web gate

pacman

I'm writing a web gate using php code with 2 files: index.php and dbase.php
If u type directly dbase.php u need to be redirected to index.php( if no already authenticated )

***index.php**
<?php
error_reporting(0);
$title="- LOGIN GATE";
include_once('header.inc');
if (! $submit) {
session_unset();
?>
<table width="100%" border="0" align="center" height="70%">
<tr>
<td align="center" valign="middle">
<form name="main" method="post" action=<?php echo "\"$PHP_SELF\""?>>
......
.......html code here
.......
</table>
<?php
}else{
session_start();
session_register("userid");
$HTTP_SESSION_VARS["userid"]=$userid;
session_register("pass");
$HTTP_SESSION_VARS["pass"]=$pass;
header("Location: dbase.php");
exit;
}
include_once('footer.inc');
?>
end of index.php***

***dbase.php
<?php
if( strcmp($HTTP_SESSION_VARS['pass'],"opengate")==0){
echo $HTTP_SESSION_VARS['userid'];
}else{
session_unregister("userid");
session_unregister("pass");
header("Location: index.php");
}
?>
****end dbase.php***

Please help me to find the error.

kennethl

What's the problem you're having?

pacman

Hi, please i need a little help in finding a error🙁
I've got two php files.
1) login.php
2) dbase.php
When u press the submit button on login.php and the pass is true then u must be redirected to dbase.php.
If you will try to access the dbase.php file without be authenticated well on login.php then u must be redirected to login.php.
=====login.php=======
<?php
error_reporting(0);
session_start();
if( $submit ){
session_register("user_id", "user_pass");
$HTTP_SESSION_VARS["user_id"] = $user_id;
$HTTP_SESSION_VARS["user_pass"] = $user_pass;
header("Location: dbase.php");
}else{
?>

...
...
...
<form name="login_form" method="post" action=<?php echo "\"$PHP_SELF\""?>>
...
...
...
<input type="text" name="txtUserName" maxlength="9" size="15">
<input type="hidden" name="user_id" value=<? echo "\"$txtUserName\"" ?>>
<input type="password" name="txtPassword" maxlength="15" size="15">
<input type="hidden" name="user_pass" value=<? echo "\"$txtPassword\"" ?>>
</form>
...
...
...

======end login.php=========
====dbase.php=========
<?php
session_start();
if( strcmp($HTTP_SESSION_VARS['user_pass'],"thepasshere")==0){
echo $HTTP_SESSION_VARS['user_id'];
}else{
session_unregister("user_id");
session_unregister("user_pass");
header("Location: index.php");
}
?>

THANKS
Mail: liviu.voicu@huji.ac.il

Anon

your sort of doing this in the wrong direction... you generally wouldn't store the passwords in the session, rather only register the variables if their password was right. then after you start the sessions on other pages, see if those variables are set (unset before you start session to avoid security risk) and then you'll know if they are logged in.

also, don't redirect if they aren't logged in, rather include_once(login.php) or something like that.

Anon

I found ... errors

The first:

Should be:

NEVER FORGET THE ";" after a line

The second:

Should be:

The third:

That's all I found.

Hub. Lem.

pacman

yes, but the $HTTP_SESSION_VARS['user_id'] stuff is not known on other files...and i know that the trakvars is on in php.ini
??? what can be?

Anon

Did you start the session in the other pages?

session_start(sess id);

Hub. Lem.