Tom8001 Posted December 1, 2014 Share Posted December 1, 2014 I have created a test account in my database with a user level of -1 and i think my code might be wrong but i am hoping someone can spot where i have gone wrong as i cannot, also a similar problem with another session variable loggedIn this is what i get when i login this is on the index page. Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17 You must be logged in to view this page! Index page source code: <?php session_start(); error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); require 'connect.php'; if($_SESSION['loggedIn'] == 1) { //Do Nothing exit(); } else if($_SESSION['loggedIn'] != 1) { echo "You must be logged in to view this page!"; exit(); } if($_SESSION['user_level'] == -1) { header("Location: banned.php"); } if(isset($_SESSION['username'])) { echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> "; } ?> Also if you need my login source code: <?php error_reporting(E_ALL | E_NOTICE); require 'connect.php'; session_start(); if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); if (empty($username)) { echo "You did not enter a username, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } if (empty($password)) { echo "You did not enter a password, Redirecting..."; echo "<meta http-equiv='refresh' content='2' URL='login.php'>"; exit(); } //Prevent hackers from using SQL Injection to hack into Database $username = mysqli_real_escape_string($con, $_POST['username']); $password = mysqli_real_escape_string($con, $_POST['password']); $result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); $row = $result->fetch_array(); $user_level = $row['user_level']; // check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed if($result->num_rows > 0) { //Set default user $_SESSION['loggedIn'] == 1; $_SESSION['user_level'] == 1; $_SESSION['username'] == trim($_POST['username']); header("Location: index.php"); exit(); } else if($row['user_level'] == 1) { $_SESSION['user_level'] == 1; //Location admin header("Location: admin.php"); exit(); } else if($row['user_level'] == -1) { $_SESSION['user_level'] == -1; $_SESSION['username'] == trim($_POST['username']); //Location banned header("Location: banned.php"); exit(); } else if($_SESSION['loggedIn'] == true) { //Location default user home page header("index.php"); } else { echo "Invalid Username/Password"; } //Kill unwanted session } if(isset($_POST['killsession'])) { session_destroy(); echo "<br> <br> The Session Destroyed. (Basically means you have been logged out)"; exit(); } ?> I appreciate all help Quote Link to comment Share on other sites More sharing options...
Barand Posted December 1, 2014 Share Posted December 1, 2014 You don't assign a value to $_SESSION['loggedIn'] $_SESSION['loggedIn'] == 1; "==" is not an assignment operator. Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 1, 2014 Author Share Posted December 1, 2014 (edited) It still says on my index page i am not logged in and i still get this on my index page Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17 You must be logged in to view this page! Here's what i have changed in my login source code: (i will highlight what i have changed). if($result->num_rows > 0) { //Set default user $_SESSION['loggedIn']; $_SESSION['user_level']; $_SESSION['username'] == trim($_POST['username']); header("Location: index.php"); exit(); } else if($row['user_level'] == 1) { $_SESSION['user_level'] == 1; //Location admin header("Location: admin.php"); exit(); } else if($row['user_level'] == -1) { $_SESSION['user_level'] == -1; $_SESSION['username'] == trim($_POST['username']); //Location banned header("Location: banned.php"); exit(); } else if($_SESSION['loggedIn']) { //Location default user home page header("index.php"); } else if(!$_SESSION['loggedIn']) { //Do Nothing } else { echo "Invalid Username/Password"; } and here's what i have changed in my index source code: if($_SESSION['loggedIn']) { //Do Nothing exit(); } else if(!$_SESSION['loggedIn']) { echo "You must be logged in to view this page!"; exit(); } Although this has not changed anything, i have probably not done it correctly as i am unsure. Edited December 1, 2014 by Tom8001 Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 1, 2014 Author Share Posted December 1, 2014 I tried highlighting what i changed but it didn't work. Quote Link to comment Share on other sites More sharing options...
Solution LeJack Posted December 1, 2014 Solution Share Posted December 1, 2014 (edited) You need to check if the session is set first. If it isn't, then show the custom error page. It looks like you're just trying to put the question mark before the session. That's not going to work. SAMPLE: if(isset($_SESSION['sample_session'])) { echo "Session cookie is set"; } else { echo "Session cookie needs to be set first"; } Or you can do it the other way around. if(!isset($_SESSION['sample_session'])) { echo "Session cookie needs to be set first"; } else { echo "Session cookie is set"; } Edited December 1, 2014 by LeJack Quote Link to comment Share on other sites More sharing options...
Barand Posted December 1, 2014 Share Posted December 1, 2014 $_SESSION['loggedIn']; That does absolutely nothing. You're supposed to be assigning a value to it. Quote Link to comment Share on other sites More sharing options...
CroNiX Posted December 2, 2014 Share Posted December 2, 2014 $_SESSION is like any other variable. If you try to access it (or an index within it) without it existing, you will get an error. if ($_SESSION['something']) assumes 'something' already exists in session, which it doesn't at the point where you are trying to access it or you wouldn't be getting an error. So, you need to check if the variable isset() before trying to just blindly use it in a comparison statement - if() if (isset($_SESSION['something']) && $_SESSION['something'] == some_value) Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 2, 2014 Author Share Posted December 2, 2014 Thanks, just another question to assign a value to a session would it be $_SESSION['user_level'] = 1; or $_SESSION['user_level'] == 1; Thanks Quote Link to comment Share on other sites More sharing options...
CroNiX Posted December 2, 2014 Share Posted December 2, 2014 It's like all other variables in PHP = is assigning a value == and === is comparing values Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 2, 2014 Author Share Posted December 2, 2014 It's like all other variables in PHP = is assigning a value == and === is comparing values Thanks Quote Link to comment Share on other sites More sharing options...
Barand Posted December 2, 2014 Share Posted December 2, 2014 As you were told in the first reply to this post "==" is not an assignment operator. 1 Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 3, 2014 Author Share Posted December 3, 2014 In my login page i have set the values to the session variables, but yet when i go to the index page it says i'm not logged in when i am. Not sure if anyone can spot an error in my code that i cannot Login.php: <?php error_reporting(E_ALL | E_NOTICE); require 'connect.php'; if(isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); if(empty(trim($_POST['username']))) { echo "<br> <font color='red'> <h3>You did not enter a Username ! </h3> </font>"; } if(empty(trim($_POST['password']))) { echo "<br> <font color='red'> <h3>You did not enter a Password ! </h3> </font>"; } $username = mysqli_real_escape_string($con, $_POST['username']); $password = mysqli_real_escape_string($con, $_POST['password']); $query = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"); $row = $query->fetch_array(); $user_level = $row['user_level']; $active = $row['active']; if($query->num_rows > 0) { if($row['active'] == 1) { if($row['user_level'] == 1) { $_SESSION['user_level'] = 1; $_SESSION['active'] = 1; $_SESSION['loggedIn'] = 1; header("Location: admin.php"); exit(); } $_SESSION['user_level'] = 0; $_SESSION['active'] = 1; $_SESSION['loggedIn'] = 1; header("Location: index.php"); exit(); } else { echo "<br> <font color='red'> <h3>Username or Password is incorrect! </h3> </font>"; } } if($row['active'] !== 1) { header("Location: banned.php"); $_SESSION['loggedIn'] = 0; } } ?> Index.php: <?php require 'connect.php'; if($_SESSION['loggedIn'] == 1) { //Do Nothing } else if($_SESSION['loggedIn'] !== 1) { echo "<br> Your not logged in!, please login to view this page. <br>"; echo "Accounts can only be created by the administrator. <br>"; echo "<input type='submit' name='login' value='Go to login' onClick='gotologin()'>"; } ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted December 3, 2014 Share Posted December 3, 2014 I do not see session_start() on either page. It needs to be called at the top of every page that uses session variables. 1 Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 3, 2014 Author Share Posted December 3, 2014 Wow i cannot believe i did not spot that. Thanks man Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.