I need to control a session in a REST API
. My REST API
is implemented with slim
and doctrine
and within the routes.php file I have defined the POST
request of the login:
session_start();
$app->post('/login', function ($request, $response) {
$em = getEntityManager();
$args = $request->getParsedBody() ?? json_decode($request->getBody(), true);
$user = $em->getRepository(Usuario::class)->findOneByUsername($args['username']);
if (null == $user) {
echo "<script language='javascript'>alert('User not found'); window.location='App.php'</script>" ;
} else {
if ($user->getPassword() == $args['password']){
$_SESSION['id'] = $user->getId();
$_SESSION['username'] = $user->getUsername();
if($user->getAdmin() && $user->getEnabled()){
echo "<script language='javascript'>window.location='Admin.php'</script>" ;
} else if($user->getEnabled()){
echo "<script language='javascript'>window.location='Comparator.php'</script>" ;
} else {
echo "<script language='javascript'>alert('Account
inabilited'); window.location='App.php'</script>" ;
}
} else {
echo "<script language='javascript'>alert('Incorrect Password'); window.location='App.php'</script>" ;
}
}
});
I have 3 page .php
. In page App.php
I have an access form. I want to do is that when any user wants to enter the Admin or Comparator page, he can not enter without logging in previously.
For this I have added the following code to the pages previously named:
<?php if (session_status() != "PHP_SESSION_ACTIVE" && session_status() != 2) { ?>
<script>window.location='App.php'</script>
<?php }?>
But when entering a valid username and password I get the following error:
It's very weird because the field username in the class Usuario exists. Any solutions?