If not logged in redirect to php page not working

Question

I have a login page in PHP just done for testing, I know my code is not secure.

I did below code to get some data from table and display in table:

session_start();
include("config.php");

if(isset($_SESSION['email']) && $_SESSION['email'] == true){
    $user_email=$_SESSION['email'];

    $check_user="select * from admin WHERE user_email='$user_email'";

    $run=mysqli_query($link,$check_user);

    while($row = $run->fetch_assoc()){

        $_SESSION['access']=$row['access'];
        $_SESSION['name']=$row['user_name'];

    }
}

Till here it's working properly, when I login into my page using following code for login page:

session_start();
include("config.php");

if(isset($_POST['login'])){
    $user_email=$_POST['email'];
    $user_pass=$_POST['pass'];

    $check_user="select * from admin WHERE user_email='$user_email'AND user_pass='$user_pass'";

    $run=mysqli_query($link,$check_user);

    if(mysqli_num_rows($run)>0){

        $_SESSION['email']=$user_email;

        $_SESSION['access']=$result['access'];

        //here session is used and value of $user_email store in $_SESSION.
        echo "<script>window.open('index.php','_self')</script>";
    }else{
    echo "<script>alert('Email or password is incorrect!')</script>";
    }
}

But when I'm trying to add the following code for redirecting user if not logged in, even if I login I'm redirected to login page again and again.

The mistake is with the below code:

session_start();
include("config.php");

if(isset($_SESSION['email']) && $_SESSION['email'] == true){
    $user_email=$_SESSION['email'];

    $check_user="select * from admin WHERE user_email='$user_email'";

    $run=mysqli_query($link,$check_user);

    while($row = $run->fetch_assoc()){

        $_SESSION['access']=$row['access'];
        $_SESSION['name']=$row['user_name'];
    }
}

//if login in session is not set
if(!isset($_SESSION['login'])){ 
    header("Location: login.php");
}

I am new to php, can anyone please tell me what is wrong with my code?

You set the value for `$_SESSION['access']` and `$_SESSION['name']` if login successfully but you check login against `$_SESSION['login']` — catcon, Jul 13 '19 at 05:54
I don't see where you are setting $_SESSION["login"], are you setting it somewhere else? — John.M, Jul 13 '19 at 05:55
@catcon i didnt understand coz i am new to this can you please help me with my code as an answer — TEIA 2019, Jul 13 '19 at 05:55
@John.M i didnt set session login anywhere, i am doing coding with the help of google, so there is alot of mistakes from my side — TEIA 2019, Jul 13 '19 at 05:56
@TEIA2019 : [Try this link](https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php) — Niklesh Raut, Jul 13 '19 at 06:00
You should click through the link provided above, there's a lot of good info in there that you must include in your login script. — John.M, Jul 13 '19 at 06:17
@TEIA2019 - Please also read up on how to prevent sql injection here - https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 — John.M, Jul 13 '19 at 09:44

score -3 · Answer 1 · answered Jul 13 '19 at 06:09

-3

<?php
session_start();
include("config.php");

if(isset($_SESSION['email']))
{
$user_email=$_SESSION['email'];
$check_user="select * from admin WHERE user_email='$user_email'";

$run=mysqli_query($link,$check_user);

while($row = mysqli_fetch_array($run))
{
$_SESSION['access']=$row['access'];
$_SESSION['name']=$row['user_name'];
$_SESSION['login']=$row['user_login'];

}

}

if(!isset($_SESSION['login'])){ //if login in session is not set
    header("Location: login.php");}
?>

3 code

<?php
session_start();
include("config.php");

if(isset($_POST['email']) && isset($_POST['pass']))
{
$user_email=$_POST['email'];
$user_pass=$_POST['pass'];

$check_user="select * from admin WHERE user_email='$user_email' AND user_pass='$user_pass'";

$run=mysqli_query($link,$check_user);

if(mysqli_num_rows($run)>0)
{

while($row=mysqli_fetch_array($run)){
$_SESSION['email']=$user_email;

$_SESSION['access']=$result['access'];
}

//here session is used and value of $user_email store in $_SESSION.
echo "<script>window.open('index.php','_self')</script>";

}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}
}?>

2 code

    <?php
session_start();
     include("config.php");

    if(isset($_SESSION['email']))
    {
    $user_email=$_SESSION['email'];

    $check_user="select * from admin WHERE user_email='$user_email'";

    $run=mysqli_query($link,$check_user);

    while($row = mysql_fetch_array($run))
    {
    $_SESSION['access']=$row['access'];
    $_SESSION['name']=$row['user_name'];
    }

    }
     ?>

1 code

answered Jul 13 '19 at 06:09

Mubinjon Muinov

51
8

No no no, you're recommending that the OP pass posted data directly into the query, his code has a number of issues, reusing it in this answer is bad advice. – John.M Jul 13 '19 at 06:16
its still not working, redirecting me to login page again and again – TEIA 2019 Jul 13 '19 at 06:35
on code 3, remember $ _SESSION ['login'] = $ row ['user_login']; on $ _SESSION ['login'] = $ row ['access']; If it works, check it out. – Mubinjon Muinov Jul 13 '19 at 06:41
@MubinjonMuinov can you please tell me from this value is coming $_SESSION['login']=$row['user_login']; – TEIA 2019 Jul 13 '19 at 06:41
one more thing, do you have data on the admin table? There is an email check, but if there is no data on the table or there is no similar data, you will be redirected to the "login.php" – Mubinjon Muinov Jul 13 '19 at 06:45
@TEIA2019 You on the 3 code check on $ _SESSION ['login'] but on your code I don’t where I get the $ _SESSION ['login'] value on myself and so I added this code to check if the code works. – Mubinjon Muinov Jul 13 '19 at 06:48
@MubinjonMuinov there is no $row['user_login']; set in my code, i did using your changes its not working – TEIA 2019 Jul 13 '19 at 06:51
then after the code $ run = mysqli_query ($ link, $ check_user); on code 3 write echo mysqli_num_rows($run); and see how many rows it returns. – Mubinjon Muinov Jul 13 '19 at 06:55
1

Please add some explanation to your code - what **exactly** have you changed and why? Keep in mind that such an explanation helps others to understand your code – Nico Haase Jul 16 '19 at 09:24

If not logged in redirect to php page not working

1 Answers1