when the user enters the username and password for the script why doesn't it forward them onto the protected php page? Can someone help me fix my script please?
I have checked the file names and they're correct so I'm not really sure what to do next, I can't see the problem. Therefore, I thought I'd write a post about it on here.
Any help would be greatly appreciated, thanks in advance!
login.php script
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user = $_POST["username"];
$pass = $_POST["password"];
$validated = false;
session_start();
if($user!=""&&$pass!="")
{
if($user=="test1"&&$pass=="test1")
$validated = true;
if($validated)
{
$_SESSION['login'] = "OK";
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
header('Location: protected.php');
}
else
{
$_SESSION['login'] = "";
echo "Invalid username or password.";
}
}
else $_SESSION['login'] = "";
}
?>
<html>
<body>
<h1>Login Page</h1>
<p>Please enter your username and password:</p>
<form action="login.php" method="post">
<table>
<tr>
<td align="right">Username: </td>
<td><input size=\"20\" type="text" size="20" maxlength="15" name="username"></td>
</tr>
<tr>
<td align="right">Password: </td>
<td><input size=\"20\" type="password" size="20" maxlength="15" name="password"></td>
</tr>
<tr>
<td> </td>
<td colspan="2" align="left"><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
protected script
<?php
session_start();
if($_SESSION['login'] != "OK")
{
header('Location: login.php');
exit();
}
?>
<html>
<head
<title>Protected Web Page</title>
</head>
<body>
<h1>Protected Web Page</h1>
<<p>You have successfully logged in!</p>
<img src="pic_mountain.jpg" alt="Mountain View" style="width:304px;height:228px">
<p>
Your username is: <?= $_SESSION['username'] ?=><br/>
Your password is: <?= $_SESSION['password'] ?>
</p>
</body>
</html>