-1

When I go to the index page directly, it direct me to the login page. And when I enter the email and password and submit that, it stays on the login page.

I think the problem is in the session between the config file and the index page.

Here is the config: (please don't focus to mysql, i still want to use it)

<?php
ob_start();
error_reporting(E_ALL ^ E_NOTICE);
ini_set("display_errors", true);
error_reporting(-1);
ini_set('display_errors', 'On');
mysql_connect("","","") or die("cannot connect");
mysql_select_db("") or die("Gagal");
$myemail= $_POST['myemail'];
$mypassword= $_POST['mypassword'];
$sql= "SELECT * FROM user WHERE myemail='".$myemail."' and mypassword='".$mypassword."'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
   {
    echo "Login successful";
    session_register("myemail");
    session_register("mypassword");
    header("location:index.php");
   }
else {
    echo "Wrong Username or Password";
    }
ob_end_flush();
?>

Then in the index page I have this session in the header:

<?php
session_start();
if(!session_is_resgitered(myemail)){
header("location:login.html);
}
?>

Please help me to clear this one, I have tried so many ways just to achieve this login function. Thank you.

Al Kush
  • 278
  • 3
  • 15
  • should't this `if(!session_is_resgitered(myemail)){` be `if(!session_is_resgitered("myemail")){` i mean with " around myemail, and i am not sure, you may need `session_start()` at login.php too? – Yazan Sep 28 '14 at 12:15
  • No, it doesn't solve the issue. – Al Kush Sep 28 '14 at 12:18
  • did you add session_start() to login.php? (at first line) – Yazan Sep 28 '14 at 12:19
  • 2
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Sep 28 '14 at 12:20
  • 2
    You are using [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php) and need to [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of your users' passwords. – Quentin Sep 28 '14 at 12:20
  • You've misspelt `session_is_registered` … which was removed from PHP 2 versions ago. – Quentin Sep 28 '14 at 12:22
  • @Yazan, Yes I have had that in the login page. – Al Kush Sep 28 '14 at 12:22
  • @quntin, please not only put a comment, but also give me the complete way to achieve this. Please. – Al Kush Sep 28 '14 at 12:24
  • 2
    **DANGER** You are also using `session_register()` this was **deprecated** in `PHP5.3.0` and **removed** in `PHP 5.4.0` I guess you need to **copy a newer piece of code** from the internet, and also upgrade your version of PHP to something resembling a current version. – RiggsFolly Sep 28 '14 at 12:28
  • @RiggsFolly, If I can copy another code, I won't ask the solution here. – Al Kush Sep 28 '14 at 12:31
  • You could go really radical and write your own code. – RiggsFolly Sep 28 '14 at 12:50
  • why don't you have a look here http://www.w3schools.com/php/php_sessions.asp – Yazan Sep 28 '14 at 13:02
  • 1
    **No**, don't look on w3schools. They have many wrong and bad practice examples, and sometimes outdated. Go to [**PHP.NET**](http://php.net) - this is the resource you need. @Yazan – Daniel W. Sep 29 '14 at 07:40
  • @DanFromGermany i did not tell him go to w3schools, i told him check this link which talks about session and exist in w3schools, and i saw that the link content is OK. – Yazan Sep 29 '14 at 07:53

2 Answers2

0

in config php: you can do like this.

if($count==1)
   {
    echo "Login successful";
    $_SESSION['user_loggedin']=$yourEmail; // this will create a session variable
    //session_register("myemail");
    //session_register("mypassword");
    header("location:index.php");
   }

and in index.php

<?php
session_start();
$checkUser= $_SESSION['user_loggedin']; //here you can access the logged in user if it is logged in
//check the user
if(strlen($checkUser)){
    // user is logged in and access other details for current user
}else{
    // user is not logged in
}

?>
Choxx
  • 945
  • 1
  • 24
  • 46
-1

login proccess file

<?php
session_start();
ob_start();

mysql_connect("localhost","root","") or die("cannot connect");
mysql_select_db("yourdatabase") or die("Gagal");

$myemail    = $_POST['myemail'];
$mypassword = $_POST['mypassword'];

$sql   = mysql_query("SELECT * FROM user WHERE email = '{$email}' AND password = '{$password}'");
$count = mysql_num_rows($sql);
if ( $count == 1 ) {
    $_SESSION['email']    = $myemail;
    $_SESSION['password'] = $mypassword;

    header("location: index.php");
} else {
    echo "Wrong Username or Password";
}
ob_end_flush();
?>

your index file

<?php
session_start();

echo $_SESSION['email']; // try this first, if you make it right from the login page then it will give a value

// if ( $_SESSION['email'] == null && $_SESSION['password'] == null ) {
//    header("location:login.html");
// }
?>
Khrisna Gunanasurya
  • 725
  • 10
  • 36