Newbie working on a form and having problem w/$_SESSIONS()...

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

31 Replies - 624 Views - Last Post: 19 February 2019 - 06:41 AM Rate Topic: -----

#1 vbtalent   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 17
  • Joined: 13-February 19

Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 04:37 AM

My first post to the forum so excuse my ignorance if I've done something incorrect just let me know.

I'm working on a relatively simply intranet with 4 pages (login, main, detail, process). I am having problems right now with understanding $_SESSIONS(). I want to force my users if not already logged in to have to go to the login.php page and enter their credentials and not allow them to individual select a page if not logged in therefore validating the session.

On my login page I have the following code:

<?php

// *** Validate request to login to this site.
if (!isset($_SESSION['emplid'])) {
  session_start();
}

if (isset($_POST['username']) && isset($_POST['password'])) {
  $username=$_POST['username'];
  $password=$_POST['password'];
  $loginactive = "N";
  $LoginSuccess = "main.php";
  $LoginFailed = "index.html";

 
	$result= $mysqli -> query("SELECT EMPL_ID, ACTIVE FROM employees WHERE EMPL_NAME='$username' AND PASSWORD='$password'") or die($mysqli->error);

	 if (($result) && ($result->num_rows !== 0)) { 
		while($row = $result->fetch_assoc()){
				//set to employee.active (Y or N)
				$loginactive = $row['ACTIVE'];
				$empl_id = $row['EMPL_ID'];
		}
	 }
	
	//test user is active
	if ($loginactive == "Y") {
		//declare session variable and assign recordset EMPL_ID
		$_SESSION['emplid'] = $empl_id;
		// successful login, direct them to main.php
		header("Location: main.php");
	} else {
		header("Location: login.php");
	}
}
?>


I read this to mean if a user has not already logged and the $_SESSION value of emplid has not been set then start a session and set the value emplid to the users EMPL_ID, is that correct?

On each of my other forms I have the following code:

//initialize the session and verify user is logged in and allowed to view site
if (!isset($_SESSION['emplid'])) {
  header("Location: login.php");
}
?>


My login page is not working and I think its related to
session_start();
missing from my pages but I'm not understanding why... it seems that I need to check on every page if the $_SESSION variable emplid is set before just starting a session.

Thanks for any guidance you can provide.

VB,

Is This A Good Question/Topic? 0
  • +

Replies To: Newbie working on a form and having problem w/$_SESSIONS()...

#2 andrewsw   User is online

  • Stealth IT
  • member icon

Reputation: 6737
  • View blog
  • Posts: 27,745
  • Joined: 12-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 04:53 AM

If you are using sessions then just put session_start(); as the first line of each relevant page.

Quote

session_start() creates a session or resumes the current one


the docs

It makes sense that you resume the session before attempting to read a value from it.
Was This Post Helpful? 0
  • +
  • -

#3 andrewsw   User is online

  • Stealth IT
  • member icon

Reputation: 6737
  • View blog
  • Posts: 27,745
  • Joined: 12-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 05:02 AM

Please start using parameterized queries as early as possible, don't inject values directly into SQL strings.
Was This Post Helpful? 0
  • +
  • -

#4 vbtalent   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 17
  • Joined: 13-February 19

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 05:11 AM

Thanks for the quick reply.

I have a button for logging out (killing session) on my main form:

//if user selected to logout, clear the session and go to login page **needs clear session work**
if (isset($_POST['logout'])){
	// Destroying the session clears the $_SESSION variable, thus "logging" the user
	// out. This also happens automatically when the browser is closed
	session_destroy();
	header("Location: login.php");
}

I believe this is correct.

However, after clicking the button, effectively destroying the session, if I try to access my process.php page containing the following at the head:

//initialize the session and verify user is logged in and allowed to view site
session_start();
if (!isset($_SESSION['emplid'])) {
  header("Location: login.php");
}


It doesn't direct me to the login.php page, it just continues to read the code on the page and leaves me on the process.php page.
Was This Post Helpful? 0
  • +
  • -

#5 andrewsw   User is online

  • Stealth IT
  • member icon

Reputation: 6737
  • View blog
  • Posts: 27,745
  • Joined: 12-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 07:23 AM

When the button you mention is clicked does it actually POST anything? If not then there won't be anything in the $_POST array and the test if (isset($_POST['logout'])){ will fail, and the session will not be destroyed.
Was This Post Helpful? 0
  • +
  • -

#6 vbtalent   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 17
  • Joined: 13-February 19

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 08:05 AM

Is the best option for viewing the $_POST, var_dump($_POST);?
Was This Post Helpful? 0
  • +
  • -

#7 andrewsw   User is online

  • Stealth IT
  • member icon

Reputation: 6737
  • View blog
  • Posts: 27,745
  • Joined: 12-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 08:08 AM

That's a good choice... it does the job

print_r also works
Was This Post Helpful? 0
  • +
  • -

#8 vbtalent   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 17
  • Joined: 13-February 19

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 09:06 AM

I'm seeing the following:

array (size=0)
empty

Was This Post Helpful? 0
  • +
  • -

#9 andrewsw   User is online

  • Stealth IT
  • member icon

Reputation: 6737
  • View blog
  • Posts: 27,745
  • Joined: 12-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 09:25 AM

Doesn't that then confirm my suggestion in post #5?

$_POST contains values posted to the page, these values don't persist automatically across pages.
Was This Post Helpful? 0
  • +
  • -

#10 vbtalent   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 17
  • Joined: 13-February 19

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 09:27 AM

One other thing to add is that I do get redirected to:
header("Location: login.php");


It seems as though the $SESSION variable 'emplid' isn't being destroyed if I'm understanding how session_destroy() works.. I could be wrong.

VB,
Was This Post Helpful? 0
  • +
  • -

#11 andrewsw   User is online

  • Stealth IT
  • member icon

Reputation: 6737
  • View blog
  • Posts: 27,745
  • Joined: 12-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 09:29 AM

session_destroy() :the docs

But, as I mentioned, if the post array is empty then session_destroy would not be called (referring to your above code).
Was This Post Helpful? 0
  • +
  • -

#12 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2766
  • View blog
  • Posts: 10,958
  • Joined: 03-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 10:00 AM

What is the html used for the logout button? That would be where I would look for issues first.
Was This Post Helpful? 0
  • +
  • -

#13 vbtalent   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 17
  • Joined: 13-February 19

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 01:53 PM

The form looks like the following...

form action="process.php" method="post">
	<div class="row justify-content-center">
		<div class="container">
			<table class="table">
				<thead>
					<tr>
						<th colspan="8" class="font-weight-bold"><h2>Shop Floor Priority</h2></th>
						<th><p align="right"><button type="submit" class="btn btn-danger" name="logout">LOGOUT</button></p></th>
					</tr>
					<tr>
						<th class="bg-light text-body"></th>
						<th class="bg-light text-body">Job#</th>
						<th class="bg-light text-body">Line#</th>
						<th class="bg-light text-body">Status</th>
						<th class="bg-light text-body">Cust#</th>
						<th class="bg-light text-body">Name</th>

Was This Post Helpful? 0
  • +
  • -

#14 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2766
  • View blog
  • Posts: 10,958
  • Joined: 03-December 12

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 02:01 PM

hmm

print_r($_POST) at the top of the page.
Was This Post Helpful? 0
  • +
  • -

#15 vbtalent   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 17
  • Joined: 13-February 19

Re: Newbie working on a form and having problem w/$_SESSIONS()...

Posted 13 February 2019 - 04:45 PM

View Postastonecipher, on 13 February 2019 - 02:01 PM, said:

hmm

print_r($_POST) at the top of the page.


Here is the Login page, after Submitting the form the $_POST still is empty... Array ( )


<?php require_once('/Connections/Shop.php'); ?>
<?php

// *** Validate request to login to this site.
if (!isset($_SESSION['emplid'])) {
  session_start();
}
print_r($_POST);

if (isset($_POST['username'],$_POST['password'])) {
  $username=$_POST['username'];
  $password=$_POST['password'];
  $loginactive = "N";
  $LoginSuccess = "main.php";
  $LoginFailed = "index.html";

 
	$result= $mysqli -> query("SELECT EMPL_ID, ACTIVE FROM employees WHERE EMPL_NAME='$username' AND PASSWORD='$password'") or die($mysqli->error);

	 if (($result) && ($result->num_rows !== 0)) { 
		while($row = $result->fetch_assoc()){
				//set to employee.active (Y or N)
				$loginactive = $row['ACTIVE'];
				$empl_id = $row['EMPL_ID'];
		}
	 }
	
	//test user is active
	if ($loginactive == "Y") {
		//declare session variable and assign recordset EMPL_ID
		$_SESSION['emplid'] = $empl_id;
		// successful login, direct them to main.php
		header("Location: main.php");
	} else {
		header("Location: login.php");
	}
}
?>
<!doctype html>
<html lang="en">
<head>
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

    <!-- Bootstrap CSS -->
    <link rel="stylesheet" src="/css/bootstrap.min.css" >
    <link href="/css/bootstrap.css" rel="stylesheet" type="text/css">
  <title>Sign-In</title>
  </head>
  <body>

    <!-- Optional Javascript -->
    <!-- jQuery first, then Popper.js, then Bootstrap JS -->
    <script src="/jquery/jquery-3.3.1.slim.min.js"></script>
    <script src="/popper/popper.min.js"></script>
    <script src="/js/bootstrap.min.js"></script>

  <div class="container-fluid">
		<form id="login1" name="login1" method="post" action="">
			<table width="300" border="0" align="center" cellpadding="3" cellspacing="0">
			<tr>
			  <td colspan="2" align="right"><h1>Shop</h1></td>
			</tr>
			<tr>
			  <td width="144" align="right">Username:</td>
			  <td width="148" align="center"><input name="username" type="text" value=""></td>
			</tr>
			<tr>
			<td width="144" align="right">Password:</td>
			<td align="center"><input name="password" type="password" value=""></td>
			</tr>
			<tr>
			<td width="144" rowspan="2">&nbsp;</td>
			<td align="center">&nbsp;</td>
			</tr>
			<tr>
			  <td align="center"><input class="btn btn-secondary" type='reset' value='Reset' />&nbsp;&nbsp;&nbsp;<input class="btn btn-primary" type="submit" name="Submit" value="Submit"/></td>
			</tr>
			<tr>
			  <td bgcolor='#ffffff' >&nbsp;</td>
			  <td bgcolor='#ffffff' align='center'>&nbsp;</td>
			</tr>
			</table>
		</form>
	</div>

  </body>
</html>

Was This Post Helpful? 0
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3