This is just about the last thing I have left to do and I will have officially created my first PHP registration/login system.
What I have is a file called checksession.php. This file checks to see if a user is logged in/has a session created. If the user does, it should let them view their account page. If it isnt, it should send them to index.php.
As it stands, it is sending the user back to index.php even after successfully logging in. I am not sure what I am doing wrong in this script.
checksession.php
<?php
include('includes/db.php');
session_start();
$userSession = $_SESSION['username'];
$sql = mysqli_query($db, "SELECT emailAddress FROM users WHERE emailAddress='$username' ");
$row=mysqli_fetch_array($sql,MYSQLI_ASSOC);
$login_user=$row['emailAddress'];
if(!isset($userSession )) {
header("Location: index.php");
}
?>
username is referencing the username field they are filling out when logging in on the login form which is login.php.
On their account page, which in this case is account.php, I have the following:
<?php
include("includes/checksession.php");
?>
Should this be redirecting to index.php or should it be setting the session based on the username they are inputting? I did make sure the start_session(); on my login.php page as well.
Make sure its session_start(); on my login.php page not start_session();
Try to echo out the $userSession and $_SESSION['username'] to see what they actually hold
Try the statement this way
.
if(isset($_SESSION['username'])) {
//do what ever
}else{
header("Location: index.php");
}
The Variable $userSession will always be set, it may me be null or empty string but it will always be set from your code.
Change the check to:
if(!isset($_SESSION['username'])) {
header("Location: index.php");
}
Ok
I dont know if this is the best way to do this as I think I may be over complicating this but here we go:
I took the check.php code and actually dropped this into my login code in order to set the SESSION.
Right below that I have the following code:
if(mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $login_user; // Initializing Session
header("location: account.php"); // Redirecting To Other Page
} else {...
Logged in and voila. I am taken to my account.php like I would expect to be. If I log out and then try to view account.php, I am bounced back over to index.php.
Related
I am having an issue with PHP, as I am trying to write a program that will redirect the user back to the previous page (membersOnly.php). Here is the code that isn't currently working for me.
$sess = $_SESSION['sess_username'];
if ($sess == "admin") {
return;
} else {
header("Location: membersOnly.php");
}
My attempt is to only allow the user "admin" into the admin.php page. This code is the first thing to run. The $_SESSION['sess_username'] variable is assigned in login.php with the following code:
session_start();
$_SESSION['sess_username'] = $_POST['user'];
header("Location: membersOnly.php");
Now I know I am correctly setting the session username, because in any page I choose, I can use echo $_SESSION['sess_username']; and it displays the username. But I am not sure what I am doing wrong when I try to send the user back to membersOnly.php if their username is not admin. Currently when I try to go to that page, it denies access to any user, including admin.
[EDIT: SOLVED]
I forgot to add session_start(); at the top of the page.
Danbopes is right, you are "returning" an empty page. You can simply do this. Now note that this code will not work unless the username "admin" is saved in the session.
$sess = $_SESSION['sess_username'];
if($sess !== 'admin'){
header("Location: membersOnly.php");
exit();
}
//ADMIN CONTENT
I have a log in script where I have been able to successfully make users, and log in. Now my issue is that whenever I try to use my method of protecting pages, being seeing if there is a SESSION for 'user' if not it directs you back to the login page.
Here is me checking for the session,
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: login");
die("Redirecting to login");
}
Here is where I am setting my session, I am ONLY setting a session_start(); on login.php
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: home?worked=1");
die("Redirecting to: home?worked=1");
session_start();
}
else
{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
What this does, is I log in, and it will process and bring me to my home page, then process the header back to the login page acting as if I am not logged in. I tested a false login and it IS telling that its the correct login.
Thanks for any help, I'm pulling my hair out here!
Necro
EDIT
I moved session_start(); to the top of my common.php, and everything is perfect.
You have session_start(); after $_SESSION['user'] = $row;
Actually you have it after a die(); command. Nothing happens after that.
Put session_start(); at the top of PHP in every page (pref common.php since you have one) not just one page.
It would be better to set the session_start() on top
You need to put session_start(); on every page you want to use the session.
I have a simple website that lets the admins and users log in. There credentials are saved onto a mysql server in 2 separate tables. 1 for user, 1 for admin.
They both of different login pages, user has userlogin.php and admin has adminlogin.php
What i want is, when they are both done with accessing the site, i want them to click logout and through session variables, use just the one logout.php and redirect them to their respective login pages.
So if the user logs out, they should be redirected to userlogin.php and if admin logs out, they should be redirected to adminlogin.php
<?PHP
session_start();
unset($_SESSION["userid"]);
header("Location: userlogin.php");
unset($_SESSION["adminid"]);
header("Location: adminlogin.php");
?>
This is what i have so far.
if(isset($_SESSION["userid"]))
{
unset($_SESSION["userid"]);
header("Location: userlogin.php");
}
elseif(isset($_SESSION["adminid"]))
{
unset($_SESSION["adminid"]);
header("Location: adminlogin.php");
}
die();
Use session_destroy()
logout.php
<?php
session_start();
if(isset($_SESSION["adminid"]))
{
unset($_SESSION["adminid"]);
session_destroy();
header("Location: adminlogin.php");
}
else
{
unset($_SESSION["userid"]);
session_destroy();
header("Location: userlogin.php");
}
?>
<?php
session_start();
header ('Location: ' . (isset($_SESSION['adminid']) ? 'adminlogin.php' : 'userlogin.php'));
$_SESSION = array();
session_destroy();
?>
Since some people asked for an explanation, this code first starts the session with session_start();.
After that, it sets the location header to be sent to the client. The code checks if the adminid is set, if so, we'll redirect to adminlogin.php. If not, we'll just redirect to userlogin.php.
Then, the code sets the $_SESSION to array(); (basically just empties it) so that all the previously set data is gone.
Finally, the session is destroyed and the client will get redirected.
I created a login page in php named as index.php. Now when the user logs in it redirects to mypage.php. The login works fine. But also mypage.php gets open when I type the url of mypage.php even without login. I want the user must logged in to see mypage.php and incase if he changes the url in browser then an error message should be triggered. What to do?
1.localhost/index.php
2.localhost/mypage.php
In index.php, once the user gets logged in successfully, set an session. like $_SESSION['login'] = true; before redirect. If invalid login, use $_SESSION['login'] = false; Don't forget to start the session on the top of the page. session_start();
In mypage.php, check if that session is set or not. If not set, throw error, else show the page.
session_start();
if(isset($_SESSION['login']) && $_SESSION['login'] == true) {
echo 'You are welcome';
} else {
echo 'redirecting to login page';
header('Location: index.php');
exit;
}
How are you storing the state of being 'logged in'?
You'll need to have your mypage.php check a variable that has been set by the index.php's successful login process.
Can you paste your code here and I can take a look
In order for a login to work correctly, your "secure" page (I use that term relatively because nothing is truly secure) needs to have some sort of validation conditional. In other words you need to have some way of determining if the user is logged in.
A simple way to do this in PHP is to set a session variable when you process the user's credentials. For example:
When the user successfully logs in set a session variable like so:
$_SESSION['isLoggedIn'] = true;
Then on the mypage.php check to see if the variable is set:
if(!isset($_SESSION['isLoggedIn']) || $_SESSION['isLoggedIn'] != true) {
header("Location: index.php");
exit;
}
Please also note, it is imperative if you are using sessions that you have session_start(); as the first line of all of your files. This allows $_SESSION variables that were set on a separate page to be able to be read on the current page.
Hope this helps.
I have a log in script where I have been able to successfully make users, and log in. Now my issue is that whenever I try to use my method of protecting pages, being seeing if there is a SESSION for 'user' if not it directs you back to the login page.
Here is me checking for the session,
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: login");
die("Redirecting to login");
}
Here is where I am setting my session, I am ONLY setting a session_start(); on login.php
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: home?worked=1");
die("Redirecting to: home?worked=1");
session_start();
}
else
{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
What this does, is I log in, and it will process and bring me to my home page, then process the header back to the login page acting as if I am not logged in. I tested a false login and it IS telling that its the correct login.
Thanks for any help, I'm pulling my hair out here!
Necro
EDIT
I moved session_start(); to the top of my common.php, and everything is perfect.
You have session_start(); after $_SESSION['user'] = $row;
Actually you have it after a die(); command. Nothing happens after that.
Put session_start(); at the top of PHP in every page (pref common.php since you have one) not just one page.
It would be better to set the session_start() on top
You need to put session_start(); on every page you want to use the session.