Session missing after redirect (for forward server only)
I have created a login page for login. The code works correctly on localhost , but not on the live server . The user cannot login to the real server and I found out that every time redirecting to index.php, the session will be lost, so the user will not be able to login due to the loss of the session. Do you have any ideas on this?
<?php
session_start();
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
echo "<script>window.location = \"index.php\";</script>";
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
Index.php
<? session_start();?>
<script>alert ('<?php echo $_SESSION['username']; ?>');</script>
End your session at index.php page.just start and echo user sessions. if you get then try if condition.
<?php session_start();
echo $_SESSION["username"];
if($_SESSION["username"]){
echo "bla bla";
}?>
<?php
session_start();
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username1 = $_POST['username']; // change it
$password1 = $_POST['password']; // change it
$username = stripslashes($username1); // change it
$password = stripslashes($password1); // change it
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
echo "<script>window.location = \"index.php\";</script>";
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
You write the username and password with the same name before rinsing the username and password the same way you do after, so change the name and try once
In the below code
<?php session_start(); // your header.php file should not have a session start in that file
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
?><script>alert ('<?php echo $_SESSION['username']; ?>');</script><?
echo "<script>window.location = \"index.php\";</script>";
exit();
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
You need to use the function session_start()
on the first line of the page after running the PHP script