problem logging in form with php

0

I developed a login system in php in this site without a database with a fixed password localhost everything works normally more when I uploaded the files to the server and I try to access it and it loads the page but it returns to the beginning and in url of the browser it appears that it is not safe how to fix it follows the images and the source code. in the image above it appears next to URL is not secure and this does not let me log in to page main.php remembering localhost works normally

Login:

<form action="login.php" method="post" name="login" id="login" class="login form-login" onsubmit="return validaCampo(); return false;">
                <div class="box-form-login">
                    <div class="text-left">
                        <h4 class="title">Painel do cliente</h4>
                        <p class="text">Para ter acesso a todo o conteúdo do Fábio Rabin basta acessar o painel com o
                            usuário e senha enviados para o seu email.
                        </p>
                    </div>
                    <div class="row">
                        <div class="col-sm-8 col-xs-12">
                            <div class="form-group">
                                <input type="text" name="user" id="user" class="form-control user" placeholder="Digite seu nome" />
                            </div>
                        </div>
                    </div>

                    <div class="row">
                        <div class="col-sm-8 col-xs-12">
                            <div class="form-group">
                                <input type="password" name="pass" id="pass" class="form-control user" placeholder="Digite sua senha" />
                            </div>
                        </div>
                    </div>
                    <div class="row">
                        <div class="col-sm-8 col-xs-12">
                            <input type="submit" value="Entrar" class="btn btn-primary send">
                        </div>
                    </div>
                </div>
            </form>

login.php:

<?php
error_reporting(0);
ini_set("display_errors", 0);
?>
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
include("bd.php");
if ($valida[$user] == $pass) {
    setcookie("logado", "1");
    echo "<script>location.href='main.php'</script>";
} else {
   /* echo "Usuário ou senha incorretos!";
    echo "<br>";
    echo "<a href=login>";
    echo "Clique aqui</a> para tentar novamente.";
    echo "</a></font>";*/
}
?>

<div class="container-fluid no-padding">
    <div class="row">
        <div class="bg-color hidden-xs hidden-sm">

        </div>
        <div class="col-md-10 col-sm-12 col-xs-12 text-center pull-right">
            <p class="title">Poxa vida!<br> Seu usuário ou senha estão incorretos!<br/> <span><a href="login">- Clique aqui e tente novamente -</a></span></p>
        </div>
    </div>
</div>

main.php:

    <?php
if (IsSet($_COOKIE["logado"])) {
} else {
        echo '<meta http-equiv="refresh" content="0;url=login">';
    exit;

}
?>
<html>
<head>
</head>
<body>

<div class="container-fluid">
    <div class="row">
        <div class="col-md-12 text-right">
            <a href="logout.php" class="link-logout">X</a>
        </div>
    </div>

    <div class="row">
        <!--<img src="img/img-download.png" class="img-responsive img-download hidden-xs hidden-sm"
             alt="Faça o download dos conteúdos"/>-->
        <div class="col-md-6 col-md-offset-4 col-sm-7 col-sm-offset-3 col-xs-12 col-xs-offset-0">
            <div class="box-download">
                <p class="text"><span>E ai cara seja bem-vindo!</span><br/>Aqui você vai encontrar todo o conteúdo necessário sobre o Fábio Rabin, basta
                    clicar no botão abaixo e efetuar o download.</p>
                <a href="conteudo.zip" class="content-download">Baixar conteúdo</a>
            </div>
        </div>
    </div>
</div>

</body>
</html>

logout.php:

<?php
setcookie("logado", "");
?>
<html>
<head>
    <script language="JavaScript">
        function deleteCookie(nome) {
            var exdate = new Date();
            exdate.setTime(exdate.getTime() + (-1 * 24 * 3600
                * 5000));
            document.cookie = nome + "=" + escape("") + ((-1
                == null) ? "" : "; expires=" + exdate);
        }
    </script>
</head>
<body>
<div class="container">
    <div class="row">
        <div class="col-md-12 text-center">
            <p class="text"><span>Você desconectou!</span><br>
                Aguarde, você será redirecionado <br>para página inicial.</p>

            <p>Se demorar muito <a href="login">clique aqui</a></p>
        </div>
    </div>
</div>

<script language="JavaScript">
    deleteCookie("logado");
</script>

</body>
</html>

bd.php (here is where I put user and fixed password)

<?php
$valida[fabiorabin] = "download123";
?>
    
asked by anonymous 17.05.2017 / 18:49

2 answers

2

Google announced in its blog the following article "Moving to a Safer Web", in which explained that in January 2017 there was an update in Google Chrome 56, which marks HTTP pages that collect passwords or credit cards as NOT SAFE on the url bar and with red security lock.

Until then, only HTTP pages that request information such as passwords and credit cards appeared as non-secure pages. However, Google's Chrome plan is long-term, which wants to mark all HTTP sites as unsafe or unprotected.

See what Google has to say about it: HTTPS on Top Sites

For developers and webmasters:

There is a test site that has two pages, an HTTP link and another HTTPS link , and switching between them is shown in the current browser session the difference in loading both.

In view of the above, and if you do not have a site that is secure and not ranked on Google's search engine, run to secure an SSL security badge and install HTTPS on your site. :)

    
17.05.2017 / 19:30
2

"Not secure" means that your site does not have a security protocol SSL . You can get this protocol on some free and paid hosting sites, as was suggested by @Inkeliz. But that's not why you can not log in. What happens is that you are releasing the environment ( main.php ) via cookies. And if your browser is disabling this permission, you can not enter it for further verification.

I managed to log in quietly.

My suggestion. Work with $_SESSION of php that you will not have this problem.

    
17.05.2017 / 19:29