Stuck on _session issues

[desjardins]

Hey Guys/Gals

 

Benn awhile - so I'm confused on what's happening here. session_start() being called on every page, index.php, registration.php and server.php aswell as login.php. Now when I go too login - if I edit the code to echo the $_SESSION['username'] it works fine - gives me what I expect... I set the $_SESSION['username'] = $username and very next line header('Location: index.php'); this is where the issues is it's loosing the session data and I can't figure out why... so here are the two files if someone can point me in the right direction.. 

index.php

<?php ob_start(); session_start();
	if (!isset($_SESSION['username'])) {
		
		echo print_r($_SESSION);
	}else {
		echo print_r($_SESSION);
	}
?>

<!DOCTYPE html>
<html>
<head>
	<title>Home</title>
	<link rel="stylesheet" type="text/css" href="styles/style.css">
</head>
<body>

<div class="header">
	<h2>Home Page</h2>
</div>
<div class="content">
  	<!-- notification message -->
  	
      <div class="error success" >
      	<h3>
       <!-- there was error code display here -->
      	</h3>
      </div>
  	

    <!-- logged in user information -->
  
</div>
		
</body>
</html>
	

server.php

<?php ob_start(); session_start();
ini_set('display_errors', '1'); ini_set('html_errors', '1'); error_reporting(E_ALL);
//make connection with dba_close
$username = "";
$email = "";
$errors = array();

$host = "localhost";
$db_username = "";
$db_password = "";
$db = "";


$conn = mysqli_connect($host,$db_username,$db_password,$db);
	if (mysqli_connect_errno()) {
		echo "Connection Failed... please contact support". mysqli_connect_error();
	}

//login user form details
if (isset($_POST['login_user'])) {
	$username = $_POST['username'];
	
	//login for form initiated
	$user = "SELECT * FROM `users` WHERE `username` = '".$username."'";
		$action = mysqli_query($conn,$user);
				while ($row = mysqli_fetch_assoc($action)) {
					if (mysqli_num_rows($action) === 1) {
						$_SESSION['username'] = $username;
		//				echo "<br>";
		//				echo $_SESSION['username']; <-- this works echo's the username, if I remove header location redirect
						header('Location: index.php');
						exit();
					}else {
						echo "Username not found";
					}
				}
	}

?>

 

[Barand]

3 minutes ago, desjardins said:

<-- this works echo's the username, if I remove header location redirect

It probably works even when you do redirect. You don't see it because it immediately goes to another page.

[desjardins]

Just now, Barand said:

It probably works even when you do redirect. You don't see it because it immediately goes to another page.

I know that lol - I just added that line to get my point across - if I removed the header redirect I get the echo, so that tells me the $_SESSION['username'] hold that data I want it too at that point - then when I re add the header redirect the index.php isset($_SESSION['username']) don't trigger meaning the data is gone.. 

[Barand]

Could it be that you are setting it to none-existent value?

[desjardins]

No, login_user is checking that the login form was submitted then directly after that I'm setting $username = $_POST['username'];

[desjardins]

21 minutes ago, Barand said:

Could it be that you are setting it to none-existent value?

Also, $username is set properly because the sql statement uses $username no problem...

[mac_gyver]

just about everything in this code is working against you finding out what the code is actually doing.

1. put the php error related settings into the php.ini on your system. if for some reason you can only (temporarily) put them into your code, put them before all other php statements and put them into both of the relevant files. you are likely having an error at the session_start() statements...
2. don't use output buffering unless you want to specifically buffer output. by always using output buffering, you don't know if the lack of php errors or other indications from your code, is due to the operation of the code or due to the operation of the output buffering. all output, except due to a fatal php error, will be discarded.
3. the only redirect inside post method form processing code, should be to the exact same url of the current page upon successful (no errors) completion of the form processing code. this will cause a get request for that page. then provide navigation links to allow the visitor to go elsewhere on the site.
4. don't loop to fetch the result from a query that will match at most one row of data. just fetch and test the result of the fetch statement. you are also testing the num_rows value inside the loop. if there are no rows, the loop will never be entered, and the num_rows test will never get executed.
5. you should store the user's id (auto-increment integer) in the session variable to indicate who is logged in, not the (raw) username, which could be anything, including javascript/sql,...

there's actually a bunch or other issues with this code, which i will leave for others to mention.

[desjardins]

Ok, so regarding the only have redirect in the same page location, I'm learning here so please.. I actually downloaded a reg and login script... then deleted everything and tried written from scratch.. that script was going from login.php to server.php to handle the server statements, then redirecting back to login.php or index.php... so how am I doing it directly??

[desjardins]

now I'm curious if it's something with my server because I did a very simple script and it too isn't carrying the session values? 

 

<?php
session_start();

//set session var
$_SESSION['favColor'] = "blue";
$_SESSION['favCat'] = "Stella";
?>
<a href="test2.php">GO TO TEST 2</a>

<?php
session_start();

//get session vars
$favColor = $_SESSION['favColor'];
$favCat = $_SESSION['favCat'];

echo "My Favorite Color is: " . $favColor . " and my favorite cat is: " . $favCat;

?>
<a href="test1.php">Go Back</a>

 

[desjardins]

Well the issue for me was that I wasn't using HTTPS rather http - my host helped me figure it out and now it works EVEN with my sloppy code..