ianhaney Posted December 3, 2015 Share Posted December 3, 2015 Hi Sorry I have tried to work this out on my own and got so far but got stuck I have a issue where the user logs in and it redirects to their profile page with their info relating to the id number for that user but if I click home and then click login in again, I was hoping it would detect that they are still logged in and redirect them to the profile page with their info again but when I do that, it goes to affiliate-profile.php?id= It realises the user is logged in as it has at the top Hello followed by their email address but below it is not displaying the info relating to them and just says No results to display Below is the coding from the affiliate-login.php file <? session_start(); if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=$id");} $dbh=new PDO('mysql:dbname=;host=localhost', '', '');/*Change The Credentials to connect to database.*/ $email=$_POST['mail']; $password=$_POST['pass']; if(isset($_POST) && $email!='' && $password!=''){ $sql=$dbh->prepare("SELECT id,password,psalt FROM affiliates WHERE username=?"); $sql->execute(array($email)); while($r=$sql->fetch()){ $p=$r['password']; $p_salt=$r['psalt']; $id=$r['id']; } $site_salt="subinsblogsalt";/*Common Salt used for password storing on site. You can't change it. If you want to change it, change it when you register a user.*/ $salted_hash = hash('sha256',$password.$site_salt.$p_salt); if($p==$salted_hash){ $_SESSION['user']=$id; header("Location:affiliate-profile.php?id=$id"); }else{ echo "<h2>Username/Password is Incorrect.</h2>"; } } ?> <!--CONTENT--> <div id="column-whole"> <h2 class="title">Login</h2> <hr class="carved" /> <form method="POST" action="affiliate-login.php" class="signup"> <table> <tr> <td> <td colspan="3"> <strong>Affiliate Login</strong> </td> </tr> <tr> <td width="78">E-Mail</td> <td width="6">:</td> <td width="294"><input size="25" name="mail" type="text" placeholder="Your Email Address"></td> </tr> <tr> <td>Password</td><td>:</td> <td><input name="pass" size="25" type="password" placeholder="Your Password"></td> </tr> <tr> <td></td> <td></td> <td><input type="submit" name="Submit" value="Login" id="submit" ></td> </tr> </table> </form> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> I think the issue with this coding is the third line if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=$id");} as guessing that is saying if the session is empty then redirect to the file but I changed that location to affiliate-login.php but kept loading and then said unable to load properly Below is the affiliate-profile.php coding <? session_start(); if($_SESSION['user']==''){ header("Location:affiliate-login.php"); }else{ include("config.php"); $sql=$dbh->prepare("SELECT * FROM affiliates WHERE id=?"); $sql->execute(array($_SESSION['user'])); while($r=$sql->fetch()){ ?> <!--CONTENT--> <div id="column-whole"> <br /> <?php echo "<div class='home-content'>"; echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>"; echo "<br><br>"; echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>"; echo "</div>"; echo "<br><br>"; } } ?> <h2 class="title">Your Affiliate Information</h2> <hr class="carved" /> <?php // connect to the database include('connect-db.php'); if ($result = $mysqli->query("SELECT id, name, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) { // display records if there are records to display if ($result->num_rows > 0) { echo "<table class='affiliate'>"; echo "<tr>"; echo "<th>Affiliate ID</th>"; echo "<th>Name</th>"; echo "<th>Email</th>"; echo "<th>Amount Earned</th>"; echo "</tr>"; while ($row = $result->fetch_object()) { // set up a row for each record echo "<tr>"; echo "<td>" . $row->id . "</td>"; echo "<td>" . $row->name . "</td>"; echo "<td>" . $row->username . "</td>"; echo "<td>" . '£' . $row->amount_earned . "</td>"; echo "</tr>"; } echo "</table>"; } // if there are no records in the database, display an alert message else { echo "No results to display!"; } } // show an error if there is an issue with the database query else { echo "Error: " . $mysqli->error; } // close database connection $mysqli->close(); ?> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> Sorry, have tried to fix the issue before posting here Quote Link to comment https://forums.phpfreaks.com/topic/299633-php-session-redirect-issue/ Share on other sites More sharing options...
Solution QuickOldCar Posted December 3, 2015 Solution Share Posted December 3, 2015 (edited) I believe you want to use the $_SESSION['user'] versus $id for the redirect. if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=".$_SESSION['user']);} Actually do you really need to pass the GET value to the script when can directly use their $_SESSION['user'] in the affiliate-profile.php script itself? Just send them to affiliate-profile.php and use the session values from there. Edited December 3, 2015 by QuickOldCar Quote Link to comment https://forums.phpfreaks.com/topic/299633-php-session-redirect-issue/#findComment-1527475 Share on other sites More sharing options...
QuickOldCar Posted December 3, 2015 Share Posted December 3, 2015 (edited) It's better to use password_hash and password_verify Not too good to redirect back to the same script, could find yourself in an endless loop, redirect to the main site or somewhere else if($_SESSION['user']==''){ header("Location:affiliate-login.php"); }else{ Edited December 3, 2015 by QuickOldCar Quote Link to comment https://forums.phpfreaks.com/topic/299633-php-session-redirect-issue/#findComment-1527478 Share on other sites More sharing options...
ianhaney Posted December 3, 2015 Author Share Posted December 3, 2015 Hi QuickOldCar Thank you so much, is working perfect now Quote Link to comment https://forums.phpfreaks.com/topic/299633-php-session-redirect-issue/#findComment-1527480 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.