www.webdeveloper.com
Results 1 to 2 of 2

Thread: Login System

  1. #1
    Join Date
    Jan 2014
    Posts
    2

    Login System

    Hi guys,
    I'm creating a login system and there is one small bug that I am trying to iron out, so any input is appreciated
    Once I log out as a user, I get redirected to my login page like:
    http://localhost:8888/login-form/log...atus=loggedout
    Now that I am logged out, if I try to "bypass" the login page and go straight to the index.php page (without logging in this time), I can still access the "secure" page (..not that secure, and I get the following message:


    Notice: Undefined index: status in /Applications/MAMP/htdocs/login-form/classes/membership.php on line 32

    Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/login-form/classes/membership.php:32) in /Applications/MAMP/htdocs/login-form/classes/membership.php on line 33
    You are Logged In User!!!!
    Log Out

    ----

    This is the code in membership.php (please see towards the end I have marked the link 32 where I get the notice & warning message)


    PHP Code:
    require 'mysql.php';

    class 
    Membership

        function 
    validate_user($un$pwd){
            
    $mysql = New Mysql();
            
    $ensure_credentials $mysql->verify_Username_and_Pass($unmd5($pwd));
            
                
    // if credentials returns true, log in to index page
                
    if($ensure_credentials) {
                    
    $_SESSION['status'] ='authorized';
                    
    header("location: index.php");
                   return 
    true;
                } else return 
    "Please enter a correct username and password";
        }

        function 
    log_User_Out() {
             if(isset(
    $_SESSION['status'])){
                     unset(
    $_SESSION['status']);
                     
                      if(isset(
    $_COOKIE[session_name('Mylogin')])){ 
                          
    setcookie(session_name('Mylogin'), ''time() - 1000);
                          
    session_destroy();
                      }
             }
        }
        
        function 
    confirm_Member(){   // This is Line 32 where I am Getting the Notice Error
            
    session_start();
                if(
    $_SESSION['status'] !='authorized') { 
                    
    header("location: login.php");            //////////////// I think that this is the issue, instead this should be returning "True", but what is the syntax?
                
    }
        }


    The code in my login.php page is:

    Code:
    <?php
    ob_start();
    session_start();
    
    require_once 'classes/membership.php';
    $membership = new Membership();
    
    //if clicked on log out link on index page
    if(isset($_GET['status']) && $_GET['status'] == 'loggedout'){
        $membership->log_User_Out();
    }
    
    //validate user
    if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])){
        $response = $membership->validate_user($_POST['username'], $_POST['pwd']);
    }
    
    
    ?>
    
    
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=uft-8" />
        
        <title>Login</title>
    
           <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> 
    </head>
    <body>
    <script type="text/javascript">
            
            $(function(){
            
                $('h4.alert').hide().fadeIn(700);
                $('<span class="exit"> X</span>').appendTo('h4.alert');
            
                $('span.exit').click(function(){
                    $(this).parent('h4.alert').fadeOut('slow');
                });
            
            });
            
    </script>
        
        <div id="login">
            
            <form method="post" action="">
                <h2>Login <small>enter your credentials</small></h2>
                <p>
                    <label for="name">Username: </label>
                    <input type="text" name="username" />
                </p>
                    <p>
                    <label for="pwd">Password: </label>
                    <input type="password" name="pwd" />
                </p>
                
                <p><input type="submit" id="submit" value="login" name="submit" /></p>
                
            </form>
            <?php if (isset($response)) echo "<h4 class='alert'>".$response."</h4> "; ?>
            
        </div>
    
    </body>
    </html>

    Any advise please?

    Thanks,
    Michel
    Attached Images Attached Images

  2. #2
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    5,877
    session_start() should be the very first item your page has in all pages that use the sessions object.
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.16384 seconds
  • Memory Usage 2,874KB
  • Queries Executed 16 (?)
More Information
Template Usage (35):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)bbcode_code
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (2)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (2)postbit
  • (1)postbit_attachment
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (73):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • fetch_postattach_query
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates