Having trouble getting my session up and running. I've been over looking my code for the past couple hours and I can't see to find what is wrong with it. The problem I am experiencing is that every time I type the username and password in, it just redirects me to the login page to type in the info again when it should be displaying the securedpage.php..
Here is my code:
loginproc.php page - This page steps through if statement and goes straight to the else
<?php
// Inialize session
session_start();
// Include database connection settings
include('../../model/database.php');
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string($_POST['password']) . "')");
// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: securedpage.php');
}
else {
// Jump to login page
header('Location: index.php');
}
?>
securedpage.php page
<?php
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: index.php');
}
?>
<html>
<head>
<title>Secured Page</title>
</head>
<body>
<p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b>
<br>You can put your restricted information here.</p>
<p><a href="logout.php">Logout</a></p>
</body>
</html>
database.php page
<?php
$dsn = 'mysql:host=localhost;dbname=sports_db';
$username = '';
$password = '';
$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
try {
$db = new PDO($dsn, $username, $password, $options);
} catch (PDOException $e) {
$error_message = $e->getMessage();
include 'errors/db_error_connect.php';
exit;
}
function display_db_error($error_message) {
global $app_path;
include 'errors/db_error.php';
exit;
}
?>
php session_start(); session_unset(); session_destroy(); header("location: login. php"); exit; ?> Now, we have successfully added the logout functionality to the website. Now let's add another functionality to the website.
That is, the $_SESSION[“member_id”] is set to manage the logged-in session. It will remain until log out or quit the browser. While logout, we unset all the session variables using the PHP unset() function.
Step 1 : Adding HTML Add an image inside a container and add inputs with matching labels for each field. Wrap a “form” element around them to process the input. Step 2 : Adding CSS Add the required CSS to design the login page try to keep the design as simple as possible.
You cannot mix PDO and mysql .. You are creating query in PDO
and using mysql_*
Try changing your code to
<?php
// Inialize session
session_start();
// Include database connection settings
include('../../model/database.php');
// Retrieve username and password from database according to user's input
$stmt = $db->prepare("SELECT * FROM user WHERE (`username` = :username) and (`password` = :password)");
$result = $stmt->execute(array(':username'=>$_POST['username'],':password'=>$_POST['password']));
$num_rows = $stmt->rowCount();
// Check username and password match
if ( $num_rows > 0) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: securedpage.php');
}
else {
// Jump to login page
header('Location: index.php');
}
?>
see reference
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With