includes core.inc.php) 

    if (isset($_POST["username"]) && isset ($_POST["password"])) 
{
    $username = $_POST["username"];
    $password = $_POST["password"];

    $query = "SELECT `id` FROM `admins` WHERE `username`='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";
    if ($query_run = mysql_query($query))
    {
        $query_num_rows = mysql_num_rows($query_run);

        if ($query_num_rows == 0)
        {
            echo "<br><div style=\"background-color:lightyellow;text-align:center;border-color:darkblue;font-style:italic;width:80%;border-style:dotted;\">Incorrect username or password.</div>";
        }
        else if ($query_num_rows == 1)
        {
            $user_id = mysql_result($query_run, 0, 'id');
            $_SESSION['id'] = $user_id;
        }
    }
}


if ( admin() == true ) {
?>
<center><a href="logout.php"><input type="button" value="Log Out!" ></a></center>
            <? 
}   
else {

?>

            <form action="" method="post">
                <center>
                    <table style="width:300px;text-align:center;line-height:30px;">
                    <th>LOG IN!</th>
                    <tr>
                        <td>&nbsp;<input type="text" name="username" placeholder="Username:" required="">&nbsp;</td>
                    </tr>
                    <tr>
                        <td>&nbsp;<input type="password" name="password" placeholder="Password:" required="">&nbsp;</td>
                    </tr>
                    <tr>
                        <td>&nbsp;<input type="submit" value="Login!">&nbsp;</td>
                    </tr>
                </table>
                </center>
            </form>

            <?
}
            ?>

2 Answers2

2

You're missing session_start(). It must be at the top of any page using sessions. It must also be before any output.

<?php
session_start()
if (isset($_POST["username"]) && isset ($_POST["password"])) 
{
    $username = $_POST["username"];
    $password = $_POST["password"];
John Conde
  • 217,595
  • 99
  • 455
  • 496
  • session is started in core.inc.php , thats not the issue. It logs you in. But after refresh it deletes the session. Did you check the link i put in my answer? –  Mar 22 '14 at 15:31
  • Make sure your session_start() is called before any output from your script – John Conde Mar 22 '14 at 15:34
  • It's at the top of my core.inc.php and all my pages start with ` include("includes/core.inc.php"); ?>` –  Mar 22 '14 at 15:37
1

shouldn't your session_start be session_start()?

session_start();
function admin() {
    if ( isset($_SESSION['id']) && !empty($_SESSION['id']) ){
        return true;
    }
}

You should enable error reporting for debugging purposes in your development environment to see the detailed error trace

Community
  • 1
  • 1
code-jaff
  • 9,230
  • 4
  • 35
  • 56