2
I’m setting up a client’s website and I need to log in. The user can log in normally and without error, but sending it to the main page when he is logged in is like he has not logged in. Here is my code:
login.php
<form class="form-horizontal" action="conf/logar.php" method="POST">
<fieldset>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="user">Usuario</label>
<div class="col-md-2">
<input id="user" name="user" placeholder="login" class="form-control input-md" required="" type="text">
</div>
</div>
<!-- Password input-->
<div class="form-group">
<label class="col-md-4 control-label" for="senha">Senha</label>
<div class="col-md-2">
<input id="senha" name="senha" placeholder="senha" class="form-control input-md" required="" type="password">
</div>
</div>
<!-- Button -->
<div class="form-group">
<label class="col-md-4 control-label" for="log">Login</label>
<div class="col-md-4">
<button id="log" name="log" class="btn btn-success">Login</button>
</div>
</div>
</fieldset>
</form>
log in.php
include("conexao.php");
$user = $_POST["user"];
$senha = $_POST["senha"];
$userBusca = mysql_query("SELECT * FROM usuario WHERE usuario_login = '".$user.
"' AND usuario_senha = '".$senha.
"' ") or die(mysql_error("Erro ao fazer login"));
if (mysql_num_rows($userBusca) == 1) {
session_start(); //Inicia a sessão
$_SESSION["usuario_nome"] = $_POS["user"];
$_SESSION["usuario_senha"] = $_POST["senha"];
header("Location:../index_logado.php");
} else {
"<script>
alert('Usuário não encontrado! Informe os dados corretamente');
window.location.href = '../login.php'; < /script>";
}
I created a page that controls whether the user is logged in or not.
restricted.php
@session_start();
if(isset($_SESSION["usuario_nome"])){
}else{
header("Location:login.php");
}
But by including 'restrict.php' in the 'index_logated.php' it is as if the user has not logged in and I cannot rescue the session data. Thanks for your help. Vlws!
You applied
session_start();
in all documents?– Guilherme Nascimento
I want to warn you that passing data directly into the query is giving input to sql Injection. Also, mysql_query is being discontinued, I suggest you use PDO or mysqi.
– Ivan Ferrer
The method type session
$_SESSION
can only be rescued on another page when set in the file headersession_start()
, never on the same page where you set up the session. Maybe that’s your problem.– Ivan Ferrer
No, I put >session_start(); only at the time it will log in and then when it checks inside the >restricted.php. I believe that by giving a include he takes the Session. And for the rest I am aware of that. I will use ways to avoid sql Injection, but what good is it if I have this problem? I could not connect with mysqli and I do not know how to use or what is PDO. But thank you for the comment.
– Didio
mysqli: http://php.net/manual/en/book.mysqli.php and PDO: http://php.net/manual/en/book.pdo.php
– Ivan Ferrer
Thanks for the manuals! =]
– Didio
asordi ----------------------------- =)
– Ivan Ferrer