I am having an issue with my website sessions. I built a website which requires a user to log in to view the webpage. It works completely perfect under my domain, but when I uploaded all my files to a different server the temporality let a client preview the web page on this server I get this issue i stated in the title. It automatically says the password is incorrect. You can still log in fine but if you try to navigate to another page within the site it logs you out 99% of the time.
I am using PHPSecurePages for my login forms so at the beginning of each of my web pages I have
<?php
// Connect To Secure Login
$cfgProgDir = 'phpSecurePages/';
include($cfgProgDir . "secure.php");
This Is what the secure.php looks like
// Create a constant that can be checked inside the files to be included.
// This gives an indication if secure.php has been loaded correctly.
define('LOADED_PROPERLY', true);
// Check if secure.php has been loaded correctly
if (isset($_GET['cfgProgDir']) || isset($_POST['cfgProgDir']) || isset($_GET['languageFile']) || isset($_POST['languageFile'])) {
echo "Parsing of phpSecurePages has been halted!";
exit();
}
// include configuration
require($cfgProgDir . 'config.php');
// https support
if (getenv('HTTPS') == 'on') {
$cfgUrl = 'https://';
}
else {
$cfgUrl = 'http://';
}
// getting other variables
$phpSP_message = false;
// include functions and variables
if ( !defined("FUNCTIONS_LOADED") ) {
// check if functions were already loaded
include($cfgProgDir . 'objects/functions.php');
}
include($cfgProgDir . 'lng/' . $languageFile);
// choose between login or logout
if (isset($logout) && !(isset($_GET['logout']) || isset($_POST['logout']))) {
// logout
include($cfgProgDir . 'objects/logout.php');
}
else {
// starting login check
if ($noDetailedMessages == true) {
$strUserNotExist = $strUserNotAllowed = $strPwNotFound = $strPwFalse = $strNoPassword = $strNoAccess;
}
// make post variables global
if (isset($_POST['entered_login'])) $entered_login = $_POST['entered_login'];
if (isset($_POST['entered_password'])) $entered_password = $_POST['entered_password'];
// check if login is necessary
include($cfgProgDir . "objects/checklogin.php");
// check if IP is allowed (if using IP-restriced access)
if ($use_IP_restricted_access==true) {
include($cfgProgDir . "objects/checklogin_ip.php");
}
// check login with Database
if ($useDatabase == true) {
include($cfgProgDir . 'objects/checklogin_db.php');
}
// check login with Data
elseif ($useData == true) {
include($cfgProgDir . 'objects/checklogin_data.php');
}
it checks this php file (checklogin.php)
// check if login is necessary
// Check if secure.php has been loaded correctly
if ( !defined("LOADED_PROPERLY") || isset($_GET['cfgProgDir']) || isset($_POST['cfgProgDir'])) {
echo "Parsing of phpSecurePages has been halted!";
exit();
}
if (!isset($entered_login) && !isset($entered_password)) {
// use data from session
session_start();
// session hack to make sessions on old php4 versions work
if (phpversion() > 4.0) {
if (isset($_SESSION['login'])) $login = $_SESSION['login'];
if (isset($_SESSION['password'])) $password = $_SESSION['password'];
}
}
else {
// use entered data
session_start();
// session hack to make sessions on old php4 versions work
if (phpversion() <= 4.0) {
session_unregister("login");
session_unregister("password");
}
// encrypt entered login & password
$login = $entered_login;
if ($passwordEncryptedWithMD5 && function_exists(md5)) {
$password = md5($entered_password);
}
else {
$password = $entered_password;
}
// session hack to make sessions on old php4 versions work
if (phpversion() > 4.0) {
$_SESSION['login'] = $login;
$_SESSION['password'] = $password;
}
else {
session_register("login");
session_register("password");
}
}
if (!isset($login)) {
// no login available
include($cfgProgDir . "interface.php");
exit;
}
if (!isset($password)) {
// no password available
$phpSP_message = $strNoPassword;
include($cfgProgDir . "interface.php");
exit;
}
// login and password variables exist
// continue to checking them
?>
