Session missing after redirect (for forward server only)
I have created a login page for login. The code works correctly on localhost , but not on the live server . The user cannot login to the real server and I found out that every time redirecting to index.php, the session will be lost, so the user will not be able to login due to the loss of the session. Do you have any ideas on this?
<?php
session_start();
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
echo "<script>window.location = \"index.php\";</script>";
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
Index.php
<? session_start();?>
<script>alert ('<?php echo $_SESSION['username']; ?>');</script>
+3
source to share
3 answers
<?php
session_start();
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username1 = $_POST['username']; // change it
$password1 = $_POST['password']; // change it
$username = stripslashes($username1); // change it
$password = stripslashes($password1); // change it
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
echo "<script>window.location = \"index.php\";</script>";
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
You write the username and password with the same name before rinsing the username and password the same way you do after, so change the name and try once
-1
source to share
In the below code
<?php session_start(); // your header.php file should not have a session start in that file
include "header.php";
if (!empty($_POST)){
include 'database_connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM users where username='$username' and password='$password'";
$result = mysql_query($sql, $con);
$rows = mysql_num_rows($result);
if ($rows == 1){
$_SESSION['username'] = $username;
?><script>alert ('<?php echo $_SESSION['username']; ?>');</script><?
echo "<script>window.location = \"index.php\";</script>";
exit();
//header("Location: index.php?" . SID);
}else{
echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
}
mysql_close($con);
}
?>
You need to use the function session_start()
on the first line of the page after running the PHP script
-2
source to share