yahoo5000 yahoo5000 - 6 months ago 25
PHP Question

Session are not working

Hello i have created login system but its not working for some reason , i start session after some one login and then made some check if session are isset and if session are no more then 1 hour :

this is my login script on index.php :

<?php
require 'mysql.php';

if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){
session_start();
session_unset();
session_destroy();

}

if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] < 3600){
header('Location: main.php');
}



if (isset($_POST["login"])){

$username = $_POST["username"];
$password = $_POST["password"];

$stmt = $connect->prepare("SELECT username, password FROM users WHERE username=? ");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$rowcount = $result->num_rows;
if ($rowcount > 0){

while ($row = $result->fetch_assoc()) {
if ($row["username"] == $username && $row["password"] == $password){

if(!isset($_SESSION)) {
session_start();
}
$_SESSION["username"] = $username;
$_SESSION["usertype"] = $row["usertype"];
$_SESSION["userid"] = $row["id"];
$_SESSION["CREATED"] = time();
header('Location: main.php');

} else {
$error_msg2 = "Username or password does not mach";
$error2 = "error";
}
}
} else {
$error_msg2 = "No such user";
$error2 = "error";
}

echo $error_msg2;
$stmt->close();
$connect->close();

}

?>


and this is main.php code :

if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){
session_start();
session_unset();
session_destroy();
header('Location: index.php');
}


so ones you login you will by redirected to main.php and if session are set u should be unable to access index.php cuz if you will try u and session are not expired you will get redirected back you main.php same with main if session are expired you will get redirected back to index.php to login , but no matter if you are logged in or no you can walk between them freely

Answer

You should call session_start in any case - it fills $_SESSION with values. Also it's enough to unset $_SESSION['username'], no need to destroy whole session - PHP can take care of that. Here is code that should work:

index.php

<?php
require 'mysql.php';

session_start();
if (isset($_SESSION['username'])) {
    if ($_SESSION['CREATED'] < 3600) {
        header('Location: main.php');
        exit;
    }

    unset($_SESSION['username']);
}


if (isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $connect->prepare('SELECT username, password FROM users WHERE username=? LIMIT 1');
    $stmt->bind_param('s', $username);
    $stmt->execute();
    $result = $stmt->get_result();
    $rowcount = $result->num_rows;

    if ($rowcount > 0) {
        $row = $result->fetch_assoc();

        if ($row['username'] == $username && $row['password'] == $password) {
            $_SESSION['username'] = $username;
            $_SESSION['usertype'] = $row['usertype'];
            $_SESSION['userid'] = $row['id'];
            $_SESSION['CREATED'] = time();

            header('Location: main.php');
            exit;
        } else {
            $error_msg2 = 'Username or password does not mach';
            $error2 = 'error';
        }
    } else {
        $error_msg2 = 'No such user';
        $error2 = 'error';
    }

    echo $error_msg2;
    $stmt->close();
    $connect->close();
}

main.php

session_start();
if (!isset($_SESSION['username']) || time() - $_SESSION['CREATED'] > 3600){
    unset($_SESSION['username']);
    header('Location: index.php');
    exit;
} 
Comments