I have a page that has various inputs, they enter in some text then press submit which inserts the information they have entered into the database... It works fine but when I redirect them back to their home page (available only to logged in users) my site actually takes them back to the index page (available to everyone) with the message "You must be logged in to do that..."
I then log back in to check if the stuff I entered was even posted, it was...and it was posted as my name, which tells me that at least the page that has inserts my post has my session stored
I have checked in my code to make sure I am passing the session variables along and I seem to be doing the right thing.
Here is what I have on the home page to make sure the user is logged in:
<?php session_start(); ?>
<?php
if (!isset($_SESSION['id'])){
header("Location: index.php?message=You Must Log in to go there!");
}
?>
and here is the code for the insert-post.php page:
<?php session_start(); ?>
<?php require_once("../includes/include_all.php"); ?>
<?php
#myslqi connection
$con = new mysqli(host,db_username,db_password, db_name);
#THE POST VARIABLES
$content = $con->real_escape_string($_POST['content']);
$details = $con->real_escape_string(nl2br($_POST['details']));
$user_id = $_SESSION['id'];
$subjectArray = explode(',', $_POST['subject']);
$bonus = $_POST['bonus'];
#DATES
$date = date('Y-m-d G:i:s', time());
$date_expires = date('Y-m-d G:i:s', time() + (3600*4));
#photo
$photo_name = $_POST['photo_name'];
#cost of this post
$cost = $bonus+200;
#insert the question
$query = "INSERT INTO questions
(content, award, image, details, user_id, category, sub_category, date_created, date_expires, alive)
VALUES ('".$content."',
'".$bonus."',
'".$photo_name."',
'".$details."',
'".$_SESSION['id']."',
'".$subjectArray[1]."',
'".$subjectArray[0]."',
'".$date."',
'".$date_expires."',
1)
";
$insert_question = $con->query($query);
if (!$insert_question){
die("Could not enter the question [" .$con->error . "]");
} else{
header("Location: ".document_root."home.php?query=questions&message=Your question post was successful!");
}
?>
The header takes you back to the home page with the query = questions which just displays your recent posts and leaves you a message... It is on the same page that has the validation that the user is logged in...
EDIT: code for login verification:
#check for user via username/password
public function can_log_in($inputs){
$query = "SELECT * FROM users WHERE user_name = '".$inputs['user_name']. "' AND password = '".$inputs['password']."'";
$result = $this->con->query($query);
if (!$result){
die("Not performing query [" .$this->con->error);
}
if ($result->num_rows == 1){
#start session
$_SESSION['id'] = $this->get_user_id($inputs['user_name']);
$_SESSION['user'] = $inputs['user_name'];
return true;
} else{
return false;
}
}
AND THE get user_id function
#fetch user id
public function get_user_id($username){
$query = "SELECT * FROM users WHERE user_name = '".$username."'";
$result = $this->con->query($query);
while ($row = $result->fetch_assoc()){
return $row['id'];
}
}
These are in the class User