Home/ Questions/Q 8747673
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T12:23:44+00:00

Following help from this site I have now got my log in script largely

  • 0

Following help from this site I have now got my log in script largely working, however there is an issue when I try to check for a session on a restricted page the full code as follows.

The log in script itself

    <?php

function validateUser()
{

    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] = 1;
    $_SESSION['userid'] = $userid;
}


?>

<?php

ob_start(); // Start output buffering

error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);

session_start(); //must call session_start before using any $_SESSION variables
$username = $_POST['username'];
$password = $_POST['password'];
//connect to the database here

$hostname_PropSuite = "localhost";
$database_PropSuite = "propsuite";
$username_PropSuite = "root";
$password_PropSuite = "root";
$PropSuite = mysql_pconnect($hostname_PropSuite, $username_PropSuite, $password_PropSuite) or trigger_error(mysql_error(),E_USER_ERROR); 
mysql_select_db($database_PropSuite, $PropSuite);

$username = mysql_real_escape_string($username);

$query = "SELECT password, salt FROM admin_users WHERE username = '$username';";

$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result) < 1) //no such user exists
{
    header('Location: http://localhost/PropSuite/index.php?login=fail');

    die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) //incorrect password
{
    header('Location: http://localhost/PropSuite/index.php?login=fail');

    die();
}
else
{
   validateUser(); //sets the session data for this user
}
//redirect to another page or display "login success" message
header('Location: http://localhost/PropSuite/main');
die()




//redirect to another page or display "login success" message


?>

The page I am trying to restrict.

<?php

error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);



function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        return true;
    return false;
}

//if the user has not logged in
if(!isLoggedIn())
{
    header('Location: http://localhost/PropSuite/index.php');
    die();
}
//page content follows
?>

What happens when I press log in is that it is taking me back to the log in page so it seems to go through the log in script then when it hits the main page that throwing me back to the log in page. I’m confused.com 🙁

Thank you in advance for your help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the page you trying to restrict i see no session_start

    <?php 
  session_start();
  error_reporting(E_ALL & ~E_NOTICE);
  ini_set('display_errors', TRUE);
  ini_set('display_startup_errors', TRUE);
  .....
?>

    By the way in your other script you should wrote this

     <?php
     .....
     $username = isset($_POST['username'])?$_POST['username']:'';
     $password = isset($_POST['password'])?$_POST['password']:'';
    ...
  ?>
    • 0