Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    May 2011
    Posts
    1
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Session and Post Page Problem

    Hi,

    I have 3 php files for my login page. The first one is the syc.php file that includes all the classes and functions. It's like the hearth of the application.

    The second one is the login.php file, that has a simple login form in html and posts datas to page.php file. It doesn't have any php codes at all.

    The last one is the page.php file, that checks the datas that comes from login.php file. It's checking the datas that comes from login.php and if they pairs, showing the content. If not, showing an error message.

    I want to keep this page.php file secured, and this file shouldn't be reached from outside.

    My files;

    https://gist.github.com/984608 => syc.php
    https://gist.github.com/984614 => login.php
    https://gist.github.com/984619 => page.php

    sys.php is fully coded by PDO.

    1) My first question. Is there any logical mistake in this login application and form.

    2) If the user directly goes to page.php, they can't see the page but they got an error message that says ;

    "Undefined index: ogrencino in C:\wamp\www\yardimuzem\canli.php on line 6"
    "Undefined index: psswduzem in C:\wamp\www\yardimuzem\canli.php on line 7"

    Because, $_POST['ogrencino'] and $_POST['psswduzem'] variables didn't posted from login.php before.

    I want to escape from this error. Users shouldn't see this error. It looks like that file has a vulnerablity

    3) I couldn't fixed my session control. The session starts in syc.php file but it doesn't work in page.php file and redirects login.php file again (

    4) Is this a mistake, that having 2 file for login as I do? I want to keep all of them in one file, is this possible? I don't want two file as login.php and page.php. Can I do this in just one php file, and how?

    Regards.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Just get sessions working. You must include session_start(); at the top of every page where you reference the $_SESSION global variable. Your page.php doesn't have that.

    Also you have some plain old HTML coding inside your <?php ?> tags which is not going to work-- you have to echo that stuff or put it outside <?php ?> tags.

  • Users who have thanked Fumigator for this post:

    msdundar (05-22-2011)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •