Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: Session and Post Page Problem
05-21-2011, 09:27 PM #1
- Join Date
- May 2011
- Thanked 0 Times in 0 Posts
Session and Post Page Problem
I have 3 php files for my login page. The first one is the syc.php file that includes all the classes and functions. It's like the hearth of the application.
The second one is the login.php file, that has a simple login form in html and posts datas to page.php file. It doesn't have any php codes at all.
The last one is the page.php file, that checks the datas that comes from login.php file. It's checking the datas that comes from login.php and if they pairs, showing the content. If not, showing an error message.
I want to keep this page.php file secured, and this file shouldn't be reached from outside.
https://gist.github.com/984608 => syc.php
https://gist.github.com/984614 => login.php
https://gist.github.com/984619 => page.php
sys.php is fully coded by PDO.
1) My first question. Is there any logical mistake in this login application and form.
2) If the user directly goes to page.php, they can't see the page but they got an error message that says ;
"Undefined index: ogrencino in C:\wamp\www\yardimuzem\canli.php on line 6"
"Undefined index: psswduzem in C:\wamp\www\yardimuzem\canli.php on line 7"
Because, $_POST['ogrencino'] and $_POST['psswduzem'] variables didn't posted from login.php before.
I want to escape from this error. Users shouldn't see this error. It looks like that file has a vulnerablity
3) I couldn't fixed my session control. The session starts in syc.php file but it doesn't work in page.php file and redirects login.php file again (
4) Is this a mistake, that having 2 file for login as I do? I want to keep all of them in one file, is this possible? I don't want two file as login.php and page.php. Can I do this in just one php file, and how?
05-22-2011, 03:29 AM #2
- Join Date
- Dec 2005
- Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
- Thanked 637 Times in 625 Posts
Just get sessions working. You must include
session_start();at the top of every page where you reference the $_SESSION global variable. Your page.php doesn't have that.
Also you have some plain old HTML coding inside your <?php ?> tags which is not going to work-- you have to echo that stuff or put it outside <?php ?> tags.
Users who have thanked Fumigator for this post: