login-script | open source PHP script for user registration | Web Framework library

I downloaded login php script from GitHub (Link to it) and when I try to register, it displays me this error: Strict Standards: Only variables should be passed by reference in /homework/register.php on line 20 On login page it doesn't show any errors.

Code that I was using:

How can I initiate the below code when a user is logged out from another location and by user inactivity (similar to how wp-admin has the AJAX login overlay if a user is logged out)? Thus far, I have not been able to find any documentation or tutorials to how can be achieved FrontEnd without a plugin.

Like this

Login form in header

If a user session expires in wp-admin a user is logged out and with the page still open, WordPress overlays a modal login.

How can I register a user session expiring/logged out from another location and initiate an overlay from the frontend?

Currently, we are bringing up the login form via Javascript with button on('click',...) and the action of logging in and out is handled within functions.php

So, I have a js code calling a backend php script using ajax. The sole purpose of ajax is to send data(username and password) to the said php script. The php script will then query this data on the SQL server, and redirect to dashboard.html on success, or send a error message to the intial ajax request.

However, this is not what happens, and I cant find the source of error. So I tried some console logging and discovered that my SQL is correct and the ajax success function does get "Login Successful" echo if I remove the header() line. But with header() line present in php script, there is no data answer to ajax nor there a redirect to dashboard.html. Is there some concept which I'm missing?

I'm using a login script that I have found in Innvo.com, they do not answer... I have modified a little bit this code though, I need to retrieve the username value at the login page and I can not find the way... first I will put the code of the file (login.php) with all the classes that take care of the login, then the code that should go in the login page (access.php), where I need to retrieve the username of the logged user... thanks

I'm working on a user authentication class in PHP and have encountered some problems with session handling.

This is the basics:

1. global.php I have a file called global.php that's included at the beginning of each pageload. From this file I also include additional classes used, for example the class.uservalidation.php that I'm working on. I initiate the session in the global.php file.

2. class.uservalidation.php When this class is instantiated in the beginning of the global.phpfile there is a call to a checkLogin method in the constructor that checks the session variables emailand hash and if they match it will set the auth property to the level of the selected user.

3. login.php is the login page (obviously...) and when submitted this will call the login method of the uservalidation class. This method will set two session variables, email and hash when there's a successful login.

4. index.php is the default landing page that will show different content depending on the login status

And this is an example of how it works:

I go to login.php. Session is started, classes loaded an instantiated. checkLoginmethod will first report auth=0. I submit the form and the same page is loaded again. checkLogin will first report auth=0 yet again as the class is instantiated. Then in the login.php script I will call the login method and the session variables are set.

BUT...

I can see the session variables when I do print_r($_SESSION); only from the login.php file and NOT from global.php OR class.uservalidation.php (even if this is where I set the session variables).

This is a problem since I need to check the email and hash session variables from the loginCheck method on subsequent page loads.

Since $_SESSION is a superglobal I thought it would be accessible from anywhere, and I can't figure out what is wrong...

I have a feeling I'm missing something very basic here... I'm quite new to OOP so it might be that I'm missing some knowledge on how to declare variables or something but since it's a superglobal I thought it wouldn't matter.

[EDIT #1]

And here is some code (for some reason I can't paste into this textbox so I've created links to pastebin instead):

global.php:

I working on a login system that creates a session for the user once he logs in. I am attempting to make the system as secure as possible. I found some resources that claim session_start() itself is insecure and recommend taking extra steps to secure it. See: How to create bulletproof sessions and Secure login system with PHP and MySQL. I played around with WireShark and saw how easy it was to find the login credentials (sent with POST) and cookies when I used an HTTP Connection. I made the website automatically redirect to HTTPS and now I'm unable to find the credentials (side note: what does "Encrypted Handshake" mean?). I saw this post and it says

There is no such thing as secure cookie UNLESS it's transmitted over SSL only.

So it led me to think that using HTTPS is enough for a secure login system. Is using session_start() and only that secure now that I am using an HTTPS connection or do I need to add further security measures?

I have this code.

PHP