Sith1234 Sith Sith1234 Sith - 8 days ago 6
MySQL Question

Unable to view the page after logged in

when I go to the page that I put the authentication code it will ask me to log in first before login. The issues are after I logged in it doesn't go to the page that wanted to go and after that clicked to the same page again it ask me to log in again. Am I did something wrong here!?

loginform.php

<div class="container">
<div class="row">
<di class="col-md-4 col-md-offset-4">
<fieldset>
<legend>Login </legend>
<form method="post" action="loginProcess.php">
<div class="form-group">
<label>User name:</label>
<input type="text" name="username" class="form-control" required>
</div>
<div class="form-group">
<label>Password:</label><input type="password" name="password" class="form-control" required>
</div>
<div class="form-group">
<input type="submit" name="submit" value="Login" class="btn btn-default pull-right">
</div>
</form>
</fieldset>
</di>
</div>


loginProcess.php

<?php
session_start();
include ("dbCon.php");


$username = filter_has_var(INPUT_POST, 'username') ? $_POST['username']: null;
$passWD = filter_has_var(INPUT_POST, 'password') ? $_POST['password']: null;

$sql = "SELECT passwordHash FROM te_users WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql);

mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $passWDHash); //Get the password hash from the query results for the given username and store it in the variable indicated

if(!empty($username)){
if(!empty($passWD)){
if (mysqli_stmt_fetch($stmt)) { //Check if a record was returned by the query.
if (password_verify($passWD,$passWDHash)){
$username = $_SESSION['username'];
$login = $_SESSION['login'];
$_SESSION['login'] = true;
header("location:index.php");
}
else
{
echo "<p>Sorry, we don't seem to have that password.</p>";
}
}
else {
echo "<p>Sorry, we don't seem to have that username.</p>";
}
}
else {
echo "<p>Please enter the password.</p>";
}
}
else {
echo "<p>Please enter the username.</p>";
}


mysqli_stmt_close($stmt);
mysqli_close($conn);

?>


otherpage.php

this is the code that use for authentication

if( empty($_SESSION['logged_in']) )
{
header('Location:login.php');
exit;
}
else
{

}

Answer

You are doing things the wrong way round in the section that registers the successful login, and also setting a different $SESSION variable name than the one you check in your are they logged in code.

                if (password_verify($passWD,$passWDHash)){

                    //$username = $_SESSION['username'];
                    //$login = $_SESSION['login'];
                    //$_SESSION['login'] = true;

                    $_SESSION['username'] = $username;
                    $_SESSION['logged_in'] = true;

                    header("location:index.php");
                } else {
                    echo "<p>Sorry, we don't seem to have that password.</p>";
                }

Also remember to start the session in any script that want to use the session

<?php
session_start();

if( empty($_SESSION['logged_in']) ) {
    header('Location:login.php');
    exit;
} else {

}
Comments