I know there is a lot of questions out there but they dont give much info or use other methods to authenticate. Lets begin:
I have a login page and main page. I login saving session in $_SESSION In every page i make session_start() and then i check if the user is loged looking $_SESSION.
When i login it redirects me to the main page. When i try login.php it detects correctly im in and redirects to main.php. When i refresh main.php it detects correctly my session.
THEN, i want to make a change in DB so i use the jquery function $.post to send post data to action.php and do some staff. Action.php echo "true" so the $.post handler can detect the change has been made correctly and redirect. Action.php echo "false" so the $.post handler alert an error was ocured.
When i make that change to the DB, it gets done and echo true so main.php refresh itself showing the change BUT INSTEAD OF REFRESH IT COME BACK TO LOGIN.PHP LOSING ALL SESSION DATA.
Here some code:
start_session
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
//session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_set_cookie_params(7200, "/", $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
top of main.php and login.php and action.php
include('../db_connect.php');
include('../functions.php');
sec_session_start(); // Our custom secure way of starting a php session.
if(!login_check($mysqli)){
header('Location: ../');
}
Javascript function to post data to action.php
function createTeam(){
var serializedData = $('#new_team_form').serialize();
$.post('action.php', serializedData , function (resp) {
if(resp == "false"){
$('#exists').html("El grupo que intentas crear ya existe o ha habido un error en la petición.");
}else{
window.location ="./";
}
});
return false; //Needs to return false cause its the submit button of form
}
action.php - what is echoed will be the return for $.post()
<?php
include '../db_connect.php';
include '../functions.php';
sec_session_start(); // Our custom secure way of starting a php session.
$team = $_POST['team'];
$_SESSION['user_id'] = $user_id;
if ($stmt = $mysqli->prepare("SELECT name FROM teams WHERE name = ? LIMIT 1")) {
$stmt->bind_param('s', $team); // Bind "$user_id" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if($stmt->num_rows == 1) {
echo "false1".$team;
} else {
//Creamos el grupo en la base de datos y ponemos al usuario en dicho grupo
if ($stmt = $mysqli->prepare("INSERT INTO teams (id, name) VALUES (DEFAULT, '$team')")) {
$stmt->execute(); // Execute the prepared query.
if($stmt = $mysqli->prepare("UPDATE members SET team = '".$team."' WHERE members.id ='".$user_id."' LIMIT 1 ")) {
$stmt->execute(); // Execute the prepared query.
echo "true";
}else{
echo "false2";
}
}else{
echo "false3";
}
}
} else {
echo "false4";
}
?>
