Passing PHP variables through a variables page is not working... need some advice

Now I’m pretty new to PHP and server scripting so I could be having a problem with some no brainer rules or simple syntax but I can’t get this code to work…

So the aim is to have a global variable ($logfail) to be set it the username/password doesn’t exist then redirect to the login page and an error message will be displayed through the if statement checking is $logfail is true… but I’m doing something wrong because it’s not working… Any pointers or solutions would be helpful.

login.php:


<?php include("variables.php"); ?>
<html>
<head></head>
<body>
<?php 
session_start(); 
function check_logged(){ 
     global $_SESSION, $USERS; 
     if (!array_key_exists($_SESSION["logged"],$USERS)) { 
          header("Location: /index.php"); 
     }; 
}; 

if ($_POST["portal"]=="log") { 
     if ($USERS[$_POST["logn"]]==$_POST["pswd"]) { 
          $_SESSION["logged"]=$_POST["logn"]; 
     } else { 
          echo 'Incorrect username/password. Please, try again.'; 
     }; 
}; 
if (array_key_exists($_SESSION["logged"],$USERS)) { 
    header("Location: statelist.php");
} else {
    global $logfail;
    $logfail = true;
    check_logged();
}; 
?>
...

variables.php:


<?php
$logfail;
?>

index.php:


<?php include("php/variables.php"); ?>
<html>
<head></head>
<body>
.......
<?php
global $logfail;
if ($logfail) {
    ?>
    <p class="logFail red">Incorrect username/password combination...</p>
    <?php 
};
?>
......

@[URL=“http://www.sitepoint.com/forums/member.php?440210-Angrypoonani”][B][COLOR=#0071D8]Angrypoonani

[/COLOR][/B]You first do not need to set the $_SESSION as global; it is a super global already and can be accessed at any time.

The

 header("Location: /index.php");

[COLOR=#000000][LEFT]will not work as all header commands must be output before any other output. In your example the HTML and BODY tags will have already output so the header redirect will not work and should throw a warning.

You should do a ‘Not logged In’ check at the very top of your php page. make sure that you do not have any whitespace or anything output before you issue the header redirect.

I also wonder where you are storing your password. You should never store just a clear text password in a file or a database record instead HASH and SALT the stored password and then verify when the user enters their username, and password that you run the HASH with the same SALT to verify that they match otherwise you redirect.

Your use of globals is worrisome.

Regards,
Steve

[/LEFT][/COLOR]