I found the problem,
I was having this issue when posting to the login form without the www. so the session was not being stored properly as if takes it as another domain.
Domanda
I have built a very basic script that allow users to login, for some reason the first time I login in, after Im on the home page if I click away I get logged out. The weird thing is that it only happens the first time. So If I login again I cant navigate around without any problem.
It feels like an automatic logged out after first login.
Any ideas???
thanks before hand.
Here is my logic to perform the login
function client_email_exists($email){
require(PATH . '/core/model/db_connect.php');
try{
$query = $db->prepare("
SELECT COUNT(client_id)
FROM clients
WHERE client_email = :email
");
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query->execute();
}catch(Exception $e){
include_once(PATH . "/core/view/error.php");
exit();
}
return $query->fetchColumn() ? true : false;
}
function login($email, $password) {
require(PATH . '/core/model/db_connect.php');
$user_id = user_id_from_email($email);
try{
$query = $db->prepare("
SELECT COUNT(client_id)
FROM clients
WHERE client_email = :email
AND client_pass = :pass
");
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query->bindParam(':pass', md5($password), PDO::PARAM_STR);
$query->execute();
}catch(Exception $e){
include_once(PATH . "/core/view/error.php");
exit();
}
return $query->fetchColumn() ? $user_id : false;
}
function login($email, $password) {
require(PATH . '/core/model/db_connect.php');
$user_id = user_id_from_email($email);
try{
$query = $db->prepare("
SELECT COUNT(client_id)
FROM client_users
WHERE client_email = :email
AND client_pass = :pass
");
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query->bindParam(':pass', md5($password), PDO::PARAM_STR);
$query->execute();
}catch(Exception $e){
include_once(PATH . "/core/view/error.php");
exit();
}
return $query->fetchColumn() ? $user_id : false;
}
/* [0] ==> Login Validation */
if(!empty($_POST)) {
$email = $_POST['email'];
$password = $_POST['password'];
if(empty($email) === true || empty($password) === true) {
$messages[] = '<p class="alert alert-danger">Necesitas introducir email y Contraseña</p>';
} elseif (client_email_exists($email) === false) {
$messages[] = '<p class="alert alert-danger">No podemos encontrar tu email o nombre de usuario, asegurate de que estás registrado!</p>';
} else {
$login = login($email, $password);
if($login === false){
$messages[] = '<p class="alert alert-danger">La combinación es incorrecta!</p>';
} else {
$_SESSION['client_login'] = $login;
header('Location: index.php');
exit();
}
}
}
Then To check if the users are logged in I use this function, located in all users pages bellow session_start()
function login_protect(){
if(!isset($_SESSION['client_login']) OR empty($_SESSION['client_login'])){
header("Location: login.php");
exit();
}
}
This would be a an example of a page.php, please note session_start() is declared in config.php
<?php
// ==> Model Code
require_once('config.php'); // session_start() included here
require_once(PATH . '/core/model/main.php');
require_once(PATH . '/core/model/contingencies.php');
// ==> Controller Code
login_protect();
$page = "contingencies";
include_once(PATH . '/core/controller/date_logic.php');
$contingencies = get_contingencies($show_month, $show_year);
// ==> View Code
include_once(PATH . '/core/view/header.php');
include_once(PATH . '/core/view/contingencias.tmpl.php');
include_once(PATH . '/core/view/footer.php');
Cheers!
Soluzione
I found the problem,
I was having this issue when posting to the login form without the www. so the session was not being stored properly as if takes it as another domain.