stackoom
  简体   繁体   中英

PHP Login Redirect Loop

 原文  2015-09-06 06:34:09       php/ mysql/ database/ login/ connection

Question

I hope you can help me, I have been at this for the last couple of hours and I cant figure it out. I am creating an admin panel for specific users to log into. I got the PHP and MYSQL connection nailed the login works perfect and users can even register. Now the problem I have is that users can just simply use the direct url to get to the panel page. Thats why I looked around a bit and found some solutions. But for some reason all of these end up with a redirect look for me.

Here is my code: index.php | This page checks if users might already be logged in and includes the correct page users need to see. 

<?php
require_once("config/db.php"); // Database Connection Details

require_once("classes/Login.php"); // Username check with mysql

$login = new Login();

if ($login->isUserLoggedIn() == true) {
    include("/home.php"); // Admin Panel main page

} else {
    include("views/not_logged_in.php"); // Login page
}

home.php | Main admin panel page 

<?php
    session_start();

    if(empty($_SESSION['user']))
    {
        header("Location: index.php");
    }
?>
<-HTML CODE GOES BELOW HERE->

Login.php | Checks if users and password exist/are correct with the mysql database plus throws out error messages when needed 

<?php

class Login
{
    private $db_connection = null;

    public $errors = array();

    public $messages = array();

    public function __construct()
    {
        // create/read session, absolutely necessary
        session_start();

        if (isset($_GET["logout"])) {
            $this->doLogout();
        }
        elseif (isset($_POST["login"])) {
            $this->dologinWithPostData();
        }
    }

    private function dologinWithPostData()
    {
        if (empty($_POST['user_name'])) {
            $this->errors[] = "Username field was empty.";
        } elseif (empty($_POST['user_password'])) {
            $this->errors[] = "Password field was empty.";
        } elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {

            $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

            if (!$this->db_connection->set_charset("utf8")) {
                $this->errors[] = $this->db_connection->error;
            }

            if (!$this->db_connection->connect_errno) {

                $user_name = $this->db_connection->real_escape_string($_POST['user_name']);

                $sql = "SELECT user_name, user_email, user_password_hash
                        FROM users
                        WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_name . "';";
                $result_of_login_check = $this->db_connection->query($sql);

                if ($result_of_login_check->num_rows == 1) {

                    $result_row = $result_of_login_check->fetch_object();

                    if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {

                        $_SESSION['user_name'] = $result_row->user_name;
                        $_SESSION['user_email'] = $result_row->user_email;
                        $_SESSION['user_login_status'] = 1;

                    } else {
                        $this->errors[] = "Wrong password. Try again.";
                    }
                } else {
                    $this->errors[] = "This user does not exist.";
                }
            } else {
                $this->errors[] = "Database connection problem.";
            }
        }
    }

    public function doLogout()
    {
        // delete the session of the user
        $_SESSION = array();
        session_destroy();
        // return a little feeedback message
        $this->messages[] = "You have been logged out.";

    }

    public function isUserLoggedIn()
    {
        if (isset($_SESSION['user_login_status']) AND $_SESSION['user_login_status'] == 1) {
            return true;
        }
        // default return
        return false;
    }
}

I somebody can see through whats going on and find the issue because I am out of ideas.

Thank you!

3 answers

solution1
 1 ACCPTED  2015-09-06 06:43:53

$_SESSION['user'] isn't defined anywhere. Perhaps you mean to check for $_SESSION['user_name'] . You will also want to make sure the variable exists.

UPDATED This will not allow anyone access to your file via the url if the user_name var is not set. 

if ( ! isset($_SESSION['user_name']) || empty($_SESSION['user_name']) ) {
    header("Location: index.php");
}

Do you have error checking turned on? Put this at the top of your code: 

error_reporting(E_ALL);

solution2
 0  2015-09-06 06:52:18

Use absolute path in header instead of just index.php 

<?php
    session_start();

    if(empty($_SESSION['user']))
    {
        header("Location: http://www.example.com/path_to_index/index.php");
    }
?>

Because if empty($_SESSION['user']) returns true than it redirects to current index.php page and starts loops.

solution3
 0  2015-09-06 07:55:41

just use this code, into home.php! ` 

if (!isset($_SESSION['user_login_status']) || $_SESSION['user_login_status'] != 1){
    header("Location: index.php");
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Redirect loop on login script PHP PHP Login - Ending into redirect loop PHP/JavaScript Facebook Login Redirect loop PHP Login - Ending into redirect loop in Chrome PHP Login with Facebook creating infinite redirect loop This webpage has a redirect loop - PHP Login Php Facebook login script ends up in a redirect loop and does not login Redirect loop after login Infinite loop on login redirect PHP login got Too Many Redirect Loop error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM