What's making the login page fail to open, after entering the rightful login credentials?

Question

1.00/5 (1 vote)

See more:

, +

I have been testing the login form page with the rightful credentials and the page loads perfectly by verifying credentials and prompts me to access the details,on my local server system.

However,I have deployed it on the remote server but whenever I login with the right credentials,the page spins and redirects back on the same page,What could this mean I didn't test my system on both remote server and local system at the once.

This the login page /index.php form;

<?php
//admin login page/index page
session_start();
include('includes/config.php');
if(isset($_POST['adlogin']))
{
$uname=$_POST['username'];
$password=$_POST['password'];
$sql ="SELECT UserName,Password FROM admin WHERE UserName=:uname and Password=:password";
$query= $dbh -> prepare($sql);
$query-> bindParam(':uname', $uname, PDO::PARAM_STR);
$query-> bindParam(':password', $password, PDO::PARAM_STR);
$query-> execute();
$results=$query->fetchAll(PDO::FETCH_OBJ);
if($query->rowCount() > 0)
{
$_SESSION['alogin']=$_POST['username'];
echo "<script type='text/javascript'> document.location = 'dashboard.php'; </script>";
} else{
	
	echo "<script>alert('Invalid Admin Login Details');</script>";

}

}

?>

<!DOCTYPE HTML>
<html>
<head>

</head> 
<body>
	<div class="main-wthree">
	<div class="container">
	<div class="sin-w3-agile">
		<h2>Admin</h2>
		<form  method="post">
			<div class="username">
				<span class="username text-center">Username</span>
				<input type="text" name="username" class="name" placeholder="" required="">
				<div class="clearfix"></div>
			</div>
			<div class="password-agileits">
				<span class="username text-center">Password</span>
				<input type="password" name="password" class="password" placeholder="" required="">
				<div class="clearfix"></div>
			</div>
			<div class="login-w3">
					<input type="submit" class="login" name="adlogin" value="LogIn">
			</div>
			<div class="clearfix"></div>
		</form>
						
	</div>
	</div>
	</div>
	<?php include('includes/footer.php');?>
</body>
</html>

PHP

<?php
 
// DB credentials.
define('DB_HOST','localhost');
define('DB_USER','database_username');
define('DB_PASS','database_password');
define('DB_NAME','database_name');
// Establish database connection.
try
{
$dbh = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USER, DB_PASS,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
}
catch (PDOException $e)
{ 
exit("Error: " . $e->getMessage());
}
?>

The dashboard file;

<?php
session_start();
include('includes/config.php');
if(strlen($_SESSION['alogin'])==0)
	{	
header('location:dashboard.php');
}
else{
?>
<!DOCTYPE HTML>
<html>
<head>.......

What I have tried:

I tried to add

PHP

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

to the try block after the new PDO(...)
But still facing the same issue,the login file redirects back,I can't access the dashboard file still.This works on my local host tests but on remote server.

Posted 26-Jun-20 1:03am

quintumnia

Updated 2-Jul-20 2:19am

v3

Add a Solution

Comments

MadMyche 26-Jun-20 12:49pm

Am I missing the section where that username/password is used to authenticate AND where Session[alogin] is set?

Andre Oosthuizen 29-Jun-20 7:02am

define('DB_HOST','localhost'); will not work on server

quintumnia 2-Jul-20 7:23am

i changed the host server name but still,giving the same respose

Richard Deeming 3-Jul-20 7:12am

You're storing passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP provides built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

quintumnia 3-Jul-20 7:41am

What if I encrypt using $password=md5($_POST['password']);
Does it make sense!

Richard Deeming 3-Jul-20 7:44am

Nope.

MD5 - Wikipedia[^]
The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor. Further, there is also a chosen-prefix collision attack that can produce a collision for two inputs with specified prefixes within seconds, using off-the-shelf computing hardware.

Use the built-in methods to generate a salted hash of your passwords when you store them, and to verify that the entered password matches the stored salted hash when logging in.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Andre Oosthuizen · Answer 1 · 2020-07-02T01:34:00

Solution 1

It seems that this piece of code is causing the hang as $_SESSION['alogin'] is not set, returning to the dashboard.

<pre><?php
session_start();
include('includes/config.php');
if(strlen($_SESSION['alogin'])==0)
    {   
header('location:dashboard.php');
}
else{
?>

Where are you setting the alogin to your session?

I would also try the following code -

if (session_status() == PHP_SESSION_NONE) {
	session_start();
}

include('includes/config.php');

if(isset($_SESSION['alogin'])) //checks if the variable has been declared/accessed...
    {   
header('location:dashboard.php');
}
else
{
   header('location:index.php');
}

Posted 2-Jul-20 1:34am

Andre Oosthuizen

Updated 2-Jul-20 1:38am

v6

Comments

quintumnia 2-Jul-20 8:13am

Bro, I have tried to add the full page of the index.php page,made some updates in the question.
Surprisingly,when i try to login with rightful admin credentials,on my localserver,it directs me perfectly to the dashboard(dashboard.php) page. So issue comes when i access the same admin page on remote server!,I have tried all possible ways nor solutions but nothing turns to help me out

Andre Oosthuizen 2-Jul-20 9:30am

after $results do a var dump - var_dump($results); and see what is returned. If there is a return, then not server based, if not, problem with your server connection.

quintumnia 2-Jul-20 9:34am

Yes brother,all along it has been back-end database conflicts interms of accessibility.

Andre Oosthuizen 2-Jul-20 9:34am

:) Glad you could fix it, hope I was able to help somewhere. Enjoy coding!

quintumnia · Answer 2 · 2020-07-02T03:23:00

All the time and committed.
The issue has been rising from the back-end databases ;whereby i created one database and the changed to the new one.
However,the old database has been creating interference accessing the new database remotely.

Therefore,I deleted the old database and i refreshed the page,at-last everything came to normal.

After,a hard hustle,research...etc.