0

We've built a small project prototype for a client, which needs to be password protected because of our NDA. However - our use of the $_SESSION variable seems to break the parameters provided when entering from a secondary source even if we're logged in.

This is what we want to happen:

www.externalsite.com -> oursite.com/#/route?param="value"

This is what happens:

externalsite.com -> oursite.com/#/route?param="value" -> oursite.com/#/defaultRoute

It would be awesome if anyone could tell me how to progress past this issue - either by providing actual solution or by linking to resources that might help or get us pointed in the right direction.

Here's our index.php

!doctype html>
<html>
  <head>
    <title>prototype</title>
  </head>
  <body ng-app="angularApp" ng-controller="mainCtrl">

    <?php require('access.php'); ?>

    <div class="wrap">
        <!-- CONTENT -->
    </div>
  </body>
</html>

access.php:

<?php
$password = '43844e5d424a5c7d228f265f8c899d47a65cf52f';

session_start();
if (!isset($_SESSION['loggedIn'])) {
    $_SESSION['loggedIn'] = false;
}

if (isset($_POST['password'])) {
    if (sha1($_POST['password']) == $password) {
        $_SESSION['loggedIn'] = true;
    } else {
        die ('Incorrect password');
    }
} 

if (!$_SESSION['loggedIn']): ?>


<html>
  <head>
    <title>Login</title>
  </head>
  <body>
    <form method="post">
      <div class="form-group">
        <label for="passwordInput">Password</label>
        <input type="password" name="password">
      </div>
      <input type="submit" value="Login">
    </form>
  </body>
</html>

<?php
exit();
endif;
?>
Improve this question

1 Answer 1

Reset to default
2

The session_start() function must be the very first thing in your document. Before any HTML tags. You need to move it to index.php:

<?php
session_start();
?>
<!doctype html>
<html>
  <head>
    <title>prototype</title>
  </head>
  <body ng-app="angularApp" ng-controller="mainCtrl">

    <?php require('access.php'); ?>

    <div class="wrap">
        <!-- CONTENT -->
    </div>
  </body>
</html>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is the best kind of solution - I understand what I did wrong and how to fix it, and the implementation took literally two seconds. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.