SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast Angrypoonani's Avatar
    Join Date
    Mar 2011
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Passing PHP variables through a variables page is not working... need some advice

    Now I'm pretty new to PHP and server scripting so I could be having a problem with some no brainer rules or simple syntax but I can't get this code to work...

    So the aim is to have a global variable ($logfail) to be set it the username/password doesn't exist then redirect to the login page and an error message will be displayed through the if statement checking is $logfail is true... but I'm doing something wrong because it's not working.... Any pointers or solutions would be helpful.

    login.php:
    Code PHP:
    <?php include("variables.php"); ?>
    <html>
    <head></head>
    <body>
    <?php 
    session_start(); 
    function check_logged(){ 
         global $_SESSION, $USERS; 
         if (!array_key_exists($_SESSION["logged"],$USERS)) { 
              header("Location: /index.php"); 
         }; 
    }; 
     
    if ($_POST["portal"]=="log") { 
         if ($USERS[$_POST["logn"]]==$_POST["pswd"]) { 
              $_SESSION["logged"]=$_POST["logn"]; 
         } else { 
              echo 'Incorrect username/password. Please, try again.'; 
         }; 
    }; 
    if (array_key_exists($_SESSION["logged"],$USERS)) { 
        header("Location: statelist.php");
    } else {
        global $logfail;
        $logfail = true;
        check_logged();
    }; 
    ?>
    ...

    variables.php:
    Code PHP:
    <?php
    $logfail;
    ?>

    index.php:
    Code PHP:
    <?php include("php/variables.php"); ?>
    <html>
    <head></head>
    <body>
    .......
    <?php
    global $logfail;
    if ($logfail) {
        ?>
        <p class="logFail red">Incorrect username/password combination...</p>
        <?php 
    };
    ?>
    ......

  2. #2
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by Angrypoonani View Post
    Now I'm pretty new to PHP and server scripting so I could be having a problem with some no brainer rules or simple syntax but I can't get this code to work...
    @Angrypoonani

    You first do not need to set the $_SESSION as global; it is a super global already and can be accessed at any time.

    The
    PHP Code:
     header("Location: /index.php"); 
    will not work as all header commands must be output before any other output. In your example the HTML and BODY tags will have already output so the header redirect will not work and should throw a warning.

    You should do a 'Not logged In' check at the very top of your php page. make sure that you do not have any whitespace or anything output before you issue the header redirect.

    I also wonder where you are storing your password. You should never store just a clear text password in a file or a database record instead HASH and SALT the stored password and then verify when the user enters their username, and password that you run the HASH with the same SALT to verify that they match otherwise you redirect.

    Your use of globals is worrisome.

    Regards,
    Steve

    ictus==""


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •