PHP log in trouble

I’m trying to get this php log in to work and I am not sure what the problem is. What ends up happening is I can not access the page I am not suppose to access when logged out but when I log in I still can’t access it either. I know I’m logged in because I’m not getting an incorrect password message.

login.php:

[php]<?php
session_start();
require_once ‘classes/membership.php’;
$membership = new membership();

//If the user clicks the “Log Out” link on the index page.
if(isset($_GET[‘status’]) && $_GET[‘status’] == ‘loggedout’) {
$membership->log_user_out();
}

// Did the user enter a password/username and click submit
if($_POST && !empty($_POST[‘username’]) && !empty($_POST[‘pwd’])) {
$response = $membership->validate_user($_POST[‘username’], $_POST[‘pwd’]);

}

?>[/php]

[code]

Login

Login enter your credentials

Username:

	<p>
		<label for="pwd">Password:</label>
		<input type="password" name="pwd"/>
	</p>

	<p>
		<input type="submit" id ="submit" value="Login" name=:submit" />
	</p>
</form>
<?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>" ?>
[/code]

membership.php[php]:

<?php require 'classes/mysql.php'; class membership { function validate_user($username,$password) { $mysql = New mysql(); $ensure_credentials = $mysql->verify_username_and_password($username,md5($password)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; header("location: index.php"); } else return "Please enter a correct username and password"; } function log_user_out() { if(isset($_SESSION['status'])) { unset($_SESSION['status']); if(isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 1000); session_destroy(); } } } function confirm_member() { //session_start(); if($_SESSION['status'] !='authorized') header("location: login.php"); } }[/php] mysql.php: [php]<?php require_once 'includes/constants.php'; class mysql{ private $connection; function __construct() { $this->connection = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a problem connecting to the database.'); } function verify_username_and_password($username, $password) { $query = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1"; if($stmt = $this->connection->prepare($query)) { $stmt->bind_param('ss',$username, $password); $stmt->execute(); if($stmt->fetch()) { $stmt->close(); return true; } } } }[/php]

Silly question - the “page you want to access but can’t” has a session_start() as far up in the code as possible. Right?

Here is the page I’m accessing.

index.php
[php]<?php

require_once ‘classes/membership.php’;
$membership = New membership();

$membership->confirm_member();
?>
[/php]

[code]

Jordur

You've reached the page that stores the launch codes

Log Out
[/code]

Why would I create a session on the page I’m trying to access?

session_start() does not simply “start a session”. If your visitor is already cookied, it will pick the session back up where it left off. In other words:

  • If the visitor is new, it creates a new session
  • If the visitor is returning (and has been PHPSESSID-cookied), it re-opens the session

You need it on every page where you want to use the $_SESSION superglobal.

I originally had a session started in the confirm_membership fuction under members.php but then I could access the page even if I logged out before.

Never mind it randomly started working after I put the code back how I had it. I get the feeling I had ran the code so much without ending the cookie that several built up in my web browser or something.

How does this code distinguish between my session or someone elses session or my cookie verses someone elses cookie?

…By the value of the cookie?

If someone else uses a cookie named status, wouldn’t it overwrite mines?

Sponsor our Newsletter | Privacy Policy | Terms of Service