$_SESSION[] clearing can't execute login script!!!

Status
Not open for further replies.
C

celebro

New Member
Messages
1
Reaction score
0
Points
0
I have problem i cant execute login script it's like $_SESSION[] vars don't work:
__________________________________Index.php____________________________________________
<div align="center" id="login">
Code: 
<?php
if (empty($_SESSION['Authenticated'])){
  ?>
<form action="skrypty/login.php" method="POST">
  <input type="text" name="login" />  <input type="password" name="pass" />  <input type="submit" value="login" />
<? if($_GET['e']==1){echo("<div style=\"color:red;\">Niepoprawny login/haslo</div>");} ?></form>
<?
}
?>
<div>
<?php
if ($_SESSION['Authenticated']== 1){
echo "<table><tr><td>";
include("skrypty/profil.php");
echo "</table></tr></td>";
}
?>
</div>

________________________________Login.php_______________________________________________
Code: 
<? if (isset($_POST['login']) && isset($_POST['pass'])){ // jesli odebrano i login i haslo
$login = strtolower($_POST['login']);
$pass = $_POST['pass'];// wypakuj superglobalna post
$q = mysql_query("SELECT * FROM user WHERE login = '$login' AND pass = '$pass'"); //wybierz rekord o podanym loginie i hasle
$num = mysql_num_rows($q); //policz wybrane rekordy
if ($num==1){//jesli jest tylko jeden: 
$_SESSION['Authenticated'] = 1; //jestes zalogowany
$_SESSION['Login'] = ucfirst($login); //zapisujemy twwój login do sesji
while ($row = mysql_fetch_array($q)){ //odczytujemy twój rank z bazy danych
$rank = $row['rank'];
}
$_SESSION['Rank'] = $rank;//i przypisujemy go do odpowiedniej zmiennej w sesji
echo ("<script type=\"text/javascript\">
self.location.href='../index.php'
</script>");
}
if (num==0){
$_SESSION['Authenticated'] = 0; // brak zalogowania
session_destroy();//zniszczenie sesji
echo ("<script type=\"text/javascript\">
self.location.href='../index.php?e=1' 
</script>");//przekierowanie do strony glównej z przeslana przez metode HTTP_GET zmienna e oznaczajaca blad w logowaniu
}
}
?>

it don't write $_SESSION['Authenticated'] Help pls. it works on others servers.
 
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
This thread belongs in the Programming Help forum. Perhaps an admin will move it.

celebro said:
I have problem i cant execute login script it's like $_SESSION[] vars don't work
Click to expand...
When asking for help with web development, include a link to a live page. As it stands, there doesn't appear to be enough information to diagnose the problem. Could you be more specific about the behavior you expect and what you're getting?

You might want to make use of debugging techniques. Eventually, learn to use a debugger, such as XDebug+DBG or XDebug+Eclipse for web developers. Eclipse can be used for so much more, but has a correspondingly steep learning curve. For now, you can examine variables using var_dump.

To make your code more readable, pick an indent style (I recommend the 1TBS).

celebro said:
PHP: 
if ($_SESSION['Authenticated']== 1){
Click to expand...
If $_SESSION['Authenticated'] isn't set, this will generate an error. Normally, I'd sat to use an elseif, but in this case you don't need a test, since the previous test failing implies this test will succeed; you can just use an else block.

celebro said:
PHP: 
echo "<table><tr><td>";
include("skrypty/profil.php");
echo "</table></tr></td>";
Click to expand...
The order of the closing tags is backwards. Also, did you mean "profil.php", or should it be "profile.php"?

PHP: 
<?php if (empty($_SESSION['Authenticated'])) { ?>
    ...
<?php } else { ?>
  <div>
    <table><tr><td>
    <?php include("skrypty/profil.php"); ?>
    </td></tr></table>
  </div>
<?php } ?>


celebro said:
PHP: 
$login = strtolower($_POST['login']);
$pass = $_POST['pass'];// wypakuj superglobalna post
$q = mysql_query("SELECT * FROM user WHERE login = '$login' AND pass = '$pass'"); //wybierz rekord o podanym loginie i hasle
Click to expand...
This is vulnerable to SQL injection. Instead of the old MySQL driver, use PDO and prepared statements.

Don't store passwords as plaintext; at a minimum, you should be hashing passwords using a secure hash function (e.g. Whirlpool or SHA512; MD5 and SHA1 are out-of-date).


The query is a good step to check. It could be failing, which will prevent successful authentication. With the MySQL driver, $q will be FALSE. If you follow the above advice and switch to using PDO, you'll need to check for basically the same condition (PDO::prepare and PDOStatement::execute returning FALSE on error). If you switch to using exceptions, you don't need multiple error handling tests.
 
Last edited:
Status
Not open for further replies.
Top