php post request and redirection

Question

I'm creating a page where the add_user.php page is supposed to log you in afterwards

The login.php page uses the:

$_POST['username']
$_POST['password']

To authenticate and log you in, it also fills out plenty of session variables which I do not want to recalculate

I want the add_user.php to login after inserting into the database.

Here are the final bits of code that are not performing the function I'm after:

$_SESSION["username"] = $username;
$_SESSION["password"] = $password;
header("location:dashboard.php");

I want to use $username and $password and pass them to the login.php page.

Setting a location header will cause the browser to make a GET request, There is no header that can instigate a POST. There are numerous ways you can complete your task (Have Login accepts GET parameters, `include` login withing add_user, perform the redirect with javascript form submit) - for a proper answer you will need to edit your question to include a lot more details — Steve, Dec 16 '15 at 12:36
Why don't you pass the variables to `login.php` using the `html` form `method="post"`? — chriz, Dec 16 '15 at 12:45

user1403333 · Accepted Answer · 2015-12-16T12:51:09.560

I think there are a lot of ways to do that, the most simple ones are

1 Create a session key(stored in the db per session and user), set it by writing it into something like $_SESSION['sKey'], and on the page you want to be logged in do something like:

 if (isset($_SESSION['sKey'])){
    $validLogin = check_sKey_from_DB($_SESSION['sKey']); //previously created function that checks, if the key is present in the DB and still valid...
    if($validLogin){
     //you are logged in
    }
 }

in the DB you should have something like:

 Table(sessions): 
 userid(foreignkey)|loggedin(date)|sessionid(randomly generated Number)|validthrou(date)

2 pass e.g. GET attributes with the header, something like:

 header("Location:index.php?user=mustermann&pass=123")

or just set the Session, and check for that...

I would never advise having the password of any sort in plaintext in the GET url request — chriz, Dec 16 '15 at 12:42

score 0 · Answer 2 · answered Dec 16 '15 at 12:50

0

Useing PHP SESSION superglobal array you need to start SESSION at the very beginning of the <?php ?> portion.
See the example-

<?php
session_start();  //session is started here just the next line of <?php
$username = $_POST['username'];
$password = $_POST['password'];

$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

?>

Now this session variables may be used any other pages say add_user.php page.

answered Dec 16 '15 at 12:50

Sajeeb Ahamed

6,070
2
21
30

I have: if (empty($_SESSION["username"])) {//not a new user $username = $_POST['username']; $password = $_POST['password']; header("location:loggedin.php"); } to test, unfortunately I never get redirected – Adel Ahmed Dec 16 '15 at 13:14
Your question is not so clear to me. You have the problem in the header() function? If just the header() function not works then I suggest you an effective process. Use – Sajeeb Ahamed Dec 16 '15 at 13:26

score -1 · Answer 3 · edited Dec 16 '15 at 14:21

-1

Keep in mind to start session before setting any value of global variable $_SESSION

session_start(); is used to start a session.

edited Dec 16 '15 at 14:21

Alexander Wigmore

3,157
4
38
60

answered Dec 16 '15 at 12:39

Prashant Sharma

148
11

php post request and redirection

3 Answers3