I have a login script that when successful, should check to see if the session exists, if not, display login form, once posted, authenticate, if successful, set session.
After I successfully post the form, and it binds successfully, then go back to the page, it completely ignores the session and displays the login page.
I don’t know what I am doing wrong, do I have the conditionals in the wrong order? Should I be looking for the session before testing to see if the form was posted?
<?
session_start();
// using ldap bind
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password']; // associated password
// connect to ldap server
$ldapconn = ldap_connect("ldap://ldap.server")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn,$username,$password);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
$_SESSION['valid_username'] = $username;
} else {
echo "LDAP bind failed...";
}
}
} else {
if(isset($HTTP_SESSION_VARS['valid_username'])) {
print 'you are logged in - congrats';
} else {
?>
<h1>Login</h1>
<form method="post" action="<?=$_SERVER["PHP_SELF"]?>">
<p>username: <input type="text" name="username" /><br />
password: <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="submit" /></p>
</form><?
}
}
?>
try using $_SESSION instead of $HTTP_SESSION_VARS when checking the session.