So when the user hits log in this code is executed: LoggedIn.php
<?php
include 'connect.php';
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password does not exist!');
}
// Prepare our SQL
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$stmt->bind_param('s', $_POST['username']);
if(!$stmt->execute()){
trigger_error("there was an error....".$mysqli->error, E_USER_WARNING);
}
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($password);
$stmt->fetch();
// Account exists, now we verify the password.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
header('location: userPage.php');
//**should I create the session here?**
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username blar password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
OR should the session be created when they are on the userPage.php. This is the page that they get access to when they log on
<?php
ob_start();
include 'connect.php';
if(!isset($_SESSION['username']) || !isset($_SESSION['password']))
{
header("location:http://www.fortunefilly.com/loginTemplate.php");
}
else
{
session_start();
$username =$_SESSION['username'] ;
}
?>
But I don't think its actually creating a session because I try to echo out $username but It doesn't work. Just a few pointers on the scenario would be helpful
Thank you in advance
