0

I am writing a script to login a user (this will not be accessible from outside users) where a simple login form will suffice in logging a user in and setting a session.

I seem to be having an issue where it just redirects me back presumably because the session parameter isn't met but the login I am using exists and it will attempt to redirect to log me in. Here is my code, any help would excellent:

Login page

<form action="login.php" method="post">
<input type="text" name="user_email" />
<input type="password" name="user_password" />
<button></button> 
</form>

Login.php 

include 'config.php';

$email = mysqli_real_escape_string($con, $_POST['user_email']);
$password = mysqli_real_escape_string($con, $_POST['user_password']);

$query = "SELECT * FROM users WHERE user_email = '". $email ."' AND user_password = '". $password ."'" ;
$result = mysqli_query($con, $query);

if (mysqli_num_rows($result) == 1) {
    $_SESSION['login_user'] = $username;
    header('Location: dashboard.php');
} else {
    echo 'fail!';
}

?>

header.php

<?php
session_start();
if( !isset($_SESSION['login_user']) ){
    header('Location: index.php');
} else{
    echo 'Logged in';
}
?>
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
PhpDude
  • 1,542
  • 2
  • 18
  • 33
  • Turn on PHP's error display. At the top of your script: `error_reporting(E_ALL); ini_set('display_errors', 1);` always when developing and testing code. You will find PHP complaining to the effect of "cannot set session cache limiter" or "headers already sent". You cannot have any output of any kind preceding a call to `header(),setcookie(),session_start()`. – Michael Berkowski Jun 15 '16 at 18:27
  • You will need to reorganize this code to move the HTML markup and any PHP output (like `echo`) to occur only after `session_start()` and `header()` calls. This includes the empty linebreaks between `?> – Michael Berkowski Jun 15 '16 at 18:28
  • Sorry the code isnt in this order, it consists of three files – PhpDude Jun 15 '16 at 18:30
  • Please edit above to illustrate that. The problem is very possibly the same though -- and if the middle section is its own file, I don't see `session_start()` called there - it must be called on _every_ script that reads or writes `$_SESSION`. – Michael Berkowski Jun 15 '16 at 18:33
  • @Dan have you got session_start() atop of the login.php page? – Matt Jun 15 '16 at 18:33
  • @MichaelBerkowski No errors show at all I do have reporting set – PhpDude Jun 15 '16 at 18:33
  • @MichaelBerkowski So session_start() must exist in login.php also? would the reside at the very top? – PhpDude Jun 15 '16 at 18:34
  • 1
    @Dan You need session_start() atop any and all pages you want to use session data. – Matt Jun 15 '16 at 18:35
  • @Matt Thanks guys this did the trick! – PhpDude Jun 15 '16 at 18:35
  • The odd thing is now that it says Root is my username? it isnt... – PhpDude Jun 15 '16 at 18:43
  • At no point did you set the value of `$username`, but it may have been set somewhere else with a stale value. Did you forget to do `mysqli_fetch_assoc($result)`? – Michael Berkowski Jun 15 '16 at 18:47
  • @MichaelBerkowski I have just realised its grabbing that from my db connect file! – PhpDude Jun 15 '16 at 18:48

1 Answers1

1

Session_start must be on top.

Put this block of code on top before the forms and it will work:

<?php
session_start();
if( !isset($_SESSION['login_user']) ){
    header('Location: index.php');
} else{
    echo 'Logged in';
}
?>
SD433
  • 143
  • 11