2

Thanks to be into this matter, I am having trouble to login in with session variable on server, while it's working perfect on localhost. Here is my code.

My landing page

<?php
require_once 'lock.php';
?>
My HTML code will be here....

lock.php

<?php
session_start();
require_once 'includes/connect.php';
if(empty($_SESSION['logged_in'])){
    header('Location: login.php?action=not_yet_logged_in');
}
$action = $_GET['action'];
if($action=='logout'){
    session_destroy();
    header('Location: login.php?action=logout');
}
?>

login.php

<?php
session_start();
require_once 'includes/connect.php';
if(isset($_SESSION['logged_in'])==true){
    header('Location: index.php?action=already_logged_in');
}
?>


<?php
if (isset($_GET['action'])) {
if($_GET['action']=='not_yet_logged_in'){
    echo "<div class='infoMesssage'>You cannot go to the index page because you are not yet logged in.</div>";
    }else if($_GET['action']=='logout'){
        echo "<div class='infoMesssage'>You have scuccessfully logout.</div>";
    }
}                   

 if($_POST){
    $enUsername = $_POST['username'];
    $enPassword = $_POST['password'];

    if(empty($_POST['username'])){
        $username = 'mockadmin';
        $password = 'mockadmin';
    }else {
        $chLogin = mysqli_query($con, 'select * from admin where user_name="'.$enUsername.'" AND password="'.$enPassword.'"');
        $chUser = mysqli_fetch_object($chLogin);

        $userId = $chUser->id;
        $username = $chUser->user_name;
        $password = $chUser->password;
    }

    if($_POST['username']==$username && $_POST['password']==$password){
      $_SESSION['logged_in'] = true;
      header('Location: index.php');                
   } else{
      echo "<div class='failedMessage'>Access denied. :(</div>";
   }
}
?>
<form class="m-t" method="post" role="form" action="login.php">
    <div class="form-group">
        <input type="text" name="username" class="form-control" placeholder="Username">
    </div>
    <div class="form-group">
         <input type="password" name="password" class="form-control" placeholder="Password">
    </div>
    <button type="submit" name="btnlogin" class="btn btn-primary block full-width m-b">Login</button>
</form>

My database connect.php

<?php  
$con = mysqli_connect('localhost', 'liveuser', 'livepass', 'mocktest');
if (mysqli_connect_errno()){
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>

I will appreciate your help. Thanks Again.

Ram Kashyap
  • 21
  • 1
  • I would first try doing `print_r($_SESSION)` on your pages just to see how it is set and with what values. Also, `empty($_SESSION['logged_in'])` is not going to work as you might expect as in other files, this is a boolean value (true/false). empty conditional is meant to check for empty string var contents. – Adam T Nov 25 '15 at 02:20
  • 1
    Please elaborate further on which parts are working and which are not working on the non-localhost server. – Adam T Nov 25 '15 at 02:25
  • not an answer, but you are wide open to sql injection, and it is not a good idea to store passwords as plain text. [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Sean Nov 25 '15 at 02:27
  • Try starting session in your DB connection file and landing page as well. – Shameem Ahmed Mulla Nov 25 '15 at 04:42
  • Sorry to reply late, but I was not here. Thanks for the quicker reply. First of All I need to confirm that code is working perfect in my locahost. But in server, login page is returning with Access denied error. – Ram Kashyap Nov 25 '15 at 06:34
  • Is it access denied in an apache way? Can you put a screenshot? If it is access denied via apache you may want to check the unix file permissions. Depending on the server, the 'owner' of the files should be set to either apache or www-data. Also you don't ever want to set any file at permission 777. Check your files as they are on the server and google for the best settings numbers for permissions. – Adam T Nov 25 '15 at 14:24
  • Here is the screen shot, It's working in local but when I tried same thing in live server this is happening. [link](http://pingashcms.com/images/login-access-denied.jpg) – Ram Kashyap Nov 26 '15 at 04:41

0 Answers0