0

I have an issue with the header() and when I use my login script it redirects it back to the index.php page. I have looked at other posts on here and none of their methods worked for me, so I was wondering if i could get input from you guys for my situation. Here is my login script.

<?php
        require_once("database.php");
        if(isset($_POST['submit']))
        {
            $myusername = mysqli_real_escape_string($db,$_POST['myusername']);
            $mypassword = mysqli_real_escape_string($db,$_POST['mypassword']);

            $mem = mysqli_query($db,"SELECT * FROM members WHERE username='$myusername' AND password='$mypassword'");
            $info=mysqli_fetch_assoc($mem);
            $count=mysqli_num_rows($mem);
            if($count==1){
                session_start();
                $_SESSION['MyID'] = $info['id'];
                $_SESSION['MyUsername'] = $info['username'];
                header("Location:home.php");
                exit;
            }else{
                echo '
                <td colspan="3">
                                                                <table cellpadding="1" align="center" bgcolor="#cccc99"><tr><td>
                                                                     <table cellpadding="2" bgcolor="#FFFFCC"><tr><td>Invalid username or password. Please re-enter your user information.                                                                </td></tr></table>
                                                                </td></tr></table>
                                                        </td><br />
                ';
            }
        }
?>

Now I believe my code is correct as in the way it's set up and by using MySqli. But i'm not sure if its the code or the verification code.

<?php
        session_start();
        if(!isset($_SESSION['MyID'])||!isset($_SESSION['MyUsername']))
        {
            header("Location:index.php");
        }
?>

Everything seems to line up. My database connections are correct. Just that it loops back to the index page. Unless if there are certain functions that should be outside the if statement. Here is my database code, just to be on the safe side.

<?php
$host = "host";
$db_username = "username";
$db_password = "";
$db_database = "database";
$db = mysqli_connect($host,$db_username,$db_password,$db_database) or die("Errors");
?>

If there is anyway to fix this issue that would be greatly appreciated!

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Isaak Markopoulos
  • 1
  • 5
  • The `session_start()` looks like it comes in the middle of other HTML markup. That won't work if there's already been previous output due to [the Headers already sent error](https://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php) Please post more of the surrounding code, but my suspicion is that you need `session_start()` at the very top, before any output. – Michael Berkowski Aug 19 '15 at 01:29
  • Enable error reporting `error_reporting(E_ALL); ini_set('display_errors', 1);` at the top of your script, always when developing and testing code. You're likely to see PHP complaining about _headers already being sent, unable to start session - unable to send session cache limiter headers_ – Michael Berkowski Aug 19 '15 at 01:30
  • When I don't echo the error_reporting() and ini_set(). I dont get and error. but when I do `echo` it out, I get 32759, what ever that means. @MichaelBerkowski – Isaak Markopoulos Aug 19 '15 at 01:35
  • You need not `echo error_reporting()`. The 32767 is the error reporting value, not an error, which represents `E_ALL` as needed. But you need to turn on display_errors with `ini_set()` as suggested to see the error string. Or find it in your error log. – Michael Berkowski Aug 19 '15 at 01:38
  • I don't get an error, that's the thing. But if it's where `session_start();` is located. Where should it be placed? @MichaelBerkowski – Isaak Markopoulos Aug 19 '15 at 01:42
  • As I mentioned in the first comment, `session_start()` needs to occur before any output whatsoever, including whitespace, a ` `, any HTML, etc. It is explained in depth in the link in my first comment. – Michael Berkowski Aug 19 '15 at 01:43
  • All my php code goes above my HTML. There aren't any spaces. Blank lines. And for which code segment is incorrect and how should I fix it is what i'm looking for. @MichaelBerkowski – Isaak Markopoulos Aug 19 '15 at 01:53
  • Your `session_start()` call appears to come right in the middle of a `` somewhere, implying that you have `echo`'d some HTML previously from that PHP code block. That cannot happen. You must move the `session_start()` to occur before _anything else_ in your PHP code. Don't worry about it being placed in context of the `$_SESSION` set values. Just move it all the way to the top. Beyond that, you have to debug the contents of `$_SESSION` before you redirect or exit. We can't help with that much more.
     – Michael Berkowski Aug 19 '15 at 01:59
  • But I have an `else` to display if there was an error logging in. i don't see a `session_start()` anywhere in my HTML. It works when I change the path name to my logout page and that works. Why doesn't it go to the page I want it to go to? – Isaak Markopoulos Aug 19 '15 at 02:11
  • You have a `session_start()` right after `if ($count == 1)`. That is in the middle of `` tags, implying there has been output before it (it doesn't have to be rendered in the HTML, but there can be no output sent by PHP before it). That being true, the session is not being started correctly and the two variables you set will not stick. Those not sticking causes your other check to fail later, so it redirects to a home page. Comment out the `header()` calls to disable redirects, and insert the `ini_set('display_errors', 1);` at the top, and `var_dump($_SESSION);` to check your values. – Michael Berkowski Aug 19 '15 at 03:02

1 Answers1

0

Are you sure both your session variables being assigned in following lines??

 $_SESSION['MyID'] = $info['id'];

 $_SESSION['MyUsername'] = $info['username'];

I doubt that one of them or both of them are not being assigned properly. So in the home.php page it redirects back to the index because one of these or both of them are not set.

To make sure add var_dump($_SESSION); exit; before redirecting to home.php in your logging script and see any of them are NULL.

Bhavin Bhadani
  • 22,224
  • 10
  • 78
  • 108
Danu
  • 1
  • 2
  • insert after $_SESSION['MyUsername'] = $info['username']; and check what is the output.. – Danu Aug 19 '15 at 03:38