Hello, I’ve been writing a ‘create user’ form that takes user input to
1: create a listing in a mySQL database with their information, an enum ‘accountStatus’ set as ‘INACTIVE’, and a unique hash.
2: send an email to the address specified by the user with a link to a page on my website with their unique hash passed as a variable.
3: once the user clicks on the link to the page, it accesses the DB again and changes the enum on the entry associated with the hash to ‘ACTIVE’ then redirects to the log in page.
When a user wants to log in they enter in their username and pass, submit that to a processing page which session_start(); then checks the DB against their username/pass and on ‘accountStatus’ being ‘ACTIVE’. If all those are true it assigns $_SESSION[“loggedin”] = true; closes the connection to the DB and redirects to the main page.
On the main page I begin session_start(); with this snippet right below:
[php]
if($_SESSION[“loggedin”] != true) {
header(“location:index.php?err=2”);
}[/php]
index.php?err=2 being my login page with an error saying that you have to be logged in to access the page.
The very first time I try to log in as a new verified user it thinks that $_SESSION[“loggedin”] is false even though there is no way I can think of that someone could have gotten to my main page via the login processing page without $_SESSION[“loggedin”] being true.
If I try immediately after that to log in with the exact name and pass, it works normally and lets me access my main page logged in as that user. The error only occurs once and only the first time a new, verified, user tries to log in. I’ve checked against the values in the DB and ‘accountStatus’ is set to ‘ACTIVE’ each time the error occurs so I do not believe it is an issue with SQL.
Here is the bits of my code I think are pertinent:
indexProc.php <- the page the login form sends username and pass to. (using POST)
[php]
if($result = $mysqli->query($query)) {
// STEP 4. Get results from the DB. We get the results back as an array and need to iterate through
// that array.
// If the query ran, here we iterate through the result set.
while($row = $result->fetch_array(MYSQL_ASSOC)) {
// If we have a match, set the SESSION variable and then
// redirect the user to the menu page. If not successful,
// redirect to the login page.
if(($row[“numMatches”] == 1)) {
// Here we escape any HTML in case any got by us…
$_SESSION[“username”] = htmlspecialchars($username);
$_SESSION[“loggedin”] = true;
// Free result set and disconnect from the DB.
$result->close();
$mysqli->close();
// Redirect...
header("location:http://www.mysite.com/main.php");
} else { ....
[/php]
main.php <- can only be seen by verified users logged in.
[php]
session_start();
// Make sure that the user is logged in. If they are logged in,
// we would have set $_SESSION[“loggedin”] to true on the indexProc.php page.
// If the user has not logged in, we need to redirect them to the login page.
if($_SESSION[“loggedin”] != true) {
header(“location:index.php?err=2”);
}
[/php]
Thank you for any help you can give me in this regard. I find this to be a really weird error as it only happens once, immediately following the creation of a user account.