1

I had an old site with an admin area built with PHP and I've copied this site to rebuilt the front-end of our home page, but I can't make the admin login work properly on the new site.

I know it's connected to our database, because when I enter wrong password information, it shows a "login unauthorized" message and when I use the right credentials this message doesn't appear. The problem is that when I click the login button, it make a request to the page it should go, but then it receives a 302 response and return to the login page again.

EDITED TO SHOW ANSWER

The problem was that the session.save_path of the php.ini file was set to a path that didn't existed, so the session was not being saved anywhere, thus returning the user to the login page since his session was empty. After changing the path of session.save_path, the problem was solved.

Thank you to everyone that helped me!

Improve this question
7
  • We can't tell you without more information, you should first find where redirections can be made from "the page it should go" back to the login page, and if possible share this code here (obfuscating all things that security prevents you from showing). If you're just re-designing an existant working site, start by checking if you didn't forget to update an adress somewhere, or changed anything in the form, this kind of things Commented Nov 12, 2020 at 13:08
  • Hi, @Kaddath, I've update my question with some code snippets. Commented Nov 12, 2020 at 13:34
  • can you print $_SESSION in cadastro-xxxxxxx.php? print_r($_SESSION) Commented Nov 12, 2020 at 13:48
  • Is the old version is still working in your current developpement environment? Sometimes it's just caused by a different version of PHP. Actually, see the docs "To use cookie-based sessions, session_start() must be called before outputting anything to the browser.", that's why we usually put it at the very start of a PHP file, for your login.php, verify you didn't add stuff before the first <?php tag or any output before the session_start. Also, inc/session-control.php should be more useful for us than cadastro-xxxxxx.php Commented Nov 12, 2020 at 13:59
  • @Kaddath, the old version is still online in another URL. I've updated my question with the session-control.php file. The version of PHP is the same on both of them. I've also uploaded the details of the get request to cadastro.php Commented Nov 12, 2020 at 14:28

1 Answer 1

Reset to default
1

It's really hard without seeing some of the code to answer - however if you're seeing a request for the expected page that you're going to after logging in, then a 302 (redirect) back to the login page I'd suggest the destination page (where you should end up) isn't recognising that you have logged in correctly.

This could be a problem in the login.php file - or something in the destination page that is checking for a valid, authorised, log in session.

If that helps great - if not perhaps update your post with the code from your login.php and related files for some more targeted help.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Hi, Steve. I've updated my question with some code snippets. If you need more, I can update again.
@augusto looking at what you have added I'd suggest you need to do some debug. Try var_dump($_SESSION); exit; both after the final } at the top of your login.php code block (before you close the <?php and switch to HTML). then try the same debug inside session-control.php - it sounds like something is being unset somewhere.
the problem was in the session.save_path. Your help was essential to the solution! Thank you very much!
So glad you managed to get it sorted @augusto - the joys of php / session settings can have all of us chasing our tails.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.