So I have this form that asks for user and password:
<?php
$emmagatzemarSessions="/u/alum/u1920477/public_html/tmp";
ini_set('session.save_path',$emmagatzemarSessions);
session_start();
include 'vars.php';
?>
<html>
<h1>Identificacio</h1>
<h3>Introdueix el teu usuari i contrasenya per entrar a oracle</h3>
<hr>
<form action="menu.php" method="post">
Usuari:
<input type="text"
name="user" />
Contrasenya:
<input
type="password"
name="pass" />
<input type="submit"/>
</form>
<hr>
<?php
$_SESSION["user"] = $_POST["user"];
$_SESSION["pass"] = $_POST["pass"];
?>
</html>
However, in the next file, 'menu.php' it says I couldn't acces the database. The user and password I'm inserting are correct. Here is the code to connect that I'm using:
#!/usr/bin/php-cgi
<?php
$emmagatzemarSessions="/u/alum/u1920477/public_html/tmp";
ini_set('session.save_path',$emmagatzemarSessions);
session_start();
include 'vars.php';
$conn = oci_connect($_SESSION["user"], $_SESSION["pass"], 'oracleps');
echo("username is: " . $_SESSION["user"]);
if (!$conn) {
echo "<p>No hem pogut connectar amb la BD.</p>";
?>
<html>
<br><br><br>
<div id="tornar">
<li><a href="index.php">Tornar a l'inici</a></li>
</div>
<?php
die;
}
?>
<head>
<title>Menú empresa</title>
</head>
<body>
<div id="menu">
<h1>Menú</h1>
</div>
<div id="alta">
<ul>
<li><a href="alta.html">Donar d'alta un client</a></li>
<li><a href="consulta.php">Consultar vehicles disponibles</a></li>
<li><a href="llogar.html">Llogar un vehicle</a></li>
<li><a href="retorn.html">Retornar un vehicle llogat</a></li>
<li><a href="revisio.php">Veure revisions</a></li>
</ul>
</div>
<br><br><br>
<div id="tornar">
<li><a href="index.php">Tornar a l'inici</a></li>
</div>
</body>
</html>
I have looked for similar questions, asked my collegues who are doing the same thing but I can't find out why this isn't working! It would be amazing if I could get some help from you guys! Thanks a lot.
Edited with the full code of both files. Ignore the 4 first lines. I hope you guys can help me because I have no clue what I'm doing wrong!
This line of code should be at the top of every php page where you want to track session:
session_start();
You should also always check if variables are really sent from the form, like this:
if(isset($_SESSION['username']))
{
// do something
}
If you are sure that your logic for connecting to the database is ok, you should log the data you receive from the form, to check if it is correct:
error_log("username is: " . $_POST["username"]);
Start a session on every page that can only be accessed by a user and if it is not set redirect the user
session_start(); //start session
if (!isset($_SESSION['user'])) {
redirect_user();
}
function redirect_user() { //redirect user to home page
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); #quit
}