Set Session With Post Data

Question

So I'm trying to use laravel-based login table, which is the hash that I can't even compare it with basic php hash login. No, you can't make hash exactly look like laravel. But I use the remember_token that is come from users table.

Here is the code on my laravel view:

<form action="http://localhost/log/index.php" method="post">
       <input type="hidden" value="{{ Auth::user()->remember_token }}" name="wex">
       <button type="submit" class="btn btn-default">Check</button>
</form>

As you can see, I'm trying to POST remember_token value, that will received on my http://localhost/log/index.php as variable.

Index.php (Keep in mind, this is not using laravel):

<?php
    include "koneksi.php";

    if (isset($_POST['wex'])) {
        $token = $_POST['wex'];
        $query = "SELECT * FROM users WHERE remember_token = '". $token ."'" ;
        $result = mysqli_query($db_link,$query);

        if (mysqli_num_rows($result) != 1) {
            header("Location: http://localhost/laralearn/public/login");
        }

        session_start();
        $_SESSION['user'] = "member";
    }
    else{

        if(!isset($_SESSION['user'])){
            header("Location: http://localhost/laralearn/public/login");
        }
    }


?>

The variable and page redirect if the remember_token isn't valid (working), but I can't set the session. When I tried to open the index.php on new tab, it's redirecting which is meaning the session isn't settled.

Can you tell me where am I doing something wrong? It would be nice if you explain it and tell me what the code should look like.

Thank you.

Answer 1

Put session_start(); right under the PHP tag. It must be called before there is any output and just to be on the safe side, include it before there is anything else called either.