lundi 29 juin 2015

PHP Session: Preset login details only working locally


I am working on a website and I decided to make my own CMS for it. It doesn't need amazing security but I do have a login page for it that directs to the CMS page if the login information is correctly filled out.

It's only possible to login with 1 account (admin). And its login name and password are set within the login page PHP file. When submitting the form it checks if the right information is filled out, and if so, it puts the username within a SESSION[user] variable.

Aslong as that session exists the loginpage should always autodirect you to the CMS page, but this only seems to work locally. When i put it online, and fill out the right information and submit the form on the loginpage, it just stays on the same page instead of going to the CMS page. When i manually type in the URL of the cms page I can access it without being directed to the loginpage. And in my PHP i do check whether $_SESSION['user'] == admin.

Any of you guys have an idea why this only works locally, and what I need to change to make it work online too?

Here is the relevant code:

//LOGIN PHP PAGE

<?php
session_start();
    //login info
    $xinlognaam = 'admin';
    $xwachtwoord = 'PASSWORD HERE';

    //als je al ingelogd bent, wordt je direct naar cms pagina gestuurd
    if(!empty($_SESSION['user'])){
        if($_SESSION['user'] == $xinlognaam){
            header("Location: ../php/cms.php");
        }
    }
?>

    <div id="inlogsectie">
        <form id="inlogform" method="POST" action="#">

            Accountnaam:<br><br>
            <input type="text" name="accountnaam" id="accountnaam" maxlength="100"/><br><br><br>

            Wachtwoord:<br><br>
            <input type="text" name="wachtwoord" id="wachtwoord" maxlength="100"/><br><br><br>

            <input type="submit" name="inlogknop" id="inlogknop" value="inloggen"/>
        </form>

        <div id="inlogmelding">
            <?php
                //als op de knop gedrukt wordt
                if(isset($_POST['inlogknop'])){
                    //als velden niet leeg zijn
                    if(!empty($_POST['accountnaam']) && !empty($_POST['wachtwoord'])) {
                        //als de gegevens correct zijn
                        if(($xinlognaam == $_POST['accountnaam']) && ($xwachtwoord == $_POST['wachtwoord'])){
                            $_SESSION['user'] = $xinlognaam;
                            header("Location: ../php/cms.php");
                        //als de gegevens incorrect zijn
                        }else{
                            echo"De ingevulde login informatie is incorrect.";
                        }
                    } else{ //als velden leeg zijn
                        echo"De ingevulde login informatie is incorrect.";
                    }
                }
            ?>
        </div>
    </div>

//CMS PAGE

 <?php
  session_start();

 if($_SESSION['user'] != 'admin'){
        header('Location: ../admin/index.php');
    }

 if(isset($_POST['uitlogknop'])){
        include_once('uitloggen.php');
    }
   ?>

//LOG OUT PHP FILE

<?php
session_destroy();

header("Location: ../admin/index.php");

?>

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)