0

I have a small script to deal with login in to my CMS. The query works fine, but i think i have a problem with SESSIONS, because it redirects to the login page even when the username and password are correct. I have the codes below. Kindly help me resolve this. Thanks in advance.

//checklogin.php....

<?php
include("db/dbconnect.php");

mysqli_select_db($connect, $db);

// username and password sent from signup form
$username = mysqli_real_escape_string($connect, $_POST['username']);
$password = mysqli_real_escape_string($connect, $_POST['password']);

$sql = "SELECT username, password FROM login WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($connect, $sql) or die('Error : ' .  mysqli_error($connect));

// Mysql_num_row is counting table row
$count = mysqli_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count == 1)
{

    //Register $username, $password and redirect to mainpage"
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;

    header("location:about.php");
}
else {
echo "Invalid Username or Password. Please try again.";
echo "<meta http-equiv=Refresh content=5;url=index.php>";
}
?>

//about.php

<?php 
//check if user is logged on;
session_start();
if(!isset($_SESSION['username']) )
{
    header("location:index.php");
}
?>
Improve this question
4
  • You have to start the session in every script that makes use of it (generally bung it in an include that's called on every page) Commented Apr 1, 2015 at 10:53
  • yes i have "session_start();" on all pages that require authentication Commented Apr 1, 2015 at 10:58
  • checklogin.php contains no session_start() Commented Apr 1, 2015 at 11:03
  • yeah i noticed that, and it works now. thanks Commented Apr 1, 2015 at 11:55

2 Answers 2

Reset to default
1

You need to start the session before assigning username and password to it. In your "If" condition ($count ==1), you are directly assigning username and password. Put this line before these assignments:

session_start();

So, now your "If" condition becomes this: 

if($count == 1)
{

    session_start();
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;

    header("location:about.php");
}

I guess, that's what the issue is. Let me know, if it works.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

i have one already marked, is it possible to mark multiple answers as correct?
I guess not. Well, thanks for the upvote !! No issues.
0

add session_start(); in checklogin.php This will help you

<?php
 session_start();  //missing in checklogin.php
include("db/dbconnect.php");
mysqli_select_db($connect, $db);
Improve this answer

1 Comment

thanks very much man! it worked. i spent a week on this before i decided to bring it here. God bless u man.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.