Hi

Im using this simple login script I found and cant get it to work on my server..I asked my host if sessions were enabled on the server and they said it was (just in ca se) Ive tested on another server (my site) and it worked fine..

Anyone have any insight? Do I need to change a setting somewhere?

Im using the follwoing...

index.php

<?php
require ("config.php");
session_start();
if ((!$username) || (!$password)) {
echo '<form name=login method=post action="">
user:<input type=text name=username><br>
pass:<input type=text name=password><br>
<input type=submit value=go>
</form>';
}
else {
if ($username=="$uname")  {
session_register("username"); 
session_register("password"); 
echo "user is $uname, and password is $pword
<br> <a href=\"?m=1\" >unreg</a>";
}
else echo "nope";
}
if ($m==1) {
session_unregister("username"); 
session_unregister("password"); 
}
?>

config.php

<?php
# Admin Panel User Name
$uname = "admin";
# Admin Panel Password
$pword = "test";
?>

    Your not defining $username and $password.

    $username = $_POST['username'];
$password = $_POST['password'];

      thanks thorpe,

      but where exactly in thecode do I put that line of code to work?
      thanks

        The code you have is really quite old and should be rewritten.

        <?php

  require ("config.php");
  session_start();
  if ((!isset($_POST['username']) || (!isset($_POST['password'])) {
    echo '<form name="login" method="post">
      user:<input type="text" name="username"><br>
      pass:<input type="text" name="password"><br>
      <input type="submit" value="go">
      </form>';
  } else {
    if (($_POST['username'] == $uname) && ($_POST['password'] == $upass)) {
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['userpass'] = $_POST['userpass'];
      echo "user is $uname, and password is $pword<br> <a href=\"?m=1\" >unreg</a>";
    } else {
      echo "nope";
    }
  }
  if (isset($_GET['m'])) {
    $_SESSION = array();
  }

?>

          thanks,

          know any better login scripts (up-2-date) ones?

          Im new to php but im doiong this simple script to hide some impt info only my client can access. But he already has a SSL cert on his site. Should I worry about hackers, hijacking sessions (if thats the right term)

          thanks

            I get a blank page when using this code you rewrote here... Any ideas??

            <?php 

  require ("config.php"); 
  session_start(); 
  if ((!isset($_POST['username']) || (!isset($_POST['password'])) { 
    echo '<form name="login" method="post"> 
      user:<input type="text" name="username"><br> 
      pass:<input type="text" name="password"><br> 
      <input type="submit" value="go"> 
      </form>'; 
  } else { 
    if (($_POST['username'] == $uname) && ($_POST['password'] == $upass)) { 
      $_SESSION['username'] = $_POST['username']; 
      $_SESSION['userpass'] = $_POST['userpass']; 
      echo "user is $uname, and password is $pword<br> <a href=\"?m=1\" >unreg</a>"; 
    } else { 
      echo "nope"; 
    } 
  } 
  if (isset($_GET['m'])) { 
    $_SESSION = array(); 
  } 

?>
              4zen wrote:

              thanks,

              know any better login scripts (up-2-date) ones?

              Im new to php but im doiong this simple script to hide some impt info only my client can access. But he already has a SSL cert on his site. Should I worry about hackers, hijacking sessions (if thats the right term)

              thanks

              Uuuh. I can make one now.

              LOGIN.PHP

               <?
include("config.php");
session_start(); // Begin session
$errorMessage = ''; 
if (isset($_POST['user']) && isset($_POST['pass'])) { 
    // verify if user/pass combo is correct
    if ($_POST['user] === $username && $_POST['pass'] === $password) { 
        // success! Set session
        $_SESSION['is_logged_in'] = true; 

    // User is authenticated, bring them to the secure page.
    header('Location: '.$page.''); 
    exit; 
} else { 
    $errorMessage = '<b><font face="verdana" size="2" color="red">Error:</b> Incorrect username and password combination!</font>'; 
} 
} 
?> 
<html> 
<head> 
<title>Basic Login</title> 
</head> 

<body> 
<?
if ($errorMessage != '') { 
?> 
<p align="center"><b><font face="verdana" size="2" color="red"><? echo $errorMessage; ?></font></b></p> 
<?
} 
?> 
<form action="" method="post" name="login" id="login"> 
 <table width="400" border="0" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150"><font face="verdana" size="2">Username:</font></td> 
   <td><input name="user" type="text" id="user"></td> 
  </tr> 
  <tr> 
   <td width="150"><font face="verdana" size="2">Password:</font></td> 
   <td><input name="pass" type="password" id="pass"></td> 
  </tr> 
  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="login" type="submit" id="login" value="OK"></td> 
  </tr> 
 </table> 
</form> 
</body> 
</html>

              CONFIG.PHP

              <?
$username = "admin"; // The admin username
$password = "johndoe"; // The admin password
$page = "secret.php"; // The admin page
?>

              SECRET.PHP

               <? 
session_start(); // Begin session

// Verify user is logged in!
if (!isset($_SESSION['is_logged_in']) || $_SESSION['is_logged_in'] !== true) { 
    // Move to login.php because the user is not authenticated.
    header('Location: login.php'); 
    exit; 
} 

?> 
<html> 
<head> 
<title>Admin Page</title> 
</head> 

<body> 
<p><font face="verdana" size="2"><b>Congratulations! You are the administrator.</p>
<p><a href="logout.php">Logout</a></font></p> 
</body> 
</html>

              LOGOUT.PHP

               <?
session_start(); // Begin session

// Unset session if user is logged in.
if (isset($_SESSION['is_logged_in'])) { 
    unset($_SESSION['is_logged_in']); 
} 

// Access login.php, user is logged out
header('Location: login.php'); 
?>

              Of course, these scripts are small enough that you could compile them all to one file and call the files via a variable like "$action," e.g. "$action = 'logout'" or "$action='adminpage'". In fact, I'll demonstrate a script like that by rewriting the above:

              SCRIPT.PHP

              <?
// ##### Config #########
$username = "admin"; // Admin username
$password = "johndoe"; // Admin password
// ## End Config #########
if($action == "login") {
?>
<?
session_start(); // Begin session
$errorMessage = ''; 
if (isset($_POST['user']) && isset($_POST['pass'])) { 
    // verify if user/pass combo is correct
    if ($_POST['user] === $username && $_POST['pass'] === $password) { 
        // success! Set session
        $_SESSION['is_logged_in'] = true; 

    // User is authenticated, bring them to the secure page.
    header('Location: script.php?action=secret'); 
    exit; 
} else { 
    $errorMessage = '<b><font face="verdana" size="2" color="red">Error:</b> Incorrect username and password combination!</font>'; 
} 
} 
?> 
<html> 
<head> 
<title>Basic Login</title> 
</head> 

<body> 
<?
if ($errorMessage != '') { 
?> 
<p align="center"><b><font face="verdana" size="2" color="red"><? echo $errorMessage; ?></font></b></p> 
<?
} 
?> 
<form action="script.php" method="post" name="login" id="login"> 
<input type="hidden" name="action" value="secret">
 <table width="400" border="0" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150"><font face="verdana" size="2">Username:</font></td> 
   <td><input name="user" type="text" id="user"></td> 
  </tr> 
  <tr> 
   <td width="150"><font face="verdana" size="2">Password:</font></td> 
   <td><input name="pass" type="password" id="pass"></td> 
  </tr> 
  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="login" type="submit" id="login" value="OK"></td> 
  </tr> 
 </table> 
</form> 
</body> 
</html> 
<? }
if($action == "secret") {
?>
<? 
session_start(); // Begin session

// Verify user is logged in!
if (!isset($_SESSION['is_logged_in']) || $_SESSION['_logged_in'] !== true) { 
    // Move to login.php because the user is not authenticated.
    header('Location: script.php?action=login'); 
    exit; 
} 

?> 
<html> 
<head> 
<title>Admin Page</title> 
</head> 

<body> 
<p><font face="verdana" size="2"><b>Congratulations! You are the administrator.</p>
<p><a href="script.php?action=logout">Logout</a></font></p> 
</body> 
</html> 
<? }
if($action == "logout") {
?>
<?
session_start(); // Begin session

// Unset session if user is logged in.
if (isset($_SESSION['is_logged_in'])) { 
    unset($_SESSION['is_logged_in']); 
} 

// Access login.php, user is logged out
header('Location: script.php?action=login"); 
?>
<? } else { echo "<font face='verdana' size='2' color='red'><b>Error:</b> No action defined.</font>"; } ?>

              I'm too lazy to test it though, so I don't know if it's error-free, especially the version that is all contained in script.php.

                10 days later

                I'll just test it now.

                EDIT: Sorry, failure. Too many parse errors I can't find...

                Sorry.

                  Write a Reply...