Need help with session

#1

have click login button twice to post on welcome page
login.php

<?php

 session_start();

?>

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <meta http-equiv="X-UA-Compatible" content="ie=edge">

    <link rel="stylesheet" href="assets/css/bootstrap.css">

    <title>Document</title>

</head>

<body>

    <section class="mt-5">

    <div class="container">

        <div class="row">

            <div class="col-3"></div>

            <div class="col-6">

     <form action="welcome.php" method="post">

      <input type="text" name="txtName" class="form-control mb-3">

      <input type="password" name="txtPass" class="form-control mb-3">

      <input type="submit" value="Log in" name="btnLogin" class="btn btn-block btn-success">

    

     </form>

     </div>

      <div class="col-3"></div>

     </div>

    </div>

    </section>

    <?php

     if(isset($_POST["btnLogout"])){

        unset($_SESSION["name"]);

     }

    ?>

</body>

</html>

welcome.php

<?php

   session_start();

   if(isset($_SESSION["name"])){

   echo $_SESSION["name"];

   }

   else{

     header("location:login.php");

   }

?>

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <meta http-equiv="X-UA-Compatible" content="ie=edge">

    <title>Document</title>

</head>

<body>

    <form action="login.php" method="post">

    <input type="submit" value="Log Out" name="btnLogout">

    </form>

    <?php

      if(isset($_POST["btnLogin"])){

      $_SESSION["name"]=$_POST["txtName"];

      $_SESSION["pass"]=$_POST["txtPass"];

      }

    ?>

</body>

</html>
#2

These are the steps you are currently doing.

  1. User enters info and clicks submit.
  2. User is taken to the processing page.
    a. Session data is evaluated and fails.
    b. Script keeps running and updates the session values.
    c. User is redirected to the login page.
  3. User enters info again.
  4. User is taken to the processing page.
    a. The session data is present.

Follow this pattern.
Process all the PHP at the top of the page.
Take the input in at the bottom of the page.

What that means is, the html should all be at the bottom and the processing php should be at the top.

Don’t store the password in the session. Not only is it just a bad idea, it is a security issue you shouldn’t help.

1 Like
#3

And you do not need to post your data to another php file. Keep it short and simple (KISS) and remove whole the action attribute from the form element.

<?php

// initialisation of variables
$validation = true;
$errors = [];
$username = '';

// if the form is submitted
if($_SERVER['REQUEST_METHOD'] == 'POST') 
{
    $username = $_POST['username'];

    // validate the input somehow ...
    if(strlen($username) < 2) {
        $errors[] = 'Enter a valid username.';
        $validation = false;
    }


    if($validation === true) {
        // NOW HANDLE THE FORM DATA E.G. USER LOGIN OR SAVE DATA TO DATABASE

        // After successfull form submit always redirect the user to the page you like and exit!
        header('Location: homepage.php');
        exit;
    }
}
?>
<doctype!>
<html>
    <body>
        <!-- here in the view we only use PHP to echo variables -->
        <?php if(count($errors)): ?>
            <ul>
                <?php foreach($errors as $error): ?>
                    <li><?php echo $error; ?></li>
                <?php endforeach ?>
            </ul>
        <?php endif ?>

        <form method="post">
            <!-- form fields -->
            <input type="text" name="username" value="<?php echo $username; ?>">
            <button>Send</button>
        </form>
    </body>
</html>
Sponsor our Newsletter | Privacy Policy | Terms of Service