Login not redirecting to next page

Question

My login page is refusing to redirect to the home page but when the session verification code is taken off from the home page, it works. I am trying to ensure no user can access the home page without logging Please help me out . Thanks

Index.php

<!DOCTYPE html><?php session_start();?>

<html>
<head>
 <title>User Login</title>
</head>

<body>
 <form action="login.php" method="post">
 <table width="500" align="center" bgcolor="skyblue">
 <tr align="center">
 <td colspan="3"><h2>User Login</h2></td>
</tr>

<tr>
 <td align="right"><b>Email</b></td>
 <td><input type="text" name="email" required="required"/></td>
</tr>

<tr>
<td align="right"><b>Password:</b></td>
 <td><input type="password" name="pass" required="required"></td>
</tr>

<tr align="center">
<td colspan="3">
<input type="submit" name="login" value="login"/>
</td>
</tr>
</table>
</form></body></html>

Login.php

<?php
$con = mysqli_connect("localhost","root","","test");
 if (mysqli_connect_errno())
 {
 echo "MySQLi Connection was not established: " . mysqli_connect_error();
 }

 if(isset($_POST['login'])){
 $email = mysqli_real_escape_string($con,$_POST['email']);
 $pass = mysqli_real_escape_string($con,$_POST['pass']);
 $sel_user = "select * from users where user_email='$email' AND    user_pass='$pass'";
 $run_user = mysqli_query($con, $sel_user);
 if (mysqli_num_rows($run_user)>0)
  {
 $_SESSION['user_email']=$email;
  header('Location: home.php');
  }
 else {
 echo "<script>alert(' Email or password is not correct, try again!')</script>";

 }

 }

?>

Home.php

<?php
session_start();
if (!isset($_SESSION['nID']))
header("Location: index.php");
?>
<html>

welcome
</html>

session.php

<?php
$con = mysqli_connect("localhost","root","","tech_dept");
if (mysqli_connect_errno())
{
echo "MySQLi Connection was not established: " . mysqli_connect_error();
}
$user_check=$_SESSION['leaders_username'];
$sel_user = "Select leaders_username from login where  leaders_username='$user_check'";
$ses_sql = mysqli_query($con, $sel_user);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['leaders_username'];
if(!isset($login_session)){
mysql_close($con); 
header('Location: index.php'); 
}
?>

start session_start(); in login.php and you haven' t set value for $_SESSION['nID'] in login.php — Gayan, Mar 12 '16 at 10:55

score 0 · Answer 1 · answered Mar 12 '16 at 10:45

0

Remove login.php from your action

<form action="" method="post">

answered Mar 12 '16 at 10:45

Domain

11,562
3
23
44

Because of this action it will redirect to again login.php page – Domain Mar 12 '16 at 10:47
This won't do any good. How do you plan on getting the data from `Index.php` to `Login.php` if you remove the action? – Qirel Mar 12 '16 at 11:45
Yes you are right. I think you want to use session_start(); in login.php file. – Domain Mar 12 '16 at 11:50

score 0 · Answer 2 · answered Mar 12 '16 at 10:53

0

You have to start session in login.php file. Otherwise your session variable will not be set.

answered Mar 12 '16 at 10:53

JuZer

775
2
7
14

I have added session_start() in login.php and also set $_SESSION['nID'] which now works but I can now access home.php without login. How can I fix this? I shouldn't be able to access home.php without login – user2998991 Mar 12 '16 at 16:52
I think that u have active session and home.php passing ur check.. try to open ur page in "incognito window" and see – JuZer Mar 12 '16 at 17:03
Thanks guys it worked. I had an active session but now fixed. – user2998991 Mar 14 '16 at 14:20

score 0 · Answer 3 · edited May 23 '17 at 12:15

For starters, session_start() needs to be called on all pages that are going to use the $_SESSION superglobal in any way. It's a good idea to place it on every page though, as your session can in worst case expire without your intent.

In particular, your Login.php doesn't call session_start(). And most likely, error_reporting(E_ALL); would've told you about this (a PHP Notice: "Undefined variable: _SESSION in ...").

I also noticed that your Login.php doesn't set $_SESSION['nID'], but instead you set $_SESSION['user_email'] = $email;. You need to be consistent with your naming of variables. You can have more than one session, but from the looks of it, your code only sets $_SESSION['user_email'], while you use another session entirely. And then in sessions.php you use $_SESSION['leaders_username']. (What do you even use session.php for?

A note on security: You really, really, really should use prepared statements with bound variables to avoid SQL-injection. You're using an API that allows for this, so you should take advantage of it. You should read How can I prevent SQL injection in PHP?

I have added session_start() in login.php and also set $_SESSION['nID'] which now works but I can now access home.php without login. How can I fix this? — user2998991, Mar 12 '16 at 16:51
I think that u have active session and it just passing ur check. — JuZer, Mar 12 '16 at 17:01
@user2998991 Check that you have no kind of output prior to `header("Location: ...");` in your `home.php`. Also enable error-reporting [`error_reporting(E_ALL);`](http://php.net/manual/en/function.error-reporting.php) [`ini_set('display_errors', 1);`](http://php.net/manual/en/function.ini-set.php) — Qirel, Mar 12 '16 at 17:32

Login not redirecting to next page

3 Answers3