0

So I have a login page with the following code. When the correct password is entered it is supposed to start the session using session_start(); $_SESSION['loggedIn'] = true; and then redirect to home.php using header.

I noticed that this works but then my home.php checks for a started session using the code below but then redirects me back to the login page (index2.php) So clearly the session is not started... but I am not sure why.

I was able to fix this issue myself. After adding session_start(); at the top of my php pages it still made me login twice. I realized it was because I was starting the session the using header to redirect to htttp://www.mysite.com/home.php but the browser was seeing that as a new session.

So I changed it... now it says header("Location: home.php"); and it fixed the problem.

TLDR: removed the htttp://www.mysite.com from the header()

The code for the login index.php page: 

 if(isset($_POST['password']))
  {
 //Connect to a database
  $host_name  = "*******.db.1and1.com";
  $database   = "db*******";
  $user_name  = "db******";
  $password   = "********.*******";

  $connect = mysqli_connect($host_name, $user_name, $password, $database);
  //    echo("nice job"); 

 //Take the values from the html form and assign them to variables
    $ID = $_POST['name'];
    $userpassword = $_POST['password'];

 //Check to see if the password matches the hashes
    if (md5($userpassword) === '**********************************' 
        or md5($userpassword) === '*********************' 
        or md5($userpassword) === '***************************' 
        or md5($userpassword) === '*******************') 
  {
 //Add the visitor name to our list
    mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
      //    echo "You have entered the correct password, congrats.";

 // Start the session so they can access other pages
    session_start();
    $_SESSION['loggedIn'] = true;
 // Redirect them to rest of site
    header("Location: http://www.abc123.com/home.php"); 
    die();
  }

  else {
    echo "<script type='text/javascript'>alert(\"Wrong Password. Check your  invitation card.\");</script>";

   } 
  }
 ?>

The code on the home.php that checks for loggedin users: 

<?php 
 session_start();
//Check to make sure the person is loggedin
 if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {
//if logged in then do nothing
  } else {
//if not logged int he redirect to the login page
header("Location: http://www.abc123.com/index2.php");
 }
?>
Badrush
  • 1,247
  • 1
  • 17
  • 35

1 Answers1

3

Add session_start(); at top of your page right after <?php tag

index.php

<?php
session_start();

// Your code

?>

Documentation

Ijas Ahamed N
  • 5,632
  • 5
  • 31
  • 53
  • I don't want to start a session before a password is input. If I do, then anyone can access my other pages. – Badrush Jan 25 '16 at 08:36
  • 1
    Please have a look here http://stackoverflow.com/questions/20308478/where-exactly-do-i-put-a-session-start – Ijas Ahamed N Jan 25 '16 at 08:38
  • Hmm, that actually worked. I can login now and going straight to another page does not work (which is what I want so they cannot access without logging in). Care to explain how this worked? – Badrush Jan 25 '16 at 08:39
  • You are a blessing for me, thank you very much. I didn't quite understand what an output was, now I see that it has to be the first thing otherwise I will get those header issues I had earlier. I am guessing it is the `$_SESSION['loggedIn'] = true;` that is preventing someone from going straight to another page. THANKS! – Badrush Jan 25 '16 at 08:41
  • Hey, so it is still is making me login twice, so it must still not be setting `$_SESSION['loggedIn'] = true` the first time. – Badrush Jan 25 '16 at 20:05
  • I fixed it, it was because my headers had `http://www.example.com` so I now just have `header("Location: home.php")` and it fixed the issue – Badrush Jan 25 '16 at 20:56