Home/ Questions/Q 7890245
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T06:18:20+00:00

I am trying to add some security to my webpage. My webpage page.html has

  • 0

I am trying to add some security to my webpage.

My webpage “page.html” has lot of javascript scripts and html code. I can change extension to php. I have no problem with that.

I am using an example code I found on internet to understand how session_start works. If I have html extension, it works fine but I can access to the webpage even if I don’t add user and pass. if I use php extension, webpage throws me to the login promt again. With php extension I can’t access to the webpage when I write it on browser.

This is my code to check access: checkAccess.php

<?php
session_start();
//check the autenticated value
if ($_SESSION["autenticado"] != "si") {
//if doesn't exits, goes to login webpage
header("Location: login.php");
exit();
}
?>

And I added this line on the html and php webpage:

<?php include "checkAccess.php";?>

I know it works because I can access with my page in html. But when I change extension to php, it doesn’t work.

Do I have to configure any value in php.ini or something like that?

I add my other php files to check session:

autenticacion.php:

<?
session_start();
if ($_POST["usuario"]=="user" && $_POST["contrasena"]=="123456"){
$_SESSION["autenticado"]= "SI";
header ("Location: mypage.php");
}else {
header("Location: login.php?errorusuario=si");
}
?>

login.php:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> 
<title>Autenticación PHP</title>
</head>
<body>
<h1>Formulario de autenticaci&oacuten</h1>
<?php if(isset($_GET['errorusuario'])){if ($_GET['errorusuario']=="si"){?>
<font color="red"><b>Datos incorrectos</b></font>
<?php }}else{?>
Introduce tu nombre de usuario y contrase&ntildea
<?}?>
<form action="autenticacion.php" method="POST">
<table border="0">
<tr><td>Nombre de usuario:</td><td><input name="usuario" size="25" value=""/></td></tr>
<tr><td>Contrase&ntildea:</td><td><input name="contrasena" size="25" type="password"/>      </td></tr>
<tr><td/><td><input type="submit" value="Inicio de sesión"/></td></tr>
</table>
</form>
Para ingresar, d&eacutebes ingresar <b>pablo</b> en el 1er campo y <b>123456</b> en el    2do.
</body>
</html>

I am using xampp to test page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Q: Where is $_SESSION["autenticado"] being set?

    Q: Did you do a session_start() there, as well? You MUST call start_session() in BOTH pages.

    Q: What do you see if you echo the value of `$_SESSION["autenticado"]? Why not do a var_dump() of the entire $_SESSION[] array, and see if there’s anything there?

    Q: Did you enable cookies in your browser?

    Here is a good tutorial on PHP sessions:

    Here is the documentation for the $_SESSION[] superglobal (note the “isset($_SESSION)” function you should probably be using in your code):

    And yes, there are session settings in php.ini. But frankly, I wouldn’t mess with any of them except as a last resort, and unless you knew exactly what you were doing. Here’s the documentation:

    • 0