Jump to content

php session redirect issue


ianhaney
Go to solution Solved by QuickOldCar,

Recommended Posts

Hi

 

Sorry I have tried to work this out on my own and got so far but got stuck

 

I have a issue where the user logs in and it redirects to their profile page with their info relating to the id number for that user but if I click home and then click login in again, I was hoping it would detect that they are still logged in and redirect them to the profile page with their info again but when I do that, it goes to affiliate-profile.php?id=

 

It realises the user is logged in as it has at the top Hello followed by their email address but below it is not displaying the info relating to them and just says No results to display

 

Below is the coding from the affiliate-login.php file

<?
session_start();
if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=$id");}

$dbh=new PDO('mysql:dbname=;host=localhost', '', '');/*Change The Credentials to connect to database.*/
$email=$_POST['mail'];
$password=$_POST['pass'];
if(isset($_POST) && $email!='' && $password!=''){
 $sql=$dbh->prepare("SELECT id,password,psalt FROM affiliates WHERE username=?");
 $sql->execute(array($email));
 while($r=$sql->fetch()){
  $p=$r['password'];
  $p_salt=$r['psalt'];
  $id=$r['id'];
 }
 $site_salt="subinsblogsalt";/*Common Salt used for password storing on site. You can't change it. If you want to change it, change it when you register a user.*/
 $salted_hash = hash('sha256',$password.$site_salt.$p_salt);
 if($p==$salted_hash){
  $_SESSION['user']=$id;
  header("Location:affiliate-profile.php?id=$id");  
 }else{
  echo "<h2>Username/Password is Incorrect.</h2>";
 }
}
?>

<!--CONTENT-->

<div id="column-whole">

<h2 class="title">Login</h2>
<hr class="carved" />

<form method="POST" action="affiliate-login.php" class="signup">
<table>
<tr>
<td>
<td colspan="3">
<strong>Affiliate Login</strong>
</td>
</tr>

<tr>
<td width="78">E-Mail</td>
<td width="6">:</td>
<td width="294"><input size="25" name="mail" type="text" placeholder="Your Email Address"></td>
</tr>

<tr>
<td>Password</td><td>:</td>
<td><input name="pass" size="25" type="password" placeholder="Your Password"></td>
</tr>

<tr>
<td></td>
<td></td>
<td><input type="submit" name="Submit" value="Login" id="submit" ></td>
</tr>
</table>
</form>
</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

I think the issue with this coding is the third line

if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=$id");}

as guessing that is saying if the session is empty then redirect to the file but I changed that location to affiliate-login.php but kept loading and then said unable to load properly

 

Below is the affiliate-profile.php coding

<?
session_start();

if($_SESSION['user']==''){
 header("Location:affiliate-login.php");
}else{
 include("config.php");
 $sql=$dbh->prepare("SELECT * FROM affiliates WHERE id=?");
 $sql->execute(array($_SESSION['user']));
 while($r=$sql->fetch()){
?>

<!--CONTENT-->

<div id="column-whole">

<br />

<?php
echo "<div class='home-content'>";
  echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>";
  echo "<br><br>";
  echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>";
  echo "</div>";
  echo "<br><br>";
 }
}
?>

<h2 class="title">Your Affiliate Information</h2>
<hr class="carved" />

<?php

// connect to the database
                        include('connect-db.php');

if ($result = $mysqli->query("SELECT id, name, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) {

// display records if there are records to display
if ($result->num_rows > 0)
{
											
											echo "<table class='affiliate'>";
											echo "<tr>";
											echo "<th>Affiliate ID</th>";
											echo "<th>Name</th>";
											echo "<th>Email</th>";
											echo "<th>Amount Earned</th>";
											echo "</tr>";
											
											while ($row = $result->fetch_object())
                                        {
											
											// set up a row for each record
                                                echo "<tr>";
												echo "<td>" . $row->id . "</td>";
												echo "<td>" . $row->name . "</td>";
												echo "<td>" . $row->username . "</td>";
												echo "<td>" . '£' . $row->amount_earned . "</td>";
												echo "</tr>";
												}
                                        
                                        echo "</table>";
                                }
								// if there are no records in the database, display an alert message
                                else
                                {
                                        echo "No results to display!";
                                }
                        }
                        // show an error if there is an issue with the database query
                        else
                        {
                                echo "Error: " . $mysqli->error;
                        }
                        
                        // close database connection
                        $mysqli->close();
						?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

Sorry, have tried to fix the issue before posting here

Link to comment
Share on other sites

  • Solution

I believe you want to use the $_SESSION['user'] versus $id for the redirect.

if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=".$_SESSION['user']);}

Actually do you really need to pass the GET value to the script when can directly use their $_SESSION['user'] in the affiliate-profile.php script itself? Just send them to affiliate-profile.php and use the session values from there.

Edited by QuickOldCar
Link to comment
Share on other sites

It's better to use password_hash and password_verify

 

Not too good to redirect back to the same script, could find yourself in an endless loop, redirect to the main site or somewhere else

if($_SESSION['user']==''){
header("Location:affiliate-login.php");
}else{
Edited by QuickOldCar
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.