i am developing a log in form with session. When i log in and try to change page in the same domain and get back to login page, i am logged out and credentials needed. Bellow is the code.
mysky.php (login page)
<?php
session_start();
$pageTitle = 'MySky Login';
include 'header.php';
?>
<div id="cloud_box">
<div id="cloud_title">My<span>Sky</span> Login</div>
<form action="myskyweb.php" name="form" method="POST"
onsubmit="return IsEmpty();">
<div id="msg"><?php if(isset($msg)) { echo $msg; }?></div>
<div id="u">
<div id="user1">U</div>
<input type="text" id="user" name="user"/>
<div id="error_u"></div>
</div>
<div id="p">
<div id="pass1">P</div>
<input type="password" id="pass" name="pass"/>
<div id="error_p"></div>
</div>
<button id="btn" type="submit">Login</button>
</form>
</div>
<?php include 'footer.php';?>
myskyweb.php (after successfull login)
<?php
session_start();
if(!isset($_SESSION['id']))
{
header("Location: mysky.php");
}
$pageTitle = sprintf('MySky - %s', $_POST['user']);
include 'header.php';
include 'login.php';
?>
<?php
print_r($_SESSION);
?>
<div id="logout"><a href="logout.php">Logout</a></div>
<?php include 'footer.php';?>
page1.php (one page of my domain)
<?php
session_start();
$pageTitle = 'page1';
include 'header.php';
?>
<?php
print_r($_SESSION);
?>
<div id="structure">
<?php include 'footer.php';?>
page2.php (another page)
<?php
session_start();
$pageTitle = 'page2';
include 'header.php';
?>
<?php
print_r($_SESSION);
?>
<div class="slides">
<?php include 'footer.php';?>
login.php (checking if credentials are correct & give value to session)
<?php
include 'db_info.php';
$username = $password = $encrypted = $msg = '';
//connect to db
$conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName)
or die($conn);
//get values
$username = $_POST['user'];
$password = $_POST['pass'];
//prevent mysql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
//encrypt pass
$encrypted = md5($password);
//search
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
$result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));
//compare
$row = mysqli_fetch_array($result);
if (($row['username'] == $username) && ($row['password'] == $encrypted)){
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['username'];
$_SESSION['logged_in'] = time();
} else {
$msg = 'Credentials mismatch';
header("Location: /mysky.php");
die();
}
mysqli_close($conn);
?>
I used the function print_r() at all of the pages to understand if the problem is the session. Session is not the problem, because after log in every page shows the sessions var. So session keep the values after changing a page. I cannot undestand why i see login form in login page again rather to see successfull login page.
Any help is appreciated!