#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2

    Passing credentials to another page in another dir


    Hey, I'm trying to get a login form from the header.php page, pass the username and password to another login form on the login.php page which is in a different directory on the server that has SSL encryption. I was under the impression that if you put the page under action, it's supposed to work and this method does work for my search form I have in the header. when submitting a keyword, it's passed through to the search.php page with another search form and the results from the database are processed and displayed successfully. However, the search.php page is in the same directory as the header.php page which are in the public_html directory.

    Here is my code for the login form from the header.php page, code from the login.php page and func page. The connection page and header.php pages are included on all the pages of the website.

    segment of code from header.php,
    Code:
    <form action="secure/login.php" method="post">
    								<div id="loginmsg">
    									<span class="loginfieldfont3">Sign In to MyLTS</span><br />
    								</div><br />
    								<div class="loginerrfont" id="loginerr">
    								</div>
                                	<div id="logintitle">
                                    	<span class="loginfieldfont1">Username:</span>
                                    </div><br />
                                    <div id="loginfield1">
                                    	<input type="text" id="username" name="username" border="0" size="25" class="loginfont2" />
                                    </div><br />
                                    <div id="logintitle">
                                    	<span class="loginfieldfont1">Password:</span>
                                    </div><br />
                                    <div id="loginfield2">
                                    	<input type="password" id="password" name="password" border="0" size="25" class="loginfont2" />
                                    </div><br />
                                    <div id="forgotfield">
                                    	<a href="forgotpass.php" target="_self" class="loginfieldfont2">Forgot your password?</a>
                                    </div>
                                    <div id="submitcontainer">
                                    	<div id="signinbtn">
                                        	<input type="image" id="submit" name="submit" src="images_folder/header/newheader/menus/png/new-signinbtn.png" border="0" alt="0" />
                                        </div>
                                        <div id="registerbtn">
                                        	<a id="registerbtn2" href="secure/register.php" target="_self"></a>
                                        </div>
                                    </div>
    								</form>
    code segment from the login.php page,
    PHP Code:
    <?php
                            $usernameclass 
    'field';
                            
    $passwordclass 'field';
                            
    //here's the place where the login function is called.
        
                            
    login();
                            
                            if (isset(
    $_POST['username'])) {
                                
    $register_username $_POST['username'];
                            } else {
                                
    $register_username '';
                            }
                            
                            if (isset(
    $_POST['password'])) {
                                
    $register_password $_POST['password'];
                            } else {
                                
    $register_password '';
                            }
                            
                            
    ?>
                            </div>
                        </div><br />
                        <div style="float: left; width: 550px; height: auto; margin-top: 20px;">
                            <form action="" method="post">
                            <div style="float: left; width: 550px; height: auto;">
                                <span class="fieldfonttitle">Username:</span>
                            </div><br />
                            <div id="usernameField" class="<?php echo $usernameclass?>">
                                <input type="text" id="username" name="username" class="fieldfont" border="0" size="60" value="<?php echo $register_username?>" style="border-style: none; background-color: transparent; overflow: hidden;" />
                            </div><br /><br />
                            <div style="float: left; width: 550px; height: auto;">
                                <span class="fieldfonttitle">Password:</span>
                            </div><br />
                            <div class="<?php echo $passwordclass?>">
                                <input type="password" id="password" name="password" class="fieldfont" border="0" size="60" value="<?php echo $register_password?>" style="border-style: none; background-color: transparent; overflow: hidden;" />
                            </div><br /><br />
                            <div style="float: left; width: 550px; height: auto;">
                                <a href="register.php" target="_self" class="font1">Register</a> <span class="font1">|</span> <a href="forgotpass.php" target="_self" class="font1">Forgot Password</a><br /><br />
                                <input type="image" name="submit" src="../images_folder/middle/fields/signin.png" />
                            </div>
                            </form>
                        </div>
    code segment from the function page, login.func.php,
    PHP Code:
    function login() {
        if (isset(
    $_POST['username'], $_POST['password'])){

            
    $username $_POST['username'];
            
    $password $_POST['password'];
                        
            
    $actquery mysql_query("SELECT `activated` FROM `users` WHERE `username`='$username'");
            
    $activated2 mysql_fetch_assoc($actquery);
            
    $activated $activated2['activated'];
                        
            
    $errors = array();
        
            if (empty(
    $username) || empty($password)) {
                
    $errors[] = 'Username and password are required.';
                
    $usernameclass 'field2';
                
    $passwordclass 'field2';
            } else {
            
                
    $login login_check($username$password);
            
                if (
    $login === false){
                    
    $errors[] = 'Username or password is incorrect.';
                    
    $usernameclass 'field2';
                    
    $passwordclass 'field2';
                } else {
                    if (
    $activated==0) {
                        
    $errors[] = 'Your account needs to be activated. Please check your email with instructions to activate your account.';
                    }
                }
            
            }
        
            if (!empty(
    $errors)) {
            
                foreach (
    $errors as $error) {
                    echo 
    '<span class="font15" style="color: red;">- ',$error'</span><br />';
                }
            
            } else {
                
    //log user in
                
    $_SESSION['user_id'] = $login;
                
    header('Location: settings.php');
                exit();
            }
        }

  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    What's the matter? Why do you create a new thread in the middle of the discussion?

    So is that other thread obsolete now?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2
    Hey, no I didn't realize anyone posted back to my other thread, but decided to reword my question and include code this time. In the other thread I was just looking for the logic but now I'm thinking that the problem in the op has to do with where the login.php page is on the server, or maybe because it is SSL encrypted, or something to do with my code. Although I did a test to pass variables,

    header.php
    PHP Code:
    $test 'test message';
    header('Location: secure/login.php?test='.$test.''); 
    login.php
    PHP Code:
    if (isset($_GET['test'])) {
        
    $test $_GET['test'];
    } else {
        
    $test '';
    }

    echo 
    $test
    And $test output "test message" on the login.php page. So there's nothing holding that back from processing so I'm not sure why the form won't process on the login page when the variables from the form from the header.php page are sent to it.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2
    Just figured out how to do it with the method I described in previous post. I'll just use that as a quick fix until I setup a test server and convert all the code to PDO.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Please stick to one thread per topic. It's really confusing to have two discussions about the same question. Especially when somebody finds the older thread and replies to it, not knowing that you've already abandoned it.

    OK, so your login.php actually does process the login data. Then open the developer tools of your browser (usually F12) and see what the small login form submits. Does it actually make a POST request with two parameters named username and password?

    You should also get familiar with var_dump() which tells you the exact content of a variable. So you can analyze every single state of the script and see what's going on.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo