0

I am beginner in web development so please understand me. I am trying to create a session using php file and call it in javascript using ajax request. but after I input the path of the index.html in address bar, it always shows the index. I want to know how can i possibly do this with javascript and php. restricting the all the pages of the site if there is no user active.

for example logic: 

if (userhasValue == true) {
//redirect to index and can access the whole website
} else {
// redirect to login page
}

I have tried the code below but it still redirecting to index.html even if the data recieve in ajax request is empty.

<?php
   include('config.php');
   session_start();
   $user_check = $_SESSION['login_user'];
   $temparray = array();

      $ses_sql = mysqli_query($db,"select user_id,username,fullname from user where username = '$user_check'");

      $row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);

        if ($row > 0 ){         
                array_push($temparray, $row); //save your data into array
                echo json_encode($temparray);
        } else {
            echo 'Error';
        }

?>

function getUser(){
var user ='';
var fullname ='';
var id ='';
var tempArray = '';
var name = '';
    $.ajax({
            type:'POST',
            url:'../bench/php/session.php',
            data:'',
            success:function(msg){
                alert(JSON.stringify(msg));
                let tempArray = JSON.parse(msg)
                user = JSON.stringify(tempArray[0]['username']);
                fullname = JSON.stringify(tempArray[0]['fullname']);    
                id = JSON.stringify(tempArray[0]['id']);        
                document.getElementById('fullname').innerHTML = fullname;   
                if (msg == 'Error') {
                   window.location.href = "../pages-login.html";
                }                       
            }, error: function(e){
                console.log(e);
            }, complete: function(c){
                console.log(c);
            }
        });
}

The code above does not restrict the accessibility of the index.html and other pages if the user is not logged in.

I want to restrict the index page and other pages if the user try to redirect to index page without logging in.

Please help me. Any help will much be appreciated! Thanks in advance

Boo La Teh
  • 51
  • 1
  • 7
  • You should be using [Prepared Statements](https://phpdelusions.net/pdo#prepared) to prevent SQL injection. – Reed Mar 25 '19 at 05:20
  • Is your PHP running? If not, try `index.php` instead of `index.html`. It looks like the problem is with your javascript, though. Try `print_r($_POST)` and `print_r($_GET)` on the server. Is anything being submitted to the server? You may want to look at [`XmlHTTPRequest`](https://stackoverflow.com/questions/247483/http-get-request-in-javascript) – Reed Mar 25 '19 at 05:22
  • @Reed , where should I put the `print_r(something)` sir? – Boo La Teh Mar 25 '19 at 05:28
  • @Reed Sir? I have seen this on `console.log` may this is what you mean. `VM1202:1 Uncaught SyntaxError: Unexpected token A in JSON at position 79 at JSON.parse () at Object.success (index.js:33) at j (jquery-2.1.1.min.js:2) at Object.fireWith [as resolveWith] (jquery-2.1.1.min.js:2) at x (jquery-2.1.1.min.js:4) at XMLHttpRequest. (jquery-2.1.1.min.js:4)` – Boo La Teh Mar 25 '19 at 05:31
  • I think that's indicating that `let tempArray = JSON.parse(msg)` is failing. `msg` must not be valid `JSON`. – Reed Mar 25 '19 at 05:39
  • `print_r(...)` would go in the php script that you're submitting to. So, it would be in `../bench/php/session.php`. And sorry, you don't need `XmlHTTPRequest`, because that's what `$.ajax(...)` is using underneath. – Reed Mar 25 '19 at 05:41
  • In you `success` javascript function, you may want to write (first thing) `console.log("response:"+msg);` or `alert(msg);` So you can see what the server is returning from the `$.ajax` request. – Reed Mar 25 '19 at 05:43
  • @Reed , if I logged in an account, this is the return value sir, `response:[{"user_id":"1","username":"a.villar026","fullname":"Alexis Abulencia Villar"}]` – Boo La Teh Mar 25 '19 at 05:44
  • Also, there is no printed in console.log if i redirect only using address bar without logging in sir. – Boo La Teh Mar 25 '19 at 05:46
  • I'm off to bed. Hope you find a solution. If not, I may look over this again, but don't know how soon I'll be back on. – Reed Mar 25 '19 at 05:50
  • 1
    @Reed Ok sir. thanks by the way. – Boo La Teh Mar 25 '19 at 05:52

0 Answers0