I have a Login script (it’s a basic demonstration exercise of PHP for the web class i’m in) that is insecure, but intentionally so. Advice regarding exploits will go unnoticed, as this is for testing purposes only.
I have stumped the teacher. The code I have written has been bugfixed a number of times, yet my code still does not run correctly. I double-checked the functions I was using with the version of PHP on my webhost (I’m running 5.4) to make sure things were correctly written.
We can’t figure out what’s wrong. Maybe someone else can?
Here’s the three files:
login.php
<html> <body> <form action="process.php" method="post"> Username: <input type="text" name="name"><br> Password: <input type="text" name="pass"><br> <input type="submit"> <?php if (isset($_SESSION ["errorwelcome"])){ echo ($_SESSION ["errorwelcome"]); unset($_SESSION ["errorwelcome"]); } if (isset($_SESSION ["errorunpass"])){ echo ($_SESSION ["errorunpass"]); unset($_SESSION ["errorunpass"]); } ?> </form> </body> </html>
process.php
<?php if ($_POST ["name"] == "shmailey"){ if ($_POST ["pass"] == "password"){ $_SESSION["login"] = 1; header('Location: welcome.php'); exit; } } if ($_POST ["name"] != "shmailey"){ $_SESSION ["errorunpass"] = "Uh oh, we didn't recognize those credentials. Incorrect Username and/or Password."; header('Location: login.php'); exit; } ?>
welcome.php
<?php if (isset($_SESSION ["login"])){ unset ($_SESSION["login"]); } else{ $_SESSION["errorwelcome"] = "You need to login first."; unset ($_SESSION["login"]); header('Location: login.php'); exit; } ?> <html> <body> <?php echo "Login Success"; echo "Username: shmailey"; echo "Password: password"; ?> </body> </html>
Advertisement
Answer
You don’t start your sessions. You must start sessions using session_start();
before using any session variables. Try the following code:
Login.php:
<html> <body> <form action="process.php" method="post"> Username: <input type="text" name="name"><br> Password: <input type="text" name="pass"><br> <input type="submit"> <?php if (isset($_SESSION ["errorwelcome"])) { echo $_SESSION ["errorwelcome"]; unset($_SESSION ["errorwelcome"]); } if (isset($_SESSION ["errorunpass"])) { echo $_SESSION ["errorunpass"]; unset($_SESSION ["errorunpass"]); } ?> </form> </body> </html>
process.php:
session_start(); if ($_POST["name"] == "shmailey" && $_POST["pass"] == "password"){ $_SESSION["login"] = 1; header('Location: welcome.php'); die(); } else { $_SESSION["errorunpass"] = "Uh oh, we didn't recognize those credentials. Incorrect Username and/or Password."; header('Location: login.php'); die(); }
welcome.php:
<?php session_start(); if (isset($_SESSION ["login"])){ unset ($_SESSION["login"]); } else { $_SESSION["errorwelcome"] = "You need to login first."; unset ($_SESSION["login"]); header('Location: login.php'); die(); } ?> <html> <body> <?php echo "Login Success"; echo "Username: shmailey"; echo "Password: password"; ?> </body> </html>
From the little testing I did, it seems to work when including the session starts.
EDIT– Patrick M noticed this in the comments of the question, I did not see that until after I posted the answer.