hello there having problem have 2 pages, 1 log in , 1 private page, when log in , try go private page true link provided, private page sends me log in , never ending circle.
- i aware easy hack.
- if code looks bad because learning.
- thank in advance.
- my log in page
<html> <head> <title>user login form - php mysql ligin system | w3epic.com</title> </head> <body> <h1>user login form - php mysql ligin system | w3epic.com</h1> <?php session_start("login"); if (!isset($_post['submit'])){ ?> <!-- html login form --> <form action="<?=$_server['php_self']?>" method="post"> username: <input type="text" name="username" /><br /> password: <input type="password" name="password" /><br /> <input type="submit" name="submit" value="login" /> </form> <?php } else { require_once("db_const.php"); $mysqli = new mysqli(db_host, db_user, db_pass, db_name); # check connection if ($mysqli->connect_errno) { echo "<p>mysql error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } $username = $_post['username']; $password = $_post['password']; $sql = "select * members username '{$username}' , password '{$password}' limit 1"; $result = $mysqli->query($sql); if (!$result->num_rows == 1) { echo "<p>invalid username/password combination</p>"; } else { echo "<table align=center><tr> <font color=#000000 face=arial, helvetica, sans-serif size=+2> <td align=center><p>logged in successfully</p></td></tr>"; echo "<tr><td align=center><p>welcome!</p></td></tr>"; echo "<tr><td align=center><p>what wood work whit today ". $username . "!</p></td></tr></table>"; echo "<table align=center><tr><td align=center><a href=adminsearch.php> <class\= color=#000000; face=arial black, gadget, sans-seri;style=”text-decoration:none; size=+2>admin</a></td>"; echo "<td align=center>↔</td>"; echo "<td align=center><a href=constructionsearch.php> <class\= color=#000000; face=arial black, gadget, sans-seri;style=”text-decoration:none; size=+2>construction</a></td>"; echo "<td align=center>↔</td>"; echo "<td align=center><a href=drivingsearch.php> <class\= color=#000000; face=arial black, gadget, sans-seri;style=”text-decoration:none; size=+2>driving</a></td>"; echo "<td align=center>↔</td>"; echo "<td align=center><a href=industrialsearch.php> <class\= color=#000000; face=arial black, gadget, sans-seri;style=”text-decoration:none; size=+2>industrial</a></td></font></table>"; } } ?> </body> </html> and private page:
<?php if (isset($_session['login']) && $_session['login'] == true) { echo "welcome member's area, " . $_session['username'] . "!"; } else { header ("location: login.php"); } ?> <?php //load database connection require_once("db_search.php"); if (!isset($_post['submit'])); $pdo = new pdo("mysql:host=$host;dbname=$database_name", $user, $password, array( pdo::attr_errmode => pdo::errmode_exception )); // search mysql database table $search=$_post['search']; $query = $pdo->prepare("select * admin psc '%$search%' or trade '%$search%' limit 0 , 10"); $query->bindvalue(1, "%$search%", pdo::param_str); $query->execute(); // display search result ?> <html> <head> <title> how create database search mysql & php script | tutorial.world.edu </title> </head> <body> <form action="<?=$_server['php_self']?>" method="post"> search: <input type="text" name="search" placeholder=" search here ... "/> <input type="submit" value="submit" /> </form> <?php if (!$query->rowcount() == 0) { echo "search found :<br/>"; echo "<table style=\"font-family:arial;color:#333333;\">"; echo "<tr> <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">first name</td> <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">last name</td> <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">trade</td> <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">post code</td> <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">telephone</td> <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">comments</td> <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">to use</td></tr>"; while ($results = $query->fetch()) { echo "<tr><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">"; echo $results['f_name']; echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">"; echo $results['l_name']; echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">"; echo $results['trade']; echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">"; echo $results['psc']; echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">"; echo $results['phone']; echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">"; echo $results['comm']; echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">"; echo("<button onclick=\"location.href='del.php?del=" . $results['id'] . "'\"> delete user</button>"); echo "</td></tr>"; } echo "</table>"; } else { echo 'nothing found'; } ?>
you never call session_start(); in private page, nor ever set $_session['login'] in login page.
login page
if (!$result->num_rows == 1) { echo "<p>invalid username/password combination</p>"; } else { $_session['login'] = true; private page
<?php session_start(); if (isset($_session['login']) && $_session['login'] == true) { 
Comments
Post a Comment