CODEWITHSUNDEEP
phpsession
Small Legend
Small Legend

Reputation: 688

Create session before access to page

So when the user hits log in this code is executed: LoggedIn.php 

<?php
include 'connect.php';
if ( !isset($_POST['username'], $_POST['password']) ) {
    // Could not get the data that should have been sent.
    die ('Username and/or password does not exist!');
}
// Prepare our SQL 
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
    // Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
    $stmt->bind_param('s', $_POST['username']);
    if(!$stmt->execute()){
    trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
    } 
    $stmt->store_result(); 
    // Store the result so we can check if the account exists in the database.
    if ($stmt->num_rows > 0) {
        $stmt->bind_result($password);
        $stmt->fetch();      
        // Account exists, now we verify the password.
        if (password_verify($_POST['password'], $password)) {
            // Verification success! User has loggedin!
            header('location: userPage.php');
                    //**should I create the session here?**

        } else {
            echo 'Incorrect username and/or password!';
        }
    } else {
        echo 'Incorrect username blar password!';
    }
    $stmt->close();
} else {
    echo 'Could not prepare statement!';
}
?>

OR should the session be created when they are on the userPage.php. This is the page that they get access to when they log on

<?php
ob_start();
include 'connect.php';
if(!isset($_SESSION['username']) || !isset($_SESSION['password']))
{
    header("location:http://www.fortunefilly.com/loginTemplate.php");
}
else
{
    session_start();
    $username =$_SESSION['username']  ;
}
?>

But I don't think its actually creating a session because I try to echo out $username but It doesn't work. Just a few pointers on the scenario would be helpful

Thank you in advance

Upvotes: 0

Views: 117

Answers (2)

DirtyBit
DirtyBit

Reputation: 16772

If you plan to use/create/unset (whatsoever) the sessions, you must write session_start(); in the very beginning of your code:

LoggedIn.php

<?php
include 'connect.php';
session_start();
if ( !isset($_POST['username'], $_POST['password']) ) {
    // Could not get the data that should have been sent.
    die ('Username and/or password does not exist!');

Or in your userPage.php:

<?php
session_start();
ob_start();
include 'connect.php';
if(!isset($_SESSION['username']) || !isset($_SESSION['password']))
{
    header("location:http://www.fortunefilly.com/loginTemplate.php");
}

EDIT:

Coming back to the problem now, you need to set the sessions, a good palce would be:

 if (password_verify($_POST['password'], $password)) {
            // Verification success! User has loggedin!

            header('location: userPage.php');
                    //**should I create the session here?**

Taking it right out like a sore tooth:

if(!isset($_SESSION['username'])){ //should do it

Upvotes: 2

William_Wilson
William_Wilson

Reputation: 1264

session must be started before accessing session variables:

<?php
session_start();
ob_start();
include 'connect.php';
if(!isset($_SESSION['username']) || !isset($_SESSION['password']))
{
    header("location:http://www.fortunefilly.com/loginTemplate.php");
}
else
{
    $username =$_SESSION['username']  ;
}

?>

Upvotes: 1

Related Questions