Jump to content

is_logged_in not working on one page


PrinceTaz

Recommended Posts

I'm having a problem. My index.php is no longer displaying the proper logic. I have it checking if the user is logged in and to display whatever but the index.php doesn't register if I'm logged in or not. But the admin/index.php does. 

index.php:

<?php
session_start();
include_once("includes/config.php");


?>

 

The Menu:

<div class="sidebar">Sidebar
  <ul>
    <?php if(is_logged_in()) { ?>
      <li><a href="/index.php">Home</a></li>
      <li><a href="admin/index.php">Admin</a></li>
      <li><a href="admin/addpost.php">Add Post</a></li>
      <li><a href="admin/editpost.php">Edit Post</a></li>
      <li><a href="logout.php">Logout</a></li>
    <?php } else { ?>
      <li><a href="login.php">Login</a></li>
      <li><a href="register.php">Register</a></li>
    <?php } ?>
  </ul>
</div>

 

 

admin/index.php

<?php 
	session_start();
	include_once("../includes/config.php");
	if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == false) {
		header("Location: ../login.php");
	}

?>

Admin Menu:

<div class="sidebar">Sidebar
  <ul>
    <?php if(is_logged_in()) { ?>
      <li><a href="../admin">Admin</a></li>
      <li><a href="addpost.php">Add Post</a></li>
      <li><a href="editpost.php">Edit Post</a></li>
      <li><a href="logout.php">Logout</a></li>
    <?php } else { ?>
      <li><a href="login.php">Login</a></li>
      <li><a href="register.php">Register</a></li>
    <?php } ?>
  </ul>
</div>

This is my config.php just in case:

<?php 
ob_start();
session_start();

$host = "localhost";
$dbname = "";
$user = "";
$pass = "";

try {
	$db = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
	echo "Connection failed: ". $e->getMessage();
}

date_default_timezone_set('America/Chicago');

function is_logged_in() {
	if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
		return true;
	}
}

?>

I feel like I'm missing something so simple.

 

UPDATE: I refreshed the page working on something else but not the admin page doesn't register from the session either. 

UPDATE: It seems the session is the issue because all functions have stopped working but I'm not receiving any error messages. I can't even add new posts or edit posts.

Edited by PrinceTaz
Link to comment
Share on other sites

You should start by making this DRY.   You have rampant duplication of things including session_start all over the place, along with a function is_logged_in() in your config.php with much of the same code in your admin.php.  

When you need to be sure that something is included, use require_once() not include_once().

Why are you using ob_start() in your config.php?

Remove any/all end tags (?>) from your scripts, and in particular from any require_once() scripts.  Unnoticed or accidental whitespace can cause output to be sent, which you certainly don't want for configuration.

Remove all the session_start() calls.  You already do that in your config.php that you are including in all your pages.

 

 

 

 

 

 

Link to comment
Share on other sites

10 minutes ago, ginerjm said:

Hmmm... your function returns true when it should, but what does it return when you are not logged in?

 

When I manually run the logout.php, it logs me out and shows me the same output I was seeing before when I was logged in. When I'm logged in, the sidebar links only show on "addpost.php", so the script is only working on that page. 

9 minutes ago, gizmola said:

You should start by making this DRY.   You have rampant duplication of things including session_start all over the place, along with a function is_logged_in() in your config.php with much of the same code in your admin.php.  

When you need to be sure that something is included, use require_once() not include_once().

Why are you using ob_start() in your config.php?

Remove any/all end tags (?>) from your scripts, and in particular from any require_once() scripts.  Unnoticed or accidental whitespace can cause output to be sent, which you certainly don't want for configuration.

Remove all the session_start() calls.  You already do that in your config.php that you are including in all your pages.

 

 

 

 

 

 

Okay, I removed the "?>" tags from "config.php". Now do I remove it from the other pages as well? Even though I write php code inside the html? I also replaced the session check from the other pages with just "is_logged_in". So the code is:

if (!is_logged_in) {
		header("Location: ../login.php");
	}

I also replaced all of the "include_once" and "require" with "require_once". I was using "ob_start()" because I had originally seen that in a tutorial but I don't exactly know what its used for, I'll remove it. I also removed all of the session_start calls.

7 minutes ago, Barand said:

The index.php code that you posted doesn't show any checking.

The admin/index.php code looks FUBAR, sending you to login.php if you are logged in. (and if you have gone to the trouble of writing an "is_logged_in()" function, why not use it.

What is FUBAR? The admin/index.php sends them to login.php if they ARE NOT logged in. 

Link to comment
Share on other sites

3 minutes ago, PrinceTaz said:

What is FUBAR?

F***** up beyond all recognition.

4 minutes ago, PrinceTaz said:

The admin/index.php sends them to login.php if they ARE NOT logged in.  

If $_SESSION['loggedin'] is not set, it doesn't send them anywhere, the code only executes if it is set.

Link to comment
Share on other sites

2 minutes ago, Barand said:

F***** up beyond all recognition.

If $_SESSION['loggedin'] is not set, it doesn't send them anywhere, the code only executes if it is set.

So I should check if it equals " "?

Or should I check if it equals false? Would it be 

if(is_logged_in == false) {

}

 

Edited by PrinceTaz
Link to comment
Share on other sites

2 minutes ago, Barand said:

Either


if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
        header("Location: ../login.php");
    }

or use your function.


if (!is_logged_in()) {
	header("Location:../login.php");
}

okay I'll use the function.

Link to comment
Share on other sites

Ah my bad.

This is my viewpost.php

<?php
	require_once("includes/config.php");
	
	$stmt = $db->prepare('SELECT postID, title, content, date, author FROM articles WHERE postID = :postID');
	$stmt->execute(array(':postID' => $_GET['postID']));
	$row = $stmt->fetch();

	if($row['postID'] == '') {
		header('Location: ./');
		exit;
	}

?>

When I remove the redirect when that Post id is empty, I can view the post but nothing shows up except the date. Here is the form:

<div class="article-left">
				<h1><?php echo $row['title']; ?></h1>
				<div class="article-block">
					<?php
					echo '<div>';
					    echo '<p>Posted on '.date('jS M Y', strtotime($row['date'])).'</p>';
					    echo '<p>'.$row['content'].'</p>';                
						echo '</div>';
						echo $row['postID'];

					?>
				</div>
			</div>

The only thing that gets outputted is the date. Nothing else.

Link to comment
Share on other sites

1 minute ago, Barand said:

Have you checked your "articles" data to ensure there is something in there other than the date?

Yes, I've confirmed that it was accurately set up. I also went through and changed all for "ID" to "postID" in all "articles" related queries. So it won't get confused with "id" which is used for the user id.

Link to comment
Share on other sites

26 minutes ago, Barand said:

Unless that is the data in your articles record it looks as though you aren't getting the date either.

Make sure you set the option to throw exceptions in your PDO connection and turn PHP error reporting on. Then come back.

I'm pretty sure exceptions are being thrown. And I've received errors before so they should be on.

Link to comment
Share on other sites

That's what I suspected, so when you try to access $row[xxx] it should give an error.

Your query isn't working which strange because this worked for me...

<?php
include("db_inc.php"); // defines DB credentials (HOST etc)

     // PDO database connection
     //
     $dsn = "mysql:dbname=".DATABASE."; host=".HOST."; charset=utf8";
     $db = new pdo($dsn, USERNAME, PASSWORD,
         [
             PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
             PDO::ATTR_EMULATE_PREPARES => false,
             PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
         ]);
         
// create some test data
         
$db->exec("CREATE TABLE IF NOT EXISTS `articles` (
              `postID` int(11) NOT NULL AUTO_INCREMENT,
              `title` varchar(45) NOT NULL,
              `content` varchar(145) NOT NULL,
              `author` varchar(145) NOT NULL,
              `date` date DEFAULT NULL,
              PRIMARY KEY (`postID`)
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8
            ");
$db->exec("INSERT IGNORE INTO articles VALUES
           (1, 'Title 1', 'Content one', 'Author 1', '2019-05-01'),
           (2, 'Title 2', 'Content two', 'Author 2', '2019-05-02'),
           (3, 'Title 3', 'Content three', 'Author 3', '2019-05-03')
           ");
           
// your code
           
$stmt = $db->prepare('SELECT postID, title, content, date, author FROM articles WHERE postID = :postID');
    $stmt->execute(array(':postID' => 3));
    $row = $stmt->fetch();
    
    vprintf("|   %2d | %-12s | %-12s | %-12s | %-12s |\n<br>", $row);    //--> |    3 | Title 3      | Content three | 2019-05-03   | Author 3     |
?>

Check your connection is working and recheck your error reporting (pdo and php)

 

EDIT: It could just be that you aren't finding any matching rows. Does $_GET['postID'] contain a valid id value?

Edited by Barand
Link to comment
Share on other sites

39 minutes ago, Barand said:

That's what I suspected, so when you try to access $row[xxx] it should give an error.

Your query isn't working which strange because this worked for me...


<?php
include("db_inc.php"); // defines DB credentials (HOST etc)

     // PDO database connection
     //
     $dsn = "mysql:dbname=".DATABASE."; host=".HOST."; charset=utf8";
     $db = new pdo($dsn, USERNAME, PASSWORD,
         [
             PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
             PDO::ATTR_EMULATE_PREPARES => false,
             PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
         ]);
         
// create some test data
         
$db->exec("CREATE TABLE IF NOT EXISTS `articles` (
              `postID` int(11) NOT NULL AUTO_INCREMENT,
              `title` varchar(45) NOT NULL,
              `content` varchar(145) NOT NULL,
              `author` varchar(145) NOT NULL,
              `date` date DEFAULT NULL,
              PRIMARY KEY (`postID`)
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8
            ");
$db->exec("INSERT IGNORE INTO articles VALUES
           (1, 'Title 1', 'Content one', 'Author 1', '2019-05-01'),
           (2, 'Title 2', 'Content two', 'Author 2', '2019-05-02'),
           (3, 'Title 3', 'Content three', 'Author 3', '2019-05-03')
           ");
           
// your code
           
$stmt = $db->prepare('SELECT postID, title, content, date, author FROM articles WHERE postID = :postID');
    $stmt->execute(array(':postID' => 3));
    $row = $stmt->fetch();
    
    vprintf("|   %2d | %-12s | %-12s | %-12s | %-12s |\n<br>", $row);    //--> |    3 | Title 3      | Content three | 2019-05-03   | Author 3     |
?>

Check your connection is working and recheck your error reporting (pdo and php)

So I checked again and it's still doing the same. I replaced my code with yours but it's still not working. Is it a server issue? Because everything was working but then I waited an hour and came back to it and it stopped working. Then I made this post. I'm hosting it on Siteground.

 

Also when I echo $row['postID'], I get a nothing. It's blank. But the url shows the correct postID. How can I check if its pulling the information from the database?

Edited by PrinceTaz
Link to comment
Share on other sites

 

1 minute ago, Barand said:

Did you check if $_GET['postID'] contains a valid id?

Yes, right under the dump code you gave me, I have this.

	echo $row['postID'];
	echo $row['title'];
	echo $_GET['postID'];
	echo $_GET['title']

None of it is return anything. Should I upload my source code so you can get a better understanding?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.