Blueblazer172 Blueblazer172 - 1 month ago 6
PHP Question

Redirecting browser error [header] with php session and cookie

I'm having a strange issue with my header redirection after successfull

password_verify()
Here is a part from the login.php

login.php

$sql = "SELECT * FROM formular WHERE email='".$emailUsername."' OR username='".$emailUsername."'";
$result = $conn->query($sql);
$row = $result->fetch_assoc();

if (password_verify($password, $row["hash"])) {
if (isset($_POST["remember_me"])) {

$_SESSION["remember_me"] = $emailUsername;

setcookie('remember_me', md5($emailUsername . time()));
$stmt = $conn->prepare("INSERT INTO sessions (id) VALUES (?)");
$stmt->bind_param("s", $_COOKIE["remember_me"]);
$stmt->execute();

if ($stmt->affected_rows) {

}

$stmt->close();
$conn->close();
}
$_SESSION = array(
"login" => true,
"data" => array(
"username" => $row["username"],
"email" => $row["email"],
"time" => time() +10*5
)
);
header('Location: ../home/userarea.php');
exit();
}
else {
$errorField2 = "<div class=\"alert alert-danger\">".
"<strong>Whoops!</strong> Wrong entries!".
"</div>";
}


now on the top of every single page i have a file that checks if the session is set and then redirect the user to the page. and on the loginpage i have a remember_me checkbox that should set a cookie after successful entries, so that the user has not to logg in again and redirect him automatically to the userarea.php.



In my case any user can see userarea.php

bootstrap.php

ob_start();
if (isset($_SESSION["login"])) {
if ($_SESSION["data"]["time"] >= time()) {
if(isset($_COOKIE["remember_me"])) {
header('Location: ../home/userarea.php');
exit();
}
} else {
header('Location: ../log_reg/login.php');
exit();
}

} else {

//This line here is running my browser into the redirecting error "Page could not be loaded: The called website redirects the request so that it can never be terminated."

#header('Location: ../log_reg/login.php');
#exit();
}
ob_end_flush();


this file should set a cookie if
remember_me
isset and a
session
if the user just logged in without checking
remember_me

Cookies are allowed to set in my browser so that could't be the problem.

Answer

your issue is at the

isset($_SESSION["login"])

it is in an infinite loop, so that the redirection won't be executed :P
This is how to handle it right:

ob_start();
if (isset($_SESSION["login"])) {
    if ($_SESSION["data"]["time"] >= time()) {
        if(isset($_COOKIE["remember_me"])) {
            header('Location: ../home/userarea.php');
            exit();
        }
    } else {
        header('Location: ../log_reg/login.php');
        exit();
    }

} else {
    if (basename($_SERVER["REQUEST_URI"]) == "login.php"){

    }
    else {
        header('Location: ../log_reg/login.php');
    }
}
ob_end_flush();