my sessions gets deleted when I am going to a new page on my website, or this is what I think is wrong, but I am not sure about this.
I am using this in a login-system with PHP and MYSQLI.
I will post the code here so if anyone is up for it they can look at it and maybe see where the error is.
This is the index.php located in the root folder (/)
<?php session_start(); ?>
<?php
include_once "Includes/Database/check_login.php";
if (login_check() == TRUE) : ?>
this is an protected page!
<?php else : ?>
<!DOCTYPE html>
<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"> </script>
</head>
<body>
<script>location.href='loginpage.php';</script>
</body>
<?php endif; ?>
This is the loginpage.php located in the root folder (/)
<?php session_start(); // session starts with the help of this function
include_once "Includes/Database/check_login.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Hardcorefight.dk</title>
<link rel="stylesheet" href="Includes/Layout/Index/loginlayout.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"> </script>
</head>
<body>
<div class="fixedwebsitesize" id="fixedwebsitesize">
<div class="outerlogin" id="outerlogin">
<div class="login" id="login">
<form action="Includes/Database/login.inc.php" method="post" name="login_form"> <!-- This is the login form, that sends to login.inc.php.-->
<div class="username" id="username">
<input type="text"
name="user"
placeholder="user"
class="user_login"
/>
</div>
<div class="password" id="password">
<input type="password"
name="pass"
class="pass_login"
placeholder="Password"
/>
</div>
<div class="loginbutton" id="loginbutton" >
<input type="submit"
value="Login"
class="login_input"
/>
</div>
</form>
</div>
</div>
<div class="logoutbox"> <!-- This is an button that changes to register or log out depending if the user is logged in or not -->
<input type="button"
<?php if (login_check() == TRUE) : ?>
onclick="location.href='destroysession.php';"
value="Log Out"
<?php else : ?>
onclick="location.href='register.php';"
Value="register"
<?php endif; ?>"
class="logout_button"
/>
</div>
</div>
</body>
</html>
This is the login.inc.php located in the Database folder (/Includes/Database/) It checks if the input information is correct and makes the Sessions.
<?php
session_start(); // session starts with the help of this function
include_once "db_connect.php"; // include the connect file to the db.
$user_input = $_POST['user']; //Get's the post['user'] from loginpage.php
$pass_input = $_POST['pass']; //Get's the post['pass'] from loginpage.php
if($result = $db_new->query("SELECT * FROM members WHERE username='$user_input'")){ // chooses the row from the DB that matches the username that the user wrote
if($result->num_rows == 1){ //verify if there only is one user with that username
$row = $result->fetch_assoc();
if(password_verify($pass_input, $row["password"])){ //verify the password if it is the right password
echo "password match";
$_SESSION['username']=$row["username"]; //makes the session with the username
$_SESSION['email']=$row["email"]; //makes the session with the email
$_SESSION['id']=$row["id"]; //makes the session with the id
$_SESSION['password']=$row["password"]; //makes the session with the password
header("Location: /index.php"); // go to index
}
else { //if password is incorrect it will echo this.
echo "password incorrect";
}
}
else{ // if user doesn't exist it will echo this
echo "user doesn't exist";
}
}
else {
die($db_new->error);
}
This is the check_login.php located in the Database folder (/Includes/Database/) This reads the sessions and checks if the information match the DB, if it match the function is = TRUE else it is = FALSE.
<?php
function login_check(){
session_start(); // session starts with the help of this function
include_once "db_connect.php";
$id = $_SESSION['id'];
$password = $_SESSION['password'];
$username = $_SESSION['username'];
$email = $_SESSION['email'];
if(isset($id, //checks if all the sesions exist.
$password,
$username,
$email)){
if($result = $db_new->query("SELECT * FROM members WHERE username='$username'")){ //select the row that's equal the username from the session.
if ($result->num_rows == 1) { //checks if there only is 1 row with the username
$row = $result->fetch_assoc();
$db_password = $row["password"];
$db_id = $row["id"];
$db_email = $row["email"];
if ($password == $db_password) { // checks if the session password equal the DB password
if ($id == $db_id) { // checks if the session ID equal the DB ID
if ($email == $db_email) { // checks if the session email equal the DB email
//logged in
return TRUE;
} else {
//not logged in (error in email verify)
return FALSE;
}
} else {
//not logged in (error in id verify)
return FALSE;
}
} else {
//not logged in (error in password_verify)
return FALSE;
}
} else {
//not logged in (error in num_rows)
return FALSE;
}
} else {
//not logged in (error in query)
return FALSE;
}
} else {
//not logged in (error in isset)
return FALSE;
}
}
