1

I know this error is very common and plenty of solution are mentioned but for some reason I cant get it working.

This is my index.php file which is the log in page for users

    <?php    
    session_start();    
    if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
      header ("Location: index.php");
    }    
    ?>
    ...
    ...
    <form  name='log' action='loginproc.php' method='POST'>  
    <input type="text" placeholder="Username" name="username">
    <input type="password" placeholder="Password" name="password">
    <input type='submit'  value='Login' onclick="return check()">
    </form>

This is the loginproc.php file

<?php
    require 'config.php';

    require 'core.inc.php'; 

    if(isset($_POST['username'])&&isset($_POST['password'])) {

        $username = $_POST['username'];
        $password = $_POST['password'];

        if(!empty($username) && !empty($password)) {
            // $md5pwd = md5($password);
            $query = "SELECT username FROM `login` WHERE `username` = '$username' and `password` = '$password';";
            //echo $query;
            //$query_run = mysqli_query($query);

            //echo $query_run;
            if($query_run = mysqli_query($conn,$query)) {
                //echo $query_run;
                $query_num_rows = mysqli_num_rows($query_run);

                if($query_num_rows==0) {
                    phpAlert(   "Invalid USERNAME or PASSWORD combination"   );
                    echo '<script type="text/javascript">window.location = "index.php"</script>';
                    exit();
                    //echo '<p>&nbsp;&nbsp;&nbsp;Invalid USERNAME or PASSWORD combination <br /><br />&nbsp;&nbsp;<a href="index.php"> Click here to Login </a> ';
                }
                else if($query_num_rows==1) {
                    //echo 'Hello';
                    $_SESSION['username']=$username;
                    header('Location: main.php');
                }
            }
        }
        else {
            echo 'You Must supply a username and password';
        }
    }
    function phpAlert($msg) {
        echo '<script type="text/javascript">alert("' . $msg . '")</script>';
    }
?>

The core.inc.php file

<?php

    ob_start();
    session_start();

    function loggedin() {
        if(isset($_SESSION['username'])&& !empty($_SESSION['username'])) {
            return true;
        }
        else {
            return false;
        }
    }
?>
user3342812
  • 343
  • 8
  • 25

2 Answers2

1

you need to add an extra parameter when redirecting to index.php.

<?php    
    session_start();    
    if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
      if($_REQUEST['ftime']!=1)
     {
        header ("Location: index.php?ftime=1");
     }
    }    
    ?>
sandeep soni
  • 303
  • 1
  • 12
1

You need to have the redirect go elsewhere for logged in users and bypass when not logged in:

<?php    
session_start();
// if session username is set and valid, go to somewhere else
if(isset($_SESSION['username']) && !empty($_SESSION['username'])) {
    // elswhere could be a profile page, or similar
    header("Location: elsewhere.php");
    // It is more accepted to exit after a header
    exit;
}
?>

<!-- All other instances beside valid login will allow this to form to show-->
<form  name='log' action='loginproc.php' method='POST'>  
    <input type="text" placeholder="Username" name="username">
    <input type="password" placeholder="Password" name="password">
    <input type='submit'  value='Login' onclick="return check()">
</form>
Rasclatt
  • 12,498
  • 3
  • 25
  • 33