0

i am developing a website
Red Sec
i am using 1 account for all the subdomains:

  • Announcements
  • Forum
  • Blog
  • News
  • Donate

all the pages have the same style just different content achieved by connecting them all to http://red-sec.net/res/menu.php. here is the code for it since you cannot read it:

<?php
require 'connection.php';
function menu(){
  if(!isset($_SESSION['username'])){
  echo '<nav class="navbar navbar-default navbar-fixed-top shadow">
    <div class="container">
      <a href="http://red-sec.net" class="navbar-brand">Red-Sec.net</a>
      <ul class="nav navbar-nav">
        <li class="menuitem"><a href="http://red-sec.net">Home</a></li>
        <li class="menuitem"><a href="http://announcements.red-sec.net">Announcements</a></li>
        <li class="menuitem"><a href="http://forum.red-sec.net">Forum</a></li>
        <li class="menuitem"><a href="http://blog.red-sec.net">Blog</a></li>
        <li class="menuitem"><a href="http://news.red-sec.net">News</a></li>
        <li class="menuitem"><a href="http://donate.red-sec.net">Donate</a></li>
      </ul>
      <ul class="nav navbar-nav navbar-right">
        <li class="menuitem"><a href="http://red-sec.net/signup.php">Sign Up</a></li>
        <li class="menuitem"><a href="http://red-sec.net/Login.php">Log In</a></li>
      </ul>
    </div>
  </nav>
  <script
    src="https://code.jquery.com/jquery-3.1.1.js"
    integrity="sha256-16cdPddA6VdVInumRGo6IbivbERE8p7CQR3HzTBuELA="
    crossorigin="anonymous"></script>
  <script src=" ../js/menu.js"></script>
  <div class="container bg">
  <div class="row full">
  <div class="col-lg-8 bd">';
}else{
  $username = $_SESSION['username'];
  echo '<nav class="navbar navbar-default navbar-fixed-top shadow">
    <div class="container">
      <a href="http://red-sec.net" class="navbar-brand">Red-Sec.net</a>
      <ul class="nav navbar-nav">
        <li class="menuitem"><a href="http://beta.red-sec.net">Home</a></li>
        <li class="menuitem"><a href="http://announcements.red-sec.net">Announcements</a></li>
        <li class="menuitem"><a href="http://forum.red-sec.net">Forum</a></li>
        <li class="menuitem"><a href="http://blog.red-sec.net">Blog</a></li>
        <li class="menuitem"><a href="http://news.red-sec.net">News</a></li>
        <li class="menuitem"><a href="http://donate.red-sec.net">Donate</a></li>
      </ul>
      <ul class="nav navbar-nav navbar-right">
        <li class="menuitem"><a href="http://red-sec.net/profile.php">'.$username.'</a></li>
        <li class="menuitem"><a href="http://red-sec.net/Logout.php">Log Out</a></li>
      </ul>
    </div>
  </nav>
  <script
    src="https://code.jquery.com/jquery-3.1.1.js"
    integrity="sha256-16cdPddA6VdVInumRGo6IbivbERE8p7CQR3HzTBuELA="
    crossorigin="anonymous"></script>
  <script src="../js/menu.js"></script>
  <div class="container bg">
  <div class="row full">
  <div class="col-lg-8 bd">';
}
}
function endbd(){
    require'connection.php';
  echo '</div>
  <div class="col-lg-4 bd sidebar">
  <h2 class="title">Latest News Post</h2>
<hr class="under">';
$query = "SELECT * FROM news ORDER BY date DESC LIMIT 1";
$run = mysqli_query($connect,$query);
if(!$run){
    echo 'sorry';
}
$row = mysqli_fetch_array($run);
  $article_id = $row['article_id'];
  $user_id = $row['user_id'];
  $title = $row['title'];
  $content = $row['content'];
  $date = $row['date'];
  $query = "SELECT username FROM users WHERE ID = '$user_id'";
  $test = mysqli_query($connect,$query);
  $row2 = mysqli_fetch_array($test);
  $user_name = $row2['username'];
  echo '<div class="row">
  <div class="col-lg-12"><h3 class="para"><a class="para" href="/news/article.php?id='.$article_id.'">'.$title.'</a></h3>
  <p class="para">Written by: '.$user_name.'</p>
  </div>
  </div>
  </div>
  </div>
  </div>';
}
 ?>

I noticed that when you login on the mainpage and go to a subdomain the menu says signup or login instead of your username which is what it should do.
But when you click on signup or login it just refreshes the page and shows u your username and a logout option next to it. meaning that the session is working in the subdomain but it is for some reason not showing at first so you have to refresh it ? can someone explain why this is happening ?

EDIT:
Here is an example of how i am using the res/menu.php

<?php
session_start();
include 'res/connection.php';
include 'res/menu.php';
?>
<!DOCTYPE html>
<html>
<head>
  <title>R3D S3C | Home page</title>
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"/>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
  <link rel="stylesheet" type="text/css" href="css/style1.css"/>
  <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>
</head>
<body>
<?php menu(); ?>
<h2 class="title">Red Sec</h2>
<p class="para">Long Lorem Ipsum text goes here...</p>
<?php endbd(); ?>
</body>
</html>

EDIT 2:
login page as requested:

<?php
session_start();
include 'res/connection.php';
include 'res/menu.php';
if(isset($_SESSION['username'])){
  header('Location: profile.php');
}
?>
<!DOCTYPE html>
<html>
<head>
  <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
  <link href="css/style1.css" rel="stylesheet" type="text/css"/>
  <title>Red Sec | Login</title>
</head>
<body>
      <?php
      $error = "";
      $userErr = "";
      $passErr = "";
        if(isset($_POST['Login'])){
          $username = $_POST['username'];
          $password = $_POST['password'];
          if($username == ""){
            $userErr = "Username cannot be empty";
          }else{
            $userErr = "";
          }
          if($password == ""){
            $passErr = "Password cannot be empty";
          }else if(strlen($password) > 32){
              $passErr = "Password too long";
          }
          else{
            $passErr = "";
          }
          if($userErr == "" && $passErr == ""){
            $sql = "SELECT * FROM users WHERE username = '$username' OR email = '$username'";
            $result = mysqli_query($connect,$sql);
            if(!$result){
              $error = "Unable to retrieve information, please try again later.";
            }else if(mysqli_num_rows($result) < 1){
              $error = "This account does not exist!";
            }else{
              $row = mysqli_fetch_array($result);
              $dbpassword = $row['password'];
              $salt = $row['salt'];
              $password = crypt($password,$salt);
              if($password == $dbpassword){
                $_SESSION['id'] = $row['ID'];
                $_SESSION['username'] = $row['username'];
                $_SESSION['email'] = $row['email'];
                $error = "";
                echo "<script>window.location = 'profile.php'</script>";
              }else{
                $error = "username or email / Password combination is wrong!";
              }
            }
          }else{
            $error = "";
          }
        }
      ?>
      <?php menu(); ?>
      <h2 class="title">Log In</h2>
        <form id="register-form" class="text-left" method="post">
            <div class="login-form-main-message"></div>
            <div class="main-login-form">
                <div class="login-group">
          <p class="error"><?php echo $error; ?></p>
                    <div class="form-group">
                        <label for="reg_username" class="sr-only">Username or Email</label>
                        <input type="text" class="form-control" id="reg_username" name="username" placeholder="Username or Email">
            <p class="error"><?php echo $userErr; ?></p>
                    </div>
                    <div class="form-group">
                        <label for="reg_password" class="sr-only">Password</label>
                        <input type="password" class="form-control" id="reg_password" name="password" placeholder="password">
            <p class="error"><?php echo $passErr; ?></p>
          </div>
          <div class="move">
                <button class="button btn btn-primary" value="Login" name="Login">Login</button>
            </div>
    </div>
</div>
        </form>
    <?php endbd(); ?>
</body>
</html>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
red security
  • 193
  • 3
  • 14

3 Answers3

0

please read this article

https://stackoverflow.com/a/11030316/6329312

PHP:

<?php
session_set_cookie_params(0, '/', '.mywebsite.com');
session_start();
//Code...
?>
Community
  • 1
  • 1
Harshil Patel
  • 298
  • 2
  • 8
0

try this approach

    &lt?php
    session_name("my_session");
    session_set_cookie_params(0,"/",".yoursite.com");
    session_start();

and your should be able to carry the session all throughout your site's subdomains

Abdelkader Soudani
  • 472
  • 7
  • 17
0

i got it fixed everyone who is interested.
stuff to note
you need to do this:

ini_set('session.cookie_domain', '.yourdomainhere.com');
session_set_cookie_params(0, '/', '.yourdomainhere.com');

it was a mix of these two for me, u have to put them in every page that calls the php function session_start();
you have to put it before session_start(); it worked for me :)
hope it works for you too

red security
  • 193
  • 3
  • 14