I'm implementing a login for a small application. I created a login with a simple authentication query and creating a session for that, It worked totally fine. But later on, when I have made the session system a little bit complex than to log in user has to submit a login form twice to log in.
I have tried going through php-session-lost-after-redirect and others as well but have no clue what's the issue.
I'm attaching login layout, session check file & login logic files so you can have a better view of the issue. LOG IN LOGIC:
<?php $msg = ""; if(isset($_POST['submitBtnLogin'])) { $username = trim($_POST['username']); $password = md5(trim($_POST['password'])); if($username != "" && $password != "") { try { $query = "select * from `user` where `email`=:username and `password`=:password"; $stmt = $pdo->prepare($query); $stmt->bindParam('username', $username, PDO::PARAM_STR); $stmt->bindValue('password', $password, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); $count = $stmt->rowCount(); if($count == 1 && !empty($row)) { if($row['verified']==0){ $msg = "Your account is not approved by admin. Please contact your admin to get it approved!"; }else{ $userId=$row["id"]; $query = "select * from `bbfdccAppSessions` where `userId`=:userId"; $stmt = $pdo->prepare($query); $stmt->bindParam('userId', $userId, PDO::PARAM_STR); $stmt->execute(); $sessiondata= $stmt->fetch(PDO::FETCH_ASSOC); $sesscount= $stmt->rowCount(); if($sesscount == 1 && !empty($sessiondata)){ $query = 'DELETE FROM `bbfdccAppSessions` WHERE userId=:auserId'; $stmt = $pdo->prepare($query); $stmt->bindParam('auserId', $userId, PDO::PARAM_STR); $stmt->execute(); }else{ $currentTimeStamp=time(); $verified=1; $query = "INSERT INTO `bbfdccAppSessions`(`userId`, `sesstimestamp`, `verified`) VALUES (:userId,:timestampNew,:verified)"; $stmt = $pdo->prepare($query); $stmt->bindParam('userId', $userId, PDO::PARAM_STR); $stmt->bindValue('timestampNew', $currentTimeStamp, PDO::PARAM_STR); $stmt->bindValue('verified', $verified, PDO::PARAM_STR); $stmt->execute(); $query = "select * from `bbfdccAppSessions` where `userId`=:userId"; $stmt = $pdo->prepare($query); $stmt->bindParam('userId', $userId, PDO::PARAM_STR); $stmt->execute(); $sessiondata= $stmt->fetch(PDO::FETCH_ASSOC); if (!isset($_SESSION)) { session_start(); } $_SESSION['currentSession']=$currentTimeStamp; $_SESSION['sessionSec']=$sessiondata['sessId']; $msg = "Log in Success!"; //var_dump ($_SESSION); //exit(); header('Location: /bbfdcc-app/', true, 301); session_write_close(); exit(); } } } else { $msg = "Invalid username and password!"; } } catch (PDOException $e) { echo "Error : ".$e->getMessage(); } } else { $msg = "Both fields are required!"; } } ?> LOGIN PAGE LAYOUT:
<?php session_start(); if(!isset($_SESSION['currentSession']) && !isset($_SESSION['sessionSec'])){ require 'loginlogic.php'; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content=""> <meta name="author" content=""> <noscript><h1 style="text-align:center; font-size:2em; padding-bottom:100000px; color:black; background:white; padding-top:400px;">JavaScript is off. Please enable to view full site.</h1></noscript> <title>BBFDC - Login</title> <!-- Custom fonts for this template--> <link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css"> <link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet"> <!-- Custom styles for this template--> <link href="css/sb-admin-2.min.css" rel="stylesheet"> </head> <body class="bg-gradient-primary"> <div class="container"> <!-- Outer Row --> <div class="row justify-content-center"> <div class="col-xl-10 col-lg-12 col-md-9"> <div class="card o-hidden border-0 shadow-lg my-5"> <div class="card-body p-0"> <!-- Nested Row within Card Body --> <div class="row"> <div class="col-lg-6 d-none d-lg-block bg-login-image"> </div> <div class="col-lg-6"> <div class="p-5"> <div class="text-center"> <div class="sidebar-brand-text mx-3" style="padding: 20px;"><img src="img/bbfdc logo.png" width="150px;"></div> <h1 class="h4 text-gray-900 mb-4">Welcome Back!</h1> </div> <form class="user" method="post"> <div class="form-group"> <input type="email" class="form-control form-control-user" id="exampleInputEmail" aria-describedby="emailHelp" placeholder="Enter Email Address..." name="username"> </div> <div class="form-group"> <input type="password" class="form-control form-control-user" id="exampleInputPassword" placeholder="Password" name="password"> </div> <input type="submit" name="submitBtnLogin" id="submitBtnLogin" value="Login" class="btn btn-primary btn-user btn-block" /> <br> <span class="loginMsg" style="color:red;"><?php echo @$msg;?></span> </form> <hr> <div class="text-center"> <a class="small" href="forgot-password.html">Forgot Password?</a> </div> <div class="text-center"> <a class="small" href="register.php">Create an Account!</a> </div> </div> </div> </div> </div> </div> </div> </div> </div> <!-- Bootstrap core JavaScript--> <script src="vendor/jquery/jquery.min.js"></script> <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script> <!-- Core plugin JavaScript--> <script src="vendor/jquery-easing/jquery.easing.min.js"></script> <!-- Custom scripts for all pages--> <script src="js/sb-admin-2.min.js"></script> </body> </html> <?php }else{ header("Location: /bbfdcc-app/"); exit(); } ?> 
没有评论:
发表评论