View Full Version : Session and Post Page Problem

05-21-2011, 10:27 PM

I have 3 php files for my login page. The first one is the syc.php file that includes all the classes and functions. It's like the hearth of the application.

The second one is the login.php file, that has a simple login form in html and posts datas to page.php file. It doesn't have any php codes at all.

The last one is the page.php file, that checks the datas that comes from login.php file. It's checking the datas that comes from login.php and if they pairs, showing the content. If not, showing an error message.

I want to keep this page.php file secured, and this file shouldn't be reached from outside.

My files;

https://gist.github.com/984608 => syc.php
https://gist.github.com/984614 => login.php
https://gist.github.com/984619 => page.php

sys.php is fully coded by PDO.

1) My first question. Is there any logical mistake in this login application and form.

2) If the user directly goes to page.php, they can't see the page but they got an error message that says ;

"Undefined index: ogrencino in C:\wamp\www\yardimuzem\canli.php on line 6"
"Undefined index: psswduzem in C:\wamp\www\yardimuzem\canli.php on line 7"

Because, $_POST['ogrencino'] and $_POST['psswduzem'] variables didn't posted from login.php before.

I want to escape from this error. Users shouldn't see this error. It looks like that file has a vulnerablity :(

3) I couldn't fixed my session control. The session starts in syc.php file but it doesn't work in page.php file and redirects login.php file again :((

4) Is this a mistake, that having 2 file for login as I do? I want to keep all of them in one file, is this possible? I don't want two file as login.php and page.php. Can I do this in just one php file, and how?


05-22-2011, 04:29 AM
Just get sessions working. You must include session_start(); at the top of every page where you reference the $_SESSION global variable. Your page.php doesn't have that.

Also you have some plain old HTML coding inside your <?php ?> tags which is not going to work-- you have to echo that stuff or put it outside <?php ?> tags.