I'm working on an admin page for my site, but I found a problem. My code worked perfectly with Wamp (and still working in Chrome, but not for other people, or in other browsers). So, the problem is that my site don't save the session variable after header redirecting. (Another thing I can't figure out is, that if I put the die or exit after the header the page just go blank, and you must refresh manually. Still it's only on the webserver.)
<?php
session_start();
$log = $_GET['logout'];
$error = false;
//logout
if($log==true){
unset($_SESSION['user']);
header('Location: '.$_SERVER['PHP_SELF']);
//die;
}
//login
if (isset($_POST['submit']) && !isset($_SESSION['user']) ){
$file="login.xml";
$xml=simplexml_load_file($file) or die ("Unable to load XMl file!");
$nope=true;
$givenuser = $_POST['username'];
$givenpass = md5($_POST['password']);
foreach($xml->user as $user){
$username = $user->username;
$password = $user->password;
if ($givenuser == $username && $givenpass == $password){
$_SESSION['user'] = $givenuser;
$nope =false;
header('Location: '. $_SERVER['PHP_SELF']);
//die();
}
}
if($nope) $error = true;
}
//succesful login
if (isset($_SESSION['user'])){
?>
<html>
<header><link rel="stylesheet" href="style.css" type="text/css" /></header>
<body>
<h1>
<?php echo "Welcome ".$_SESSION['user']; ?>
</h1>
<div>
<a href="?">New page</a>
<a href="?logout=true">Logout</a>
</div>
<div id="menus">
Pages:</br>
<?php
$file="../pages.xml";
$xml=simplexml_load_file($file) or die ("Unable to load XMl file!");
$index = 0;
foreach($xml->xpath('//oldalneve') as $pagename){
echo '<a href="?id='.$index.'">'.$pagename.'</a></br>';
$index=$index+1;
}
?>
</div>
<?php
if(!is_numeric($_GET['id'])){
$id=-1;
}else{
$id=(int)$_GET['id'];
}
if($id!=-1){
$id=(int)$_GET['id'];
if(isset($_POST['name']) && isset($_POST['body'])){
if($_REQUEST['name'] !="" && $_REQUEST['body']!=""){
$file="../pages.xml";
$xml= simplexml_load_file($file) or die ("Unable to load XML file!");
$name = $_POST['name'];
$body = $_POST['body'];
$xml->page[$id]->oldalneve = $name;
$xml->page[$id]->body = $body;
$xml->asXML('../pages.xml');
header('Location: '.$_SERVER['PHP_SELF'].'?id='.$id);
//die;
}
}
$file="../pages.xml";
$xml= simplexml_load_file($file);
$nam=$xml->page[$id]->oldalneve;
$val=$xml->page[$id]->body;
?>
<div style="float:left;">
<form name="input" method="post" action="" >
<label>Name</label></br>
<input type="text" name="name" style="width:250px" value="<?php echo $nam;?>"></br>
<label>Body</label></br>
<textarea cols="28" rows="10" name="body"><?php echo $val;?></textarea></br>
<input type="submit" name="submit" value="Küldés">
</form>
</div>
</body>
</html>
<?php
}else{
?>
<div style="float:left;">
<form name="input" method="post" action="" >
<fieldset><legend>Add page</legend>
<label>Name</label></br>
<input type="text" name="name" style="width:250px"></br>
<label>Body</label></br>
<textarea cols="28" rows="10"v name="body"></textarea></br>
<input type="submit" name="submit" value="Küldés">
</fieldset>
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
if($_REQUEST['name'] !="" && $_REQUEST['body']!=""){
$file="../pages.xml";
$xml= simplexml_load_file($file) or die ("Unable to load XML file!");
$page=$xml->addChild('page');
$name = $_POST['name'];
$body = $_POST['body'];
$page->addChild('oldalneve', $name);
$page->addChild('body', $body);
$xml->asXML('../pages.xml');
header('Location: '.$_SERVER['PHP_SELF']);
//die;
}
}
}
}else
{
showLogin($error);
}
function showLogin($error){?>
<form action="" method='post'>
<label for="username">username</label>
<input type="text" name="username" id="username"></br>
<label for="password">password</label>
<input type="password" name="password" id="password"></br>
<?php
if($error){
echo "Invalid username or password".'</br>';
}
?>
<input type="submit" name="submit" value="submit">
</form>
<?php }
?>
The user can login and see the interface, but using one of the links will redirect him to the login screen (Session user is not saved).
Here is the phpinfo():
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
I think Chafik is partly right.
if($_GET['logout'] == true)
is a bad way to do this (a lot of thing would make that statement true). But he's incorrect in that ===
would solve it. Even if you set ?logout=true
, $_GET['logout']
would contain the string true
, not a boolean value so your ===
would wind up false
( "true"
!== true
). I would use
if(isset($_GET['logout']))
One of the Reason could be
to include session_start(); on the top of every page to get the values of variable SET in the SESSION through $_SESSION['example'], otherwise You will not be able to the session Variable values ,
2.A different Approach is to use session_start(); inside config.php file and include that file on the top of the code of every page where sessions are required otherwise U will not be able to get the value of SESSION variable..!!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.