stackoom
  简体   繁体   中英

Login form is not working after adding SSL certificate

 原文  2013-12-26 15:21:56       php/ ssl/ login

Question

I have a login form: 

<form method="post" action="verify.php" name="loginform">
<table border="0" bgcolor="orange" align="center">
<tr><td colspan="3"><h1><b>Please Enter Username and Password</b></h1></td></tr>
<tr>
<td><label>User Name</label>
</td>
<td>:
</td>
<td><input type="text" name="user"/>
</td>
</tr>
<tr><br/>
<td><label>Password</label>
</td>
<td>:
</td>
<td><input type="password" name="pwd"/>
</td>
</tr>
<tr><td colspan="3" align="center"><input type="submit" class="submit-green" value="Login"/></td>
</tr>
</table></form>

and i have verify.php as 

<?php
session_start();
include "dbconfig.php";
$user=$_POST['user'];
$pwd=sha1($_POST['pwd']);

$sql='select * from admin where username="'.$user.'" AND password="'.$pwd.'"';
$res=mysql_query($sql) or die('Login query error:'.  mysql_error());
if(mysql_num_rows($res)==1)
{
header("Location:index");
}
else
{
header("Location:login.php");
}
$row = mysql_fetch_array($res);
$_SESSION['admin']=$row['id'];
?>

is there any error here? I can't find any error. It was working fine till I use SSL certificate in my website. Now it is not working. I did a print_r request to know the values getting through post method. But only password is getting and also it is a wrong SHA1 value. Why this happening?

1 answers

solution1
 0  2013-12-26 15:31:57

You are losing your session when switching from HTTP to HTTPS because the HTTPS session cookies have the Secure flag set on them, so that they can only be accessed via HTTPS. That means you can't transfer your old HTTP session cookie when you switch to HTTPS. You can try passing the HTTP session over to HTTPS.

Here's an example taken from another answer :

HTTP code: 

$currentSessionID = session_id();
header('https://yoursite.com/login.php?session='.$currentSessionID);

HTTPS code: 

// Retrieve the session ID as passed via the GET method.
$currentSessionID = $_GET['session'];

// Set a cookie for the session ID.
session_id($currentSessionID);

Obviously, you will want to make this more secure. This is only a simple example to convey the general idea.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Issues in site after adding SSL certificate Wordpress website not working properly after installing SSL certificate ssl certificate for laravel app not working html form stopped working after adding javascript cURL error 60: SSL certificate problem: unable to get local issuer certificate after adding certificate file xxx.pem path in php.ini file ssl certificate causes one file not working A simple login system with PHP. Does it really need an SSL certificate? Login form with session not working Login Form Not Working? Form with login and password not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM