PDA

View Full Version : PHP login script. security.php


flytkjær
11-30-2010, 01:48 PM
Hi

When i follow the video tutorial part 3, and move the if statement to security.php i can't log in from the login page or i'm send back to the login page!

Code exsample from tutorial 3
<?php
require_once("../config/config.php"); // database connection
require_once("../config/opendb.php"); // database connection
include("../includes/security.php");
session_start();
$id = $_SESSION['id'];


If i change it to this code it works!
<?php
require_once("../config/config.php"); // database connection
require_once("../config/opendb.php"); // database connection
session_start();
include("../includes/security.php");
$id = $_SESSION['id'];


Does this change have any security issues? If not why do i have to move this line?

Best regards
Søren

davidj
11-30-2010, 04:39 PM
you will see in security.php that its using sessions so you have to call session_start() before that script

flytkjær
11-30-2010, 07:55 PM
Hi Davidj

Thanks for your quick reply to my question. I appriciate it a lot!!

If you have a look at tutorial 3. then you might observe that the author
cut and paste some text from the welcome.php file to the security.php file. Thereafter he insert the include statement above the session_start().

welcome.php before:

<?php
require_once("../connections/connection.php"); // database connection
session_start();
if (! isset($_SESSION['id'])){
header("location:index.php");
exit;
}
$id = $_SESSION['id'];


security.php:

<?php
if (! isset($_SESSION['id'])){
header("location:index.php");
exit;
}
?>


welcome.php after:

<?php
require_once("../config/config.php"); // database connection
require_once("../config/opendb.php"); // database connection
include("../includes/security.php");
session_start();
$id = $_SESSION['id'];


Maybe i'm just a new newbee, but here the author did not copy the session_start () into the security.php file, nor does he insert the "include" after the session_start() line in welcome.php file.

And who would i bee, if i; who tries to learn from theses tutorials tells the author that he is wrong? (no answer required!)

This leaeves me to this question: i'm i supposed to copy the session_start() line into the security.php filer and remove it from welcome.php file? or do i have to insert the include after session_start() line?

davidj
12-01-2010, 05:52 AM
I will check that tutorial when working with sessions you have to declare a session_start before hand in order for the parser to prepare for sessions