is_logged_in not working on one page

[PrinceTaz]

I'm having a problem. My index.php is no longer displaying the proper logic. I have it checking if the user is logged in and to display whatever but the index.php doesn't register if I'm logged in or not. But the admin/index.php does. 

index.php:

<?php
session_start();
include_once("includes/config.php");


?>

 

The Menu:

<div class="sidebar">Sidebar
  <ul>
    <?php if(is_logged_in()) { ?>
      <li><a href="/index.php">Home</a></li>
      <li><a href="admin/index.php">Admin</a></li>
      <li><a href="admin/addpost.php">Add Post</a></li>
      <li><a href="admin/editpost.php">Edit Post</a></li>
      <li><a href="logout.php">Logout</a></li>
    <?php } else { ?>
      <li><a href="login.php">Login</a></li>
      <li><a href="register.php">Register</a></li>
    <?php } ?>
  </ul>
</div>

 

 

admin/index.php

<?php 
	session_start();
	include_once("../includes/config.php");
	if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == false) {
		header("Location: ../login.php");
	}

?>

Admin Menu:

<div class="sidebar">Sidebar
  <ul>
    <?php if(is_logged_in()) { ?>
      <li><a href="../admin">Admin</a></li>
      <li><a href="addpost.php">Add Post</a></li>
      <li><a href="editpost.php">Edit Post</a></li>
      <li><a href="logout.php">Logout</a></li>
    <?php } else { ?>
      <li><a href="login.php">Login</a></li>
      <li><a href="register.php">Register</a></li>
    <?php } ?>
  </ul>
</div>

This is my config.php just in case:

<?php 
ob_start();
session_start();

$host = "localhost";
$dbname = "";
$user = "";
$pass = "";

try {
	$db = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
	echo "Connection failed: ". $e->getMessage();
}

date_default_timezone_set('America/Chicago');

function is_logged_in() {
	if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
		return true;
	}
}

?>

I feel like I'm missing something so simple.

 

UPDATE: I refreshed the page working on something else but not the admin page doesn't register from the session either. 

UPDATE: It seems the session is the issue because all functions have stopped working but I'm not receiving any error messages. I can't even add new posts or edit posts.

Edited June 1, 2019 by PrinceTaz

[ginerjm]

Hmmm... your function returns true when it should, but what does it return when you are not logged in?

 

[gizmola]

You should start by making this DRY.   You have rampant duplication of things including session_start all over the place, along with a function is_logged_in() in your config.php with much of the same code in your admin.php.  

When you need to be sure that something is included, use require_once() not include_once().

Why are you using ob_start() in your config.php?

Remove any/all end tags (?>) from your scripts, and in particular from any require_once() scripts.  Unnoticed or accidental whitespace can cause output to be sent, which you certainly don't want for configuration.

Remove all the session_start() calls.  You already do that in your config.php that you are including in all your pages.

 

 

 

 

 

 

[Barand]

The index.php code that you posted doesn't show any checking.

The admin/index.php code looks FUBAR, sending you to login.php if you are logged in. (and if you have gone to the trouble of writing an "is_logged_in()" function, why not use it.

[PrinceTaz]

10 minutes ago, ginerjm said:

Hmmm... your function returns true when it should, but what does it return when you are not logged in?

 

When I manually run the logout.php, it logs me out and shows me the same output I was seeing before when I was logged in. When I'm logged in, the sidebar links only show on "addpost.php", so the script is only working on that page. 

9 minutes ago, gizmola said:

You should start by making this DRY.   You have rampant duplication of things including session_start all over the place, along with a function is_logged_in() in your config.php with much of the same code in your admin.php.  

When you need to be sure that something is included, use require_once() not include_once().

Why are you using ob_start() in your config.php?

Remove any/all end tags (?>) from your scripts, and in particular from any require_once() scripts.  Unnoticed or accidental whitespace can cause output to be sent, which you certainly don't want for configuration.

Remove all the session_start() calls.  You already do that in your config.php that you are including in all your pages.

 

 

 

 

 

 

Okay, I removed the "?>" tags from "config.php". Now do I remove it from the other pages as well? Even though I write php code inside the html? I also replaced the session check from the other pages with just "is_logged_in". So the code is:

if (!is_logged_in) {
		header("Location: ../login.php");
	}

I also replaced all of the "include_once" and "require" with "require_once". I was using "ob_start()" because I had originally seen that in a tutorial but I don't exactly know what its used for, I'll remove it. I also removed all of the session_start calls.

7 minutes ago, Barand said:

The index.php code that you posted doesn't show any checking.

The admin/index.php code looks FUBAR, sending you to login.php if you are logged in. (and if you have gone to the trouble of writing an "is_logged_in()" function, why not use it.

What is FUBAR? The admin/index.php sends them to login.php if they ARE NOT logged in. 

[Barand]

3 minutes ago, PrinceTaz said:

What is FUBAR?

F***** up beyond all recognition.

4 minutes ago, PrinceTaz said:

The admin/index.php sends them to login.php if they ARE NOT logged in.  

If $_SESSION['loggedin'] is not set, it doesn't send them anywhere, the code only executes if it is set.

[PrinceTaz]

2 minutes ago, Barand said:

F***** up beyond all recognition.

If $_SESSION['loggedin'] is not set, it doesn't send them anywhere, the code only executes if it is set.

So I should check if it equals " "?

Or should I check if it equals false? Would it be 

if(is_logged_in == false) {

}

 

Edited June 1, 2019 by PrinceTaz

[Barand]

Either

if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
        header("Location: ../login.php");
    }

or use your function.

if (!is_logged_in()) {
	header("Location:../login.php");
}

[PrinceTaz]

So after some checking, it turns out, $row is storing the id, title, or content. It's only storing date. When I try to view a post, only the date shows, nothing else. Is there something wrong with my session?

[PrinceTaz]

2 minutes ago, Barand said:

Either

if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
        header("Location: ../login.php");
    }

or use your function.

if (!is_logged_in()) {
	header("Location:../login.php");
}

okay I'll use the function.

[Barand]

5 minutes ago, PrinceTaz said:

So after some checking, it turns out, $row is storing the id, title, or content. It's only storing date.

Where did $row suddenly come from?

[PrinceTaz]

Ah my bad.

This is my viewpost.php

<?php
	require_once("includes/config.php");
	
	$stmt = $db->prepare('SELECT postID, title, content, date, author FROM articles WHERE postID = :postID');
	$stmt->execute(array(':postID' => $_GET['postID']));
	$row = $stmt->fetch();

	if($row['postID'] == '') {
		header('Location: ./');
		exit;
	}

?>

When I remove the redirect when that Post id is empty, I can view the post but nothing shows up except the date. Here is the form:

<div class="article-left">
				<h1><?php echo $row['title']; ?></h1>
				<div class="article-block">
					<?php
					echo '<div>';
					    echo '<p>Posted on '.date('jS M Y', strtotime($row['date'])).'</p>';
					    echo '<p>'.$row['content'].'</p>';                
						echo '</div>';
						echo $row['postID'];

					?>
				</div>
			</div>

The only thing that gets outputted is the date. Nothing else.

[Barand]

Have you checked your "articles" data to ensure there is something in there other than the date?

[PrinceTaz]

1 minute ago, Barand said:

Have you checked your "articles" data to ensure there is something in there other than the date?

Yes, I've confirmed that it was accurately set up. I also went through and changed all for "ID" to "postID" in all "articles" related queries. So it won't get confused with "id" which is used for the user id.

[Barand]

Are you getting the correct date for the record with that postID or is it always 1stJan 1970?

[PrinceTaz]

I get "31st Dec 1969"

[Barand]

Unless that is the data in your articles record it looks as though you aren't getting the date either.

Make sure you set the option to throw exceptions in your PDO connection and turn PHP error reporting on. Then come back.

[PrinceTaz]

26 minutes ago, Barand said:

Unless that is the data in your articles record it looks as though you aren't getting the date either.

Make sure you set the option to throw exceptions in your PDO connection and turn PHP error reporting on. Then come back.

I'm pretty sure exceptions are being thrown. And I've received errors before so they should be on.

[Barand]

After

$row = $stmt->fetch()

put

var_dump($row);

What does it output?

[PrinceTaz]

3 minutes ago, Barand said:

After

$row = $stmt->fetch()

put

var_dump($row);

What does it output?

bool(false)

[Barand]

That's what I suspected, so when you try to access $row[xxx] it should give an error.

Your query isn't working which strange because this worked for me...

<?php
include("db_inc.php"); // defines DB credentials (HOST etc)

     // PDO database connection
     //
     $dsn = "mysql:dbname=".DATABASE."; host=".HOST."; charset=utf8";
     $db = new pdo($dsn, USERNAME, PASSWORD,
         [
             PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
             PDO::ATTR_EMULATE_PREPARES => false,
             PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
         ]);
         
// create some test data
         
$db->exec("CREATE TABLE IF NOT EXISTS `articles` (
              `postID` int(11) NOT NULL AUTO_INCREMENT,
              `title` varchar(45) NOT NULL,
              `content` varchar(145) NOT NULL,
              `author` varchar(145) NOT NULL,
              `date` date DEFAULT NULL,
              PRIMARY KEY (`postID`)
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8
            ");
$db->exec("INSERT IGNORE INTO articles VALUES
           (1, 'Title 1', 'Content one', 'Author 1', '2019-05-01'),
           (2, 'Title 2', 'Content two', 'Author 2', '2019-05-02'),
           (3, 'Title 3', 'Content three', 'Author 3', '2019-05-03')
           ");
           
// your code
           
$stmt = $db->prepare('SELECT postID, title, content, date, author FROM articles WHERE postID = :postID');
    $stmt->execute(array(':postID' => 3));
    $row = $stmt->fetch();
    
    vprintf("|   %2d | %-12s | %-12s | %-12s | %-12s |\n<br>", $row);    //--> |    3 | Title 3      | Content three | 2019-05-03   | Author 3     |
?>

Check your connection is working and recheck your error reporting (pdo and php)

 

EDIT: It could just be that you aren't finding any matching rows. Does $_GET['postID'] contain a valid id value?

Edited June 1, 2019 by Barand

[PrinceTaz]

39 minutes ago, Barand said:

That's what I suspected, so when you try to access $row[xxx] it should give an error.

Your query isn't working which strange because this worked for me...

<?php
include("db_inc.php"); // defines DB credentials (HOST etc)

     // PDO database connection
     //
     $dsn = "mysql:dbname=".DATABASE."; host=".HOST."; charset=utf8";
     $db = new pdo($dsn, USERNAME, PASSWORD,
         [
             PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
             PDO::ATTR_EMULATE_PREPARES => false,
             PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
         ]);
         
// create some test data
         
$db->exec("CREATE TABLE IF NOT EXISTS `articles` (
              `postID` int(11) NOT NULL AUTO_INCREMENT,
              `title` varchar(45) NOT NULL,
              `content` varchar(145) NOT NULL,
              `author` varchar(145) NOT NULL,
              `date` date DEFAULT NULL,
              PRIMARY KEY (`postID`)
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8
            ");
$db->exec("INSERT IGNORE INTO articles VALUES
           (1, 'Title 1', 'Content one', 'Author 1', '2019-05-01'),
           (2, 'Title 2', 'Content two', 'Author 2', '2019-05-02'),
           (3, 'Title 3', 'Content three', 'Author 3', '2019-05-03')
           ");
           
// your code
           
$stmt = $db->prepare('SELECT postID, title, content, date, author FROM articles WHERE postID = :postID');
    $stmt->execute(array(':postID' => 3));
    $row = $stmt->fetch();
    
    vprintf("|   %2d | %-12s | %-12s | %-12s | %-12s |\n<br>", $row);    //--> |    3 | Title 3      | Content three | 2019-05-03   | Author 3     |
?>

Check your connection is working and recheck your error reporting (pdo and php)

So I checked again and it's still doing the same. I replaced my code with yours but it's still not working. Is it a server issue? Because everything was working but then I waited an hour and came back to it and it stopped working. Then I made this post. I'm hosting it on Siteground.

 

Also when I echo $row['postID'], I get a nothing. It's blank. But the url shows the correct postID. How can I check if its pulling the information from the database?

Edited June 1, 2019 by PrinceTaz

[Barand]

Did you check if $_GET['postID'] contains a valid id?

[PrinceTaz]

 

1 minute ago, Barand said:

Did you check if $_GET['postID'] contains a valid id?

Yes, right under the dump code you gave me, I have this.

	echo $row['postID'];
	echo $row['title'];
	echo $_GET['postID'];
	echo $_GET['title']

None of it is return anything. Should I upload my source code so you can get a better understanding?

[Barand]

7 minutes ago, Barand said:

Did you check if $_GET['postID'] contains a valid id?

Sorry - misread the list above.

If there is nothing in $_GET['postID'] how do you expect to find the record with that id?

Edited June 1, 2019 by Barand