Basically just making some back-end for my portfolio, in pretty early days right now so the code is messy and a lot of playing around still.
I had sessions working but now they're not.
My website is set up like so: portfolio, then sub folder for my back end. It contains an index.php (which I log in through) then its supposed to load dashboard.php and pass in the session (which should pass in that im logged in) then load all of the dashboard.
However it loads "You are not logged in" the weird thing is.. if i purposely type in an incorrect password on the index.php, it STILL loads dashboard.php and says "you are not logged in" instead of just echoing "please try again"
My index.php: http://pastebin.com/eCzxUCkY Dashboard.php: http://pastebin.com/waJ2HAXA
Thought it may be neater to post them there instead.
Please help :( I've restarted my pc, cleared my cache, done everything. It won't work locally, and it wont work on my host. HOWEVER i do have another site running all the same stuff and it still works. So i feel like its something in my actual code :(
Try this. I added some extra error checking.
On your log in page replace this
<?php
session_start();
if (isset($_SESSION["username_login"])) {
$username = $_SESSION["username_login"];
$loggedIn = true;
}
with this
<?php
session_start();
if (isset($_SESSION["username_login"]) && $_SESSION["username_login"] != '') { // does the session exist and if so, does it have a value
$username = $_SESSION["username_login"];
$loggedIn = true;
} else {
$_SESSION['username_login'] = NULL; // empty the session value
unset($_SESSION['username_login']); // kill the session
$loggedIn = false;
}
On your dashboard, replace this
<?php
session_start();
$username = $_SESSION["username_login"];
$loggedin = true;
}
?>
with this
<?php
session_start();
if (isset($_SESSION["username_login"]) && $_SESSION["username_login"] != '') { // does the session exist and if so, does it have a value
$username = $_SESSION["username_login"];
$loggedin = true;
} else {
$_SESSION['username_login'] = NULL; // empty the session value
unset($_SESSION['username_login']); // kill the session
$loggedin = false;
}
?>
session_destroy() does not "kill" a session. It's equivalent to $_SESSION['something'] = ''. The session is still alive, it's just empty.
To completely kill a session you have to "unset" it.
Hope this helps!
Happy coding!
References
I always do two things when I'm using sessions:
1) Set a session name using the PHP function:
session_name('myAppName');
session_start();
2) If the user login fails, I destroy the session:
session_destroy();
so it removes whatever could be stuck inside the session info.
Have you tried it?
session_start();
$username = $_SESSION["username_login"];
$loggedin = true;
}
You have a misplaced closing brace in your dashboard.php. Are you using an IDE, or a text editor? Most IDEs will highlight syntax errors. It took me less than a few seconds to find that once I pasted your code into Netbeans.
I'm guessing you copy/pasted this code from your index.php, and didn't remove one of the curly braces. Easy mistake to make. A decent IDE will spot that immediately.