I want to create a PHP account system to access special parts of my website. The login info (page 1) is fed to the check page (page 2) which checks that the info is right, which then redirects to the member page (page 3)
Page 1:
<form action="inner.php" method="post" class="centered">
<input type="text" name="usr" placeholder="Username" required><br>
<input type="password" name="psw" placeholder="Password"required><br>
<input type="submit" name="submit" value="Log In">
</form>
Page 2:
<?php
session_start();
if ( $POST_["usr"] = "felix" || $POST_["psw"] = "password")
{
$_SESSION["usr"] = $POST_["usr"];
header('Location: member.php');
}
else
{
header('Location: index.php');
}
?>
Page 3
<?php
session_start();
$usr = $_SESSION["usr"];
if( $usr = felix)
{
$name = 'Felix';
$admin = 'true';
}
else
{
header('Location: index.php');
}
$felix = 'felix@example.com';
?>
Page 2
// $_POST instead of $POST_, wrong variable name
// == instead of =, compare, don't assign
// && instead of ||, usually it is username AND password, not one of both
// additional isset() against "undefined index"-notices
if (isset($_POST['usr']) && isset($_POST['psw']) &&
$_POST['usr'] == "felix" && $_POST['psw'] == "password")
{
// Again $_POST instead of $POST_
$_SESSION["usr"] = $_POST["usr"];
header('Location: member.php');
} else {
header('Location: index.php');
}
Page 3
<?php
session_start();
$usr = (isset($_SESSION["usr"]) ? $_SESSION["usr"] : "");
if (isset($_SESSION["usr"])) {
$usr = $_SESSION["usr"];
}
// Again == instead of =
if ($usr == "felix") {
// Rest of the script