php session redirect issue

[ianhaney]

Hi

 

Sorry I have tried to work this out on my own and got so far but got stuck

 

I have a issue where the user logs in and it redirects to their profile page with their info relating to the id number for that user but if I click home and then click login in again, I was hoping it would detect that they are still logged in and redirect them to the profile page with their info again but when I do that, it goes to affiliate-profile.php?id=

 

It realises the user is logged in as it has at the top Hello followed by their email address but below it is not displaying the info relating to them and just says No results to display

 

Below is the coding from the affiliate-login.php file

<?
session_start();
if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=$id");}

$dbh=new PDO('mysql:dbname=;host=localhost', '', '');/*Change The Credentials to connect to database.*/
$email=$_POST['mail'];
$password=$_POST['pass'];
if(isset($_POST) && $email!='' && $password!=''){
 $sql=$dbh->prepare("SELECT id,password,psalt FROM affiliates WHERE username=?");
 $sql->execute(array($email));
 while($r=$sql->fetch()){
  $p=$r['password'];
  $p_salt=$r['psalt'];
  $id=$r['id'];
 }
 $site_salt="subinsblogsalt";/*Common Salt used for password storing on site. You can't change it. If you want to change it, change it when you register a user.*/
 $salted_hash = hash('sha256',$password.$site_salt.$p_salt);
 if($p==$salted_hash){
  $_SESSION['user']=$id;
  header("Location:affiliate-profile.php?id=$id");  
 }else{
  echo "<h2>Username/Password is Incorrect.</h2>";
 }
}
?>

<!--CONTENT-->

<div id="column-whole">

<h2 class="title">Login</h2>
<hr class="carved" />

<form method="POST" action="affiliate-login.php" class="signup">
<table>
<tr>
<td>
<td colspan="3">
<strong>Affiliate Login</strong>
</td>
</tr>

<tr>
<td width="78">E-Mail</td>
<td width="6">:</td>
<td width="294"><input size="25" name="mail" type="text" placeholder="Your Email Address"></td>
</tr>

<tr>
<td>Password</td><td>:</td>
<td><input name="pass" size="25" type="password" placeholder="Your Password"></td>
</tr>

<tr>
<td></td>
<td></td>
<td><input type="submit" name="Submit" value="Login" id="submit" ></td>
</tr>
</table>
</form>
</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

I think the issue with this coding is the third line

if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=$id");}

as guessing that is saying if the session is empty then redirect to the file but I changed that location to affiliate-login.php but kept loading and then said unable to load properly

 

Below is the affiliate-profile.php coding

<?
session_start();

if($_SESSION['user']==''){
 header("Location:affiliate-login.php");
}else{
 include("config.php");
 $sql=$dbh->prepare("SELECT * FROM affiliates WHERE id=?");
 $sql->execute(array($_SESSION['user']));
 while($r=$sql->fetch()){
?>

<!--CONTENT-->

<div id="column-whole">

<br />

<?php
echo "<div class='home-content'>";
  echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>";
  echo "<br><br>";
  echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>";
  echo "</div>";
  echo "<br><br>";
 }
}
?>

<h2 class="title">Your Affiliate Information</h2>
<hr class="carved" />

<?php

// connect to the database
                        include('connect-db.php');

if ($result = $mysqli->query("SELECT id, name, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) {

// display records if there are records to display
if ($result->num_rows > 0)
{
											
											echo "<table class='affiliate'>";
											echo "<tr>";
											echo "<th>Affiliate ID</th>";
											echo "<th>Name</th>";
											echo "<th>Email</th>";
											echo "<th>Amount Earned</th>";
											echo "</tr>";
											
											while ($row = $result->fetch_object())
                                        {
											
											// set up a row for each record
                                                echo "<tr>";
												echo "<td>" . $row->id . "</td>";
												echo "<td>" . $row->name . "</td>";
												echo "<td>" . $row->username . "</td>";
												echo "<td>" . '£' . $row->amount_earned . "</td>";
												echo "</tr>";
												}
                                        
                                        echo "</table>";
                                }
								// if there are no records in the database, display an alert message
                                else
                                {
                                        echo "No results to display!";
                                }
                        }
                        // show an error if there is an issue with the database query
                        else
                        {
                                echo "Error: " . $mysqli->error;
                        }
                        
                        // close database connection
                        $mysqli->close();
						?>

</div>

<!--CONTENT-->

<?php include( 'includes/footer.php' ); ?>

Sorry, have tried to fix the issue before posting here

[QuickOldCar]

I believe you want to use the $_SESSION['user'] versus $id for the redirect.

if ($_SESSION['user']!='') {header("Location: affiliate-profile.php?id=".$_SESSION['user']);}

Actually do you really need to pass the GET value to the script when can directly use their $_SESSION['user'] in the affiliate-profile.php script itself? Just send them to affiliate-profile.php and use the session values from there.

Edited December 3, 2015 by QuickOldCar

[QuickOldCar]

It's better to use password_hash and password_verify

 

Not too good to redirect back to the same script, could find yourself in an endless loop, redirect to the main site or somewhere else

if($_SESSION['user']==''){
header("Location:affiliate-login.php");
}else{

Edited December 3, 2015 by QuickOldCar

[ianhaney]

Hi QuickOldCar

 

Thank you so much, is working perfect now