H3ll0 H3ll0 - 10 days ago 5
PHP Question

PHP login authentication not working

I have two .php files. All html and php, no SQL and will not be needing/using it. One is the login page, the other is the destination. When I put in the log in details I have set, I can't get to the destination. As you can see,

session_start();
is clearly at the top. I even put it right on the same line as the opening php tag and no difference was made. Here's the code for both pages:

Login:

<?php
session_start();

$username="testu";
$password="testp";
$_SESSION['logged_in']=false;

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
header("Location: dest.php");
exit;
}

if (isset($_POST['user']) && isset($_POST['pass'])) {
if ($_POST['user'] == $username && $_POST['pass'] == $password) {
$_SESSION['logged_in'] = true;
header("Location: dest.php");
exit;
}
}
?>

<!DOCTYPE html>

<html lang="en">

<head>
<title>A title</title>
</head>

<body>
<form action="dest.php" method="post" style="font- family:calibri;position:absolute;top:40%;left:35%;">
Username: <input type="text" name="user"/><br><br>
Password: <input type="password" name="pass" style="position:relative;left:5px;"/><br><br><br>
<input type="submit" value="Submit" style="position:relative;left:115px;"/>
</form>

</body>

</html>


Destination:

(php tag here)
session_start();

if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false) {
header("Location: login.php");
exit;
}
?>

<!DOCTYPE html>

<html lang="en">

<head>
<title>A title</title>
</head>

<body>
<a href="login.php">Log out</a>
</body>

</html>


I noticed that when I commented out the php code on the destination file, I could access the dest.php. Issue is, I could access is with any login details, or none at all. It's either nothing works, or anything works. How can I get the details I have set to work? I feel the issue is in the login page script. Many thanks in advance to anyone who can help me resolve this.

Note: I had to repost this because my last question was marked as a duplicate of something completely irrelevant to my issue, thank you.

Answer

@Sean beat me to it, nice job :-)

If you remove the action="dest.php" it should work. Right now you are sending the form to a page that does not check the values of the username and password, thus the session variable is not set.

<form method="post">
Username: <input type="text" name="user"/>
....
</form>