•  09-07-2023
  •  | 
  •  

Question 

<?php
session_start();
include 'connection.php';

$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT *  FROM Register 
          WHERE username= '" . $connection->real_escape_string($username) . "' 
            AND Password = '" . $connection->real_escape_string($password) . "'";

 $result = mysqli_query($connection, $query) or exit("Error in the query: $query. " .   mysqli_error());

$row = mysqli_fetch_assoc($result);

if ($row) {
    $_SESSION['username'] = $username;
    $_SESSION['user_id'] = $row['user_id'];
    if ($row['user_id'] == 1) {
        header('Location: AdminPage.php');
    } else {
        header('Location: ProtectedPage.php');
    }
} else {
    $_SESSION['error'] = 'User not recognised';
    echo 'user not recognised';
    header('location:Login.php');
}



?>

this is my loginaction page the issue im having is im being logged in but not directed or able to view the Admin or Protected pages it just tells me Welcome with a Logout link whenever i try to access them the code below is the code displayed a top the Admin and Protected pages

Firstly Admin Page Code

<?php

include 'connection.php';

 if (isset($_SESSION['user_id']) && $_SESSION['user_id'] === 1);    {
    echo " .$username ."; 
    $_SESSION["message"]="You must be logged in to view this page";

 }
    header('Location:Login.php');


?>

Then Protected Page

<?php

include 'connection.php';
if (isset($_SESSION['user_id']));{
    echo " .$username ."; 
    $_SESSION["message"]="You must be logged in to view this page";

}
    header('Location:Login.php');

?

> all answers and help is appreciated as this issue is driving me insane. ive changed my code a bit as i noticed some things were i now get logged in but recieved this error message which i dont understand

Warning: Cannot modify header information - headers already sent by (output started at /study/comp/c3383583/webpages/ISD/Website/Website/AdminPage.php:6) in /study/comp/c3383583/webpages/ISD/Website/Website/AdminPage.php on line 10

Was it helpful?

Solution

in your login script you miss session_start(); before setting $_SESSION variables

also:

if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == 1) {
    echo " .$username ."; 
    $_SESSION["message"]="You must be logged in to view this page";
} else {
    header('Location:Login.php');
}

notice else and i changed === to == because as i saw in your var_dump it says that its string and === matches both value and type of variable

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top