0

I two .php files. All html and php, no SQL and will not be needing/using it. One is the login page, the other is the destination. When I put in the log in details I have set, I can't get to the destination. Here's the code for both pages:

Login:

<!DOCTYPE html>

(php tag here can't type it)
session_start();

$username="testu";
$password="testp";
$_SESSION['logged_in']=false;   

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
    header("Location: dest.php");
    exit;
}

if (isset($_POST['user']) && isset($_POST['pass'])) {
    if ($_POST['user'] == $username && $_POST['pass'] == $password) {
        $_SESSION['logged_in'] = true;
        header("Location: dest.php");
        exit;
    }
}
?>

<html lang="en">

<head>
    <title>A title</title>
</head>

<body>
    <form action="dest.php" method="post" style="font-    family:calibri;position:absolute;top:40%;left:35%;">
        Username: <input type="text" name="user"/><br><br>
        Password: <input type="password" name="pass"     style="position:relative;left:5px;"/><br><br><br>
    <input type="submit" value="Submit" style="position:relative;left:115px;"/>
    </form>

</body>

</html>

Destination:

<!DOCTYPE html>

(php tag here)
session_start();

if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false) {
    header("Location: login.php");
    exit;
}   
?>

<html lang="en">

<head>
    <title>A title</title>
</head>

<body>
    <a href="login.php">Log out</a>
</body>

</html>

I noticed that when I commented out the php code on the destination file, I could access the dest.php. Issue is, I could access is with any login details, or none at all. It's either nothing works, or anything works. How can I get the details I have set to work? I feel the issue is in the login page script. Many thanks in advance to anyone who can help me resolve this.

Got this resolved properly over here: PHP login authentication not working This is not at all duplicate, Fred-ii- who marked it as one clearly wasn't paying attention to the code he asked for. He also deleted his comments from my post.

Community
  • 1
  • 1
H3ll0
  • 259
  • 1
  • 3
  • 16
  • 2
    Have you `session_start` at the start of both? – Jonnix Nov 25 '16 at 15:00
  • @JonStirling Yes, need to add that into the post thanks – H3ll0 Nov 25 '16 at 15:01
  • @JonStirling Added into OP, the – H3ll0 Nov 25 '16 at 15:03
  • @H3ll0 what exactly does not work ? – Blueblazer172 Nov 25 '16 at 15:05
  • @Fred-ii- Yes in both files at the top. I'll try exit; now thank you – H3ll0 Nov 25 '16 at 15:12
  • @Fred-ii- exit; also made no difference – H3ll0 Nov 25 '16 at 15:15
  • @Fred-ii- I have added the full code. Which page needs an else statement? Both? And if yes, why? – H3ll0 Nov 25 '16 at 15:38
  • Are you serious? My question was marked as a duplicate of something completely irrelevant. I have move session start to the top in many different ways and it has made no difference. I can't tell whether this is a bad joke or a poor user with responsibility they shouldn't have. It's as if you realized you couldn't answer the question so backed up, disappointing and immature. – H3ll0 Nov 25 '16 at 17:56
  • Got this resolved properly over here: http://stackoverflow.com/questions/40810414/php-login-authentication-not-working/40810544#40810544 – H3ll0 Nov 26 '16 at 18:51

2 Answers2

1

From http://php.net/manual/en/function.session-start.php

Note:

To use cookie-based sessions, session_start() must be called before outputing anything to the browser.

Move session_start() in your code. For example,

<?php

session_start();

?><!DOCTYPE html>
<!-- and the rest of your code here... -->
Steve
  • 1,853
  • 16
  • 30
  • As mentioned on BlueBlazer's post, I have already tried this with no success. I have tried moving the whole php code above everything else. Please read my comments. – H3ll0 Nov 25 '16 at 16:37
0

Your issue is with session_start();. You have to put it on top of every page you handle sessions.

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

<?php

session_start(); //has to be on top of every site you use sessions

$username = "testu";
$password = "testp";
$_SESSION['logged_in'] = false;

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
    header("Location: dest.php");
}

if (isset($_POST['username']) && isset($_POST['password'])) {
    if ($_POST['username'] == $username && $_POST['password'] == $password) {
        $_SESSION['logged_in'] = true;
        header("Location: dest.php");
    }
}
?>
Blueblazer172
  • 588
  • 2
  • 15
  • 44