0

Im trying to rebuild a login on my website, Ive inherited the website but the login is currently built with ajax and take forever to login.

Ive written the following that allows users to login...

<form name="form1" method="post" action="checklogin.php">
    <input name="myusername" type="text" id="myusername">
    <input name="mypassword" type="text" id="mypassword">
    <input type="submit" name="Submit" value="Login">
</form>

If login is a success the user is redirected...

header("location:earn-credits.php");

My probelm is though, when the user is sent to the "Earn-credits" page theres a check to see user is login which, if they aren't sends the user back to the homepage...

if(!$usersClass->checkLoggedIn()) { 
  header("Location: /index.php");
}

Now I know my users are logging in with the above form as theyre being redirected and im receiving no error messages.

Im new to PHP and AJAX so what im asking is why is this? Do I need to set a cookie?

Below is my class to check the user is logged in...

/**
 * check if user is logged in
 */ 
public function checkLoggedIn()
{
    if(isset($_SESSION['loggedIn']))
    {
        if(isset($_SESSION['loggedIn']['id']) && 
            isset($_SESSION['loggedIn']['username']) && 
            isset($_SESSION['loggedIn']['password']) && 
            isset($_SESSION['loggedIn']['credits']) && 
            isset($_SESSION['loggedIn']['active'])) {                   
                return true;
        }
    }

    return false;
}
Liam
  • 9,725
  • 39
  • 111
  • 209
  • I didn't see a question in there? You said "Now I know my users are logging in with the above form as theyre being redirected and im receiving no error messages." So what's the problem? – BenM Oct 17 '12 at 08:03
  • What seems to be the problem? You state the users are logging in an no error message... – madflow Oct 17 '12 at 08:04
  • So, if login is a success, user is redirected to earn-credits.php. So why are you checking if the users are logged in in earn-credits.php ? – bogatyrjov Oct 17 '12 at 08:04

3 Answers3

1

Before 

header("location:earn-credits.php");

You should probably use your $usersClass to set the users session data.

Udan
  • 5,429
  • 2
  • 28
  • 34
0

The first session_start() call creates a PHPSESSID cookie at the user's end, which helps the server maintain which session variable belongs to who. Sessions are meant to handle these things for you.

You need not explicitly set another cookie for your login system. However, do look into session-stealing and ways to prevent it.

Community
  • 1
  • 1
Anirudh Ramanathan
  • 46,179
  • 22
  • 132
  • 191
0

A few pointers:

First, is the script on checklogin.php starting a session? (session_start() or maybe automatical session start in php.ini)?

Second, is checklogin.php SETTING $_SESSION['loggedIn']['id'], $_SESSION['loggedIn']['username'] etc?

Third: Is the page you redirect to (earn-credits.php) starting the session too? You need to use session_start() on each page, or the session is lost.

Fourth: I don't see any AJAX in your code.

Last, just s style issue: The first if statement makes no sense. I mean the one with: if(isset($_SESSION['loggedIn'])). You are already checking that.

public function checkLoggedIn()
{
    if(isset($_SESSION['loggedIn']))
    {
        if(isset($_SESSION['loggedIn']['id']) && 
            isset($_SESSION['loggedIn']['username']) && 
            isset($_SESSION['loggedIn']['password']) && 
            isset($_SESSION['loggedIn']['credits']) && 
            isset($_SESSION['loggedIn']['active'])) {                   
                return true;
        }
    }

    return false;
}

could as well be:

public function checkLoggedIn() {
 return ((isset($_SESSION['loggedIn']['id']) && 
            isset($_SESSION['loggedIn']['username']) && 
            isset($_SESSION['loggedIn']['password']) && 
            isset($_SESSION['loggedIn']['credits']) && 
            isset($_SESSION['loggedIn']['active'])));
}
Erwin Moller
  • 2,375
  • 14
  • 22