PHP session variables not carrying over to my admin page once I redirect from login to admin page

Question

I have a Login Page; if username and password match with database will redirect to admin; but on admin page Iam not getting session variables. first my login page:

<?php
session_start(); //Start the session
session_regenerate_id(true); 
//print_r($_SESSION);
use Ct\Ct\Data\Data;
extract($_POST);
$eventlists = Data::getpassword();
foreach ($eventlists as $eventlist) {
    $get_list_username = $eventlist->user_name;
    $get_list_password = $eventlist->user_pass;
}
//echo $get_list_username.'outside'; 
if(isset($_POST['submit'])) {
    $your_name = $_POST['username'];
    $your_password = $_POST['password'];
    $_SESSION['usr'] = $your_name;
    $_SESSION['pwd'] = $your_password;
    //echo $_SESSION['username'];
    if($_SESSION['usr'] == $get_list_username && $_SESSION['pwd'] == $get_list_password) {
        print('<script>window.location.href="https://ct.org/admin-gunpage-update/"</script>');                  
    }
    else {
       echo '<center><b style="color:red;position: relative;left: -27%;">Invalide username or password, please check again!   </b></center>';             
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>Login Gun Page Update</title>
</head>
<body>
<form name="login" id="login" method="POST" action="">
    <label class="log_in"> LOGIN </label>
    <p><label for="username" class="username">Username: </label><input type="text" size="100" name="username" id="username" value="" placeholder="UserName"/></p>
    <p><label for="password" class="password">Password: </label><input type="password" size="40" name="password" id="password" value="" placeholder="Password"/></p>
    <p><input type="submit" name="submit" id="submit" class="submit" value="Submit"/> <input type="reset" name="reset" id="reset" class="reset" value="reset"/></p>
</form>
</body>
</html>

then admin page:

<?php
session_start(); //Start the session
print_r($_SESSION);
if(!isset($_SESSION['usr']))      // if there is no valid session
{
    print('<script>window.location.href="https://ct.org/login-gun-page-updates/"</script>');
    //echo 'NOT working !!';
}
echo $_SESSION['usr'];
use Ct\Ct\Data\Data;
extract($_POST);
if(isset($save))
{
    Data::getupdate($ticketsavailable);     
    print('<script>window.location.href="https://ct.org/gun-drawing/"</script>');
}
$ticketleft = "";
$ticketleft = Data::getticketsavailable();
//print_r($ticketleft);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>update page</title>
</head>
<body>
<form action="" method="POST">
    <label class="update_heading"> UPDATE  TICKETS </label> <a href='https://ct.org/logout-gunpage-update-form/' class="logout_link" > Logout</a><br>
    <label for="update" class="update"> Update Number: </label><input type="textbox" id="ticketsavailable" name="ticketsavailable" value="<?php echo $ticketleft[0]->ticket_available; ?>"/><br><br>
  <input type="submit" name="save" value="Submit">
</form>
</body>
</html>

I have a Login Page; if username and password match with database will redirect to admin; but on admin page I am not getting session variables. I did print_r($_SESSION); it shows empty on admin page. And I have started session on both page please help!! please help I am not having time!!

Possible duplicate of [When and why I should use session\_regenerate\_id()?](https://stackoverflow.com/questions/22965067/when-and-why-i-should-use-session-regenerate-id) — , Jan 31 '18 at 09:48
If i remove session_regenerate_id(); still it does not work!!! please help — Bindiya, Jan 31 '18 at 09:50
I don't know where to start debugging this mess; first of all, you're setting `$_SESSION['usr']` to the form's user even if the login data doesn't match. And you're redirecting using echoed JS instead of `header("Location: ...");` - And why are you overwriting `$get_list_username` multiple times in your loop? And why do you have `extract($_POST)` but then don't use any of the generated variables? — , Jan 31 '18 at 09:57
redirecting using echoed JS instead of header("Location: ..."); because this header is working fine on Local server but on LIVE its not working... — Bindiya, Jan 31 '18 at 10:03
and where Am I overwriting $get_list_username multiple times , this $get_list_username contains username value from my database i just compared it with my session value — Bindiya, Jan 31 '18 at 10:05
In the foreach loop through this $eventlist variable i get value from column ->user_name; and store it in $get_list_username and the compare with session ; — Bindiya, Jan 31 '18 at 10:14
Exactly. That is where you are overwriting `$get_list_username` multiple times. I don't know what exactly `Data::getpassword()` is returning, but if it's an array, you're setting the two variables to what the last element stores. But this is unrelated to your session issue. However if you can't even get `header("Location: ...");` to work, you have bigger problems. — , Jan 31 '18 at 10:16
public function getpassword() { global $wpdb; $eventslist = $wpdb->get_results("select user_name,user_pass FROM login_admin where id = 1"); return $eventslist; } — Bindiya, Jan 31 '18 at 10:18
for now my problem is iam not getting session variables on admin page. — Bindiya, Jan 31 '18 at 10:22
It is working on LOCAL but iam afraid to update it on LIVE... — Bindiya, Jan 31 '18 at 11:02
Its not working on LIVE array is still empty on admin page and it does not open admin again it redirects back to login page again and again! — Bindiya, Jan 31 '18 at 11:16
In that case you need to start looking for the error somewhere else. Check in the browser's network tab which cookies are sent. Use another browser entirely. Clear all cookies. Etc. — , Jan 31 '18 at 14:46
Its showing no cookies send on admin page when i checked in network tab — Bindiya, Feb 01 '18 at 05:33

score 1 · Answer 1 · answered Jan 31 '18 at 10:21

1

my suggestion is first you login then store username with some user access key in session ex.($_SESSION['username']=$username); and store user access in another session variable ($_SESSION['useraccess']="admin"); after login successfully, use this session for other webpage

answered Jan 31 '18 at 10:21

ganesh avhad

94
4

The issue is the entire `$_SESSION` getting lost between pages, I don't see how this answer solves that problem. – Jan 31 '18 at 17:50

PHP session variables not carrying over to my admin page once I redirect from login to admin page

1 Answers1