Problems with PHP session - Continue a session

Asked

Viewed 1,376 times

2

I’m setting up a client’s website and I need to log in. The user can log in normally and without error, but sending it to the main page when he is logged in is like he has not logged in. Here is my code:

login.php

<form class="form-horizontal" action="conf/logar.php" method="POST">
    <fieldset>
        <!-- Text input-->
        <div class="form-group">
            <label class="col-md-4 control-label" for="user">Usuario</label>
            <div class="col-md-2">
                <input id="user" name="user" placeholder="login" class="form-control input-md" required="" type="text">
            </div>
        </div>
        <!-- Password input-->
        <div class="form-group">
            <label class="col-md-4 control-label" for="senha">Senha</label>
            <div class="col-md-2">
                <input id="senha" name="senha" placeholder="senha" class="form-control input-md" required="" type="password">
            </div>
        </div>
        <!-- Button -->
        <div class="form-group">
            <label class="col-md-4 control-label" for="log">Login</label>
            <div class="col-md-4">
                <button id="log" name="log" class="btn btn-success">Login</button>
            </div>
        </div>
    </fieldset>
</form>

log in.php

include("conexao.php");

$user = $_POST["user"];
$senha = $_POST["senha"];

$userBusca = mysql_query("SELECT * FROM usuario WHERE usuario_login = '".$user.
    "' AND usuario_senha = '".$senha.
    "' ") or die(mysql_error("Erro ao fazer login"));

if (mysql_num_rows($userBusca) == 1) {
    session_start(); //Inicia a sessão
    $_SESSION["usuario_nome"] = $_POS["user"];
    $_SESSION["usuario_senha"] = $_POST["senha"];
    header("Location:../index_logado.php");

} else {
    "<script>
    alert('Usuário não encontrado! Informe os dados corretamente');
    window.location.href = '../login.php'; < /script>";
}

I created a page that controls whether the user is logged in or not.

restricted.php

@session_start();

if(isset($_SESSION["usuario_nome"])){

}else{
    header("Location:login.php");
}

But by including 'restrict.php' in the 'index_logated.php' it is as if the user has not logged in and I cannot rescue the session data. Thanks for your help. Vlws!

  • You applied session_start(); in all documents?

  • I want to warn you that passing data directly into the query is giving input to sql Injection. Also, mysql_query is being discontinued, I suggest you use PDO or mysqi.

  • The method type session $_SESSION can only be rescued on another page when set in the file header session_start(), never on the same page where you set up the session. Maybe that’s your problem.

  • No, I put >session_start(); only at the time it will log in and then when it checks inside the >restricted.php. I believe that by giving a include he takes the Session. And for the rest I am aware of that. I will use ways to avoid sql Injection, but what good is it if I have this problem? I could not connect with mysqli and I do not know how to use or what is PDO. But thank you for the comment.

  • mysqli: http://php.net/manual/en/book.mysqli.php and PDO: http://php.net/manual/en/book.pdo.php

  • Thanks for the manuals! =]

  • asordi ----------------------------- =)

Show 2 more comments

2 answers

1

Man, I have high hopes of finding your problem:

You added the username in the session like this: $_SESSION["user name"] = $_POS["user"];

We’re missing a T; So $_SESSION["user_name"] returns NULL;

0

There’s an arroba before the session_start(), I’m going to go out on a limb and say that she’s there because she generated warnings or some other unwanted output. If this was the case, the unwanted output was not random, it indicates a situation that deserves attention.

If the session_start() indicates that the headers have already been sent, obviously there will be problems in the execution of PHP and the arroba will only prevent the alert for possible problems to be displayed, but they will occur alerts or not.

session_start() should be called before any server output to the browser, if you have any questions, best put at the beginning of code execution.

As a first step I recommend to take the arroba and see what appears. If normal, take the redirect from the page that authenticates (logar.php) and see if there’s a way out. From what I’ve seen, there can’t be a way out. Remember that the browser must have cookies enabled or else the url must contain something similar to PHPSESSION=xxxxxxxx.

Warnings, alerts and errors are not bad, usually bad is to ignore them. This only refers to the arroba, with it you do not know if there is any problem.

  • Hi man. That wasn’t it, I already got it sorted. It was just a "T" after the $_POST that was missing, but still thanks for the comment.

  • then mark the @Renan response as solved.

  • 1

    @Danielomine was probably not marked as resolved because this solution comment was made some 20 days before Renan’s reply.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.