-2

I have a simple login page and login.html - gets input username and pwd in form login_result.php - connect to server and start session & form little form validation note.php - this is the main page for user to choose other sub pages. so far I only display the user name on the screen to test the session works.

for viewing purpose, I've changed to html. please follow link to see what's wrong...

login_result

note

Jason Ko
  • 9
  • 4

2 Answers2

3

Your links seem to be of no help. Anyways I will give a little intro as to how to work with basic login and sessions.

login.html: The form which should be in the login.html page. Method MUST be POST as you are passing sensitive information to another page. Also note the names of the input fields.

<form role="form" method="POST" action="login_result.php">
<label for="UID">UserID:</label>
<input class="form-control" type="text" name="UID" required>
<br>
<label for="pwd">Password:</label>
<input class="form-control" type="password" name="pwd" required><br>
<button class="btn btn-default" type="submit">Login</button>
</form>

login_result.php: This is where the validation takes place.

<?php $username = trim($_POST['UID']); //UID is the name of the username input field
$pass = trim($_POST['pwd']); //So is pwd         
if(strcmp($username,"admin") === 0 && strcmp($pass,"admin") === 0 )
{       
    session_start(); //start session
    $_SESSION['username'] = $username; 
   //store userdata for further use. 
   //My page is simple so it just stores the username
    header("Location: note.php"); //redirect to your "success" page
}   
else
{
    //Wrong credentials
    header("Location: login.html");
}?>

The verification is basic here. I usually employ hashing but for now this will do fine

note.php: Reuse the Session variable to display the username like,

<h3>Welcome, <?php echo $_SESSION['username']; ?> </h3>

You must also check for each page if the session is active, and redirect to the login if its not, else there is no meaning to the login.

in_all_pages: Add this at the beginning,

<?php
session_start(); //start the session
if (!isset($_SESSION['username']) || empty($_SESSION['username'])) 
{
  //redirect to the login
  header("Location: login.html");
  exit();
}

Remember to destroy the session like:

logout.php:

<?php
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}
// Finally, destroy the session.
session_destroy();
header("Location: login.html");
?>
Samuel Bushi
  • 341
  • 3
  • 16
  • Thanks for great example!, I will try that but it seems like my hosting does not have "master / local " session.cookie_httponly = OFF – Jason Ko Jun 06 '15 at 18:37
  • [link](http://www.mahanaimchurch.org/note/stack/ss.png can you take a link picture of my session on php.ini? – Jason Ko Jun 06 '15 at 19:19
  • Your link gives a 404 Error. Its okay, it works even without clearing the session cookies, just start the session, destroy it and redirect to login page. The cookie will have an invalid ID so it will not be a problem. :) – Samuel Bushi Jun 06 '15 at 19:38
  • Thanks for your help. I found the problem. when I redirect using I had put url= http://mahanaimchurch.org/.../note.php" ,but once I changed to just url=note.php it worked!!! so never put full address when I redirect in order to keep session? – Jason Ko Jun 06 '15 at 20:37
  • Check [this](http://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php) out. Gives some good tips on how to redirect properly. – Samuel Bushi Jun 06 '15 at 20:44
0

To use PHP, the files must have .php extension.

Said that, to use the sessions you have to use this code line at the start of every php line:

session_start();
Giacomo M
  • 4,450
  • 7
  • 28
  • 57