So i have recently created a login script and section for all my users, obviously allowing them to login to a secure section on the website to view certain things. Once i check all the variables are correct and that the user has entered the correct details, i set two sessions. One sessions holds the user's ID and the other holds the time they logged in.
Then the page will redirect to a page called home.php so the user has their own little home page once they are logged in. However the redirect is finally working, but as a test on the other page, all i do is start the session and then echo out the two sessions.
Every time they are empty, meaning the sessions are not transfering from one page to another. I've no idea why, i just can't see what's gone wrong. So my question is, can anyone see where i've gone wrong. I'm checked to make sure i am using the right version and my hosting supports it and it all comes back positive, so i've no idea...please help! :)
<?php
//Session
session_start();
require 'conn.php';
//If the POST var "login" exists (our submit button), then we can
//assume that the user has submitted the login form.
if(isset($_POST['login'])) {
//Retrieve the field values from our login form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$passwordAttempt = !empty($_POST['password']) ? trim($_POST['password']) : null;
//Retrieve the user account information for the given username.
$sql = "SELECT id, username, password FROM users WHERE username = :username";
$stmt = $pdo->prepare($sql);
//Bind value.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch row.
$user = $stmt->fetch(PDO::FETCH_ASSOC);
//If $row is FALSE.
if($user === false){
//Could not find a user with that username!
//PS: You might want to handle this error in a more user-friendly manner!
die('Incorrect username / password combination!');
} else {
//User account found. Check to see if the given password matches the
//password hash that we stored in our users table.
//Compare the passwords.
$validPassword = password_verify($passwordAttempt, $user['password']);
//If $validPassword is TRUE, the login has been successful.
if($validPassword){
//Provide the user with a login session.
$_SESSION["user_id"] = $user['id'];
$_SESSION["logged_in"] = time();
echo " Display Errors: ".ini_set('display_errors', 1);
echo " Display Startup Errors: ".ini_set('display_startup_errors', 1);
echo " Error Reporting: ".error_reporting(E_ALL);
//echo "<script type='text/javascript'>window.top.location='home.php';</script>";
//exit;
//Redirect to our protected page, which we called home.php
?>
<!--<script type="text/javascript">
alert("Login successful!");
window.location.href = "home.php";
</script>-->
<?php
exit;
} else{
//$validPassword was FALSE. Passwords do not match.
die('Incorrect username / password combination!');
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<!-- Basic Page Needs
–––––––––––––––––––––––––––––––––––––––––––––––––– -->
<meta charset="utf8">
<title>Login</title>
<meta name="description" content="Service Department User Registration Details">
<meta name="author" content="Ben Smith">
<!-- Mobile Specific Metas
–––––––––––––––––––––––––––––––––––––––––––––––––– -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- FONT
–––––––––––––––––––––––––––––––––––––––––––––––––– -->
<link href="//fonts.googleapis.com/css?family=Raleway:400,300,600" rel="stylesheet" type="text/css">
<!-- CSS
–––––––––––––––––––––––––––––––––––––––––––––––––– -->
<link rel="stylesheet" href="../css/normalize.css">
<link rel="stylesheet" href="../css/skeleton.css">
<!-- Favicon
–––––––––––––––––––––––––––––––––––––––––––––––––– -->
<link rel="icon" type="image/png" href="../images/favicon.png">
</head>
<body>
<div class="container">
<div class="row">
<h1>Login</h1>
<form method="post" action="login.php">
<div class="row">
<div class="six columns">
<label for="username">Username</label>
<input class="u-full-width" type="text" name="username" id="username">
</div>
<div class="six columns">
<label for="password">Password</label>
<input class="u-full-width" type="password" id="password" name="password">
</div>
</div>
<input class="button-primary" type="submit" name="login" value="Login"></button>
</form>
</div>
</div>
</body>
So originally i had
//Provide the user with a login session.
$_SESSION['user_id'] = $user['id'];
$_SESSION['logged_in'] = time();
//Redirect to our protected page, which we called home.php
header('Location: home.php');
exit;
and once it got to that part of the script, the page would just reload. So instead of going to home.php it would refresh login.php and then the screen would be blank (obviously because there was nothing being printed to the screen)
Error Reporting When i put the following code in
ini_set('display_errors', 1); ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
I get nothing as a result