User login doesn't redirect to index.php

Question

I try to make a php user login with sessions. I have 3 files. main_login.php, checklogin.php and index.php. After the username and the password are registered it should direct me to the index.php file, but it doesn't do so.

main_login.php code:

<html>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

</body>
</html>

checklogin.php code:

    <?php
session_start()
include('connection.php');
if(!$conn)
{
  die('Could not connect: ' . mysql_error());
}
$tbl_name="user"; // Table name 


// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = "$myusername";
$_SESSION['mypassword'] = "$mypassword";
print_r($_SESSION);
if ($_SESSION['myusername']) {
header("location:login_success.php");
}
}
else {
echo "Wrong Username or Password";
}
?>

login_success.php code:

<?php
session_start();
include('connection.php');
if(!session_is_registered(myusername)){
header("location:main_login.php");
}

?>

<html>
<body>
Login Successful
</body>
</html>

I don't get any error messages. It connects fine to the database. I am not sure what the problem is. I think either the sessions are wrong registered or it has something to do with the header.

Help would be very much appreciated.

You're using many deprecated functions. Add error reporting to the top of your file(s) right after your opening PHP tag for example ` — Funk Forty Niner, Mar 30 '15 at 16:35
Also: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords — jeroen, Mar 30 '15 at 16:38
You also need `session_start();` at the top of checklogin.php. You cannot register to a session if the session is not started. — Jay Blanchard, Mar 30 '15 at 16:38
@JayBlanchard Ironically, not. That is, if `session_register` still exists in the OP's php version... — jeroen, Mar 30 '15 at 16:40
Aw heck @jeroen! Good call! I had forgotten that had all but disappeared. — Jay Blanchard, Mar 30 '15 at 16:43
@userSC You should try to find a bit more up-to-date tutorial because everything from the html to the php and mysql is wrong and / or outdated. — jeroen, Mar 30 '15 at 16:49
@jeroen Hm... now that you mention it; un caffè macchiato would be perfect and for anytime of day ;-) — Funk Forty Niner, Mar 30 '15 at 17:30

score -1 · Answer 1 · answered Mar 30 '15 at 16:40

There are couple of things that could have done wrong.

First, are you getting any errors at all? Do you have display errors on in php.ini file? Do you also know how to look at log files from the command line if that's not an option? You can look at the apache logs to look out for php session errors, you should see something on the screen. The apache log file is usually located at /var/log/https/access_log or error_log. If you look at your VirtualHost, you'll see a CustomLog where it specifies where the log file is located.

Secondly, don't use session_register, this is old. If you need to register a session use

$_SESSION['new_session'] = "value";

You can access that session with $_SESSION['new_session'];

If you need to check if anything is registered in sessions at all do a

print_r($_SESSION);

Don't use session_is_registered. If you need to check if session_is_registered(myusername) is registerd use

if ($_SESSION['myusername']) {

}

You also have header("location berried in further down in the code, you have to make sure you use that function before any output to the webpage, it should have thrown an error. Try to get the error first.

Please don't use answers to clarify, by asking questions, what the OP has posted. — Jay Blanchard, Mar 30 '15 at 16:44
Hi have edited my code as suggested, but still don't get anything. It neither prints the session or does redirect me to login_success.php. — userSC, Mar 30 '15 at 17:51

User login doesn't redirect to index.php

1 Answers1