This is my first time using sessions in PHP and it seems I'm doing something logically wrong. I'm coding a forgot password page where the user inputs a randomly generated code to the form and after he clicks submit, displays a message whether the code is correct or not. The user gets 3 attempts to enter the correct code if that's the case is redirected to reset password page else he is redirected to the login page. I'm using a variable called $_SESSION['attempts'] where it is set to 3 in a previous page and $_SESSION['code'] variable to store the randomly generated code also from a previous page.
The error message is correctly displayed, that is when the user input the wrong code, the alert dialog pops up and say that he has 2,1 or 0 attempts left and even if the user inputs the correct code, he is redirected to the reset password page. But after it has reached 0 attempt, the redirect does not work. Any idea how to solve this? Thanks in advance.
Here is the PHP code below :
<?php
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST"){
// input code of the user once it is submitted
$_code = filter_input(INPUT_POST, 'code');
if($_SESSION['attempts'] != 0){
// check if code != the generated code
if($_code != $_SESSION['code']){
$_SESSION['attempts']--;
echo "<script type='text/javascript'>alert('ERROR : Wrong code entered. You have {$_SESSION['attempts']} attempts left.');</script>";
//success - redirect to reset password page
} else {
//header to reset password page
}
}
}
// if attempts === 0 -> redirect to login page (THIS PART DOESNT WORK)
if (($_SESSION['attempts']=== 0 || $_SESSION['attempts'] === '0')) {
//header to login page
}
?>
CodePudding user response:
You have put your 'attemp == 0' condition out of the Post request. Move it to inside of Post request. Then your code should look like below:
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST"){
$_code = filter_input(INPUT_POST, 'code');
if($_SESSION['attempts'] != 0){
if($_code != $_SESSION['code']){
$_SESSION['attempts']--;
echo "<script type='text/javascript'>alert('ERROR : Wrong code entered. You have {$_SESSION['attempts']} attempts left.');</script>";
} else {
//header to reset password page
}
}
else {
echo "Now, I need to go login page";
}
}
?>
CodePudding user response:
Dear Just put one check after session start and for testing this script also put some $_SESSION['code'] value or if you have already than you can proceed with below logic. Remember to put this check on your index or first page where you have defined attempts. Also I have updated your js script and included location.href so that you can see alert before redirection.
<?php
session_start();
if(!isset($_SESSION['attempts']))
{
$_SESSION['attempts']=3;
}
if ($_SERVER["REQUEST_METHOD"] == "POST"){
// input code of the user once it is submitted
$_code = filter_input(INPUT_POST, 'code');
if($_SESSION['attempts'] != 0){
// check if code != the generated code
if($_code != $_SESSION['code']){
$_SESSION['attempts']--;
echo "<script type='text/javascript'>alert('ERROR : Wrong code entered. You have {$_SESSION['attempts']} attempts left.');location.href='index.php';</script>";
//success - redirect to reset password page
} else {
//header to reset password page
}
}
}
// if attempts === 0 -> redirect to login page (THIS PART DOESNT WORK)
if (($_SESSION['attempts']=== 0 || $_SESSION['attempts'] === '0')) {
//header to login page
}
?>