Home > OS >  After logging-in, the page refreshes and stays on login.php instead of the profile.php which it shou
After logging-in, the page refreshes and stays on login.php instead of the profile.php which it shou

Time:11-05

this is my login.php

<?php
session_start();
require_once('db_connection.php');

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql = "SELECT id, username, full_name FROM users WHERE username = ? AND password = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $username, $password);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows === 1) {
        $user = $result->fetch_assoc();
        $_SESSION['user_id'] = $user['id'];
        header("Location: profile.php");
        exit;
    } else {
        $error_message = "Invalid username or password.";
    }
}

if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

?>

<!DOCTYPE html>
<html>
<head>
    <title>Login - Diary Website</title>
</head>
<body>
    <h1>Login</h1>
    <form method="post" action="login_process.php">
        <label for="username">Username:</label>
        <input type="text" name="username" id="username" required><br>

        <label for="password">Password:</label>
        <input type="password" name="password" id="password" required><br>

        <input type="submit" value="Login">
    </form>
</body>
</html>

this is my login_process.php

<?php
session_start();
require_once('db_connection.php'); // Include the file that contains your database connection details.

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'];
    $password = $_POST['password'];

    // Validation and sanitation
    $username = filter_var($username, FILTER_SANITIZE_STRING);

    // Check for empty username
    if (empty($username)) {
        header("Location: login.php?error=empty_username");
        exit;
    }

    // Check the user's credentials in the database.
    $sql = "SELECT * FROM users WHERE username = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows === 1) {
        $user = $result->fetch_assoc();
        if (password_verify($password, $user['password'])) {
            // Password matches, user is authenticated.
            $_SESSION['user_id'] = $user['id'];

            // Redirect to the landing page (profile.php).
            header("Location: profile.php");
            exit;
        } else {
            // Incorrect password.
            header("Location: login.php?error=incorrect");
            exit;
        }
    } else {
        // User does not exist.
        header("Location: login.php?error=notfound");
        exit;
    }
} else {
    // Handle cases where the request method is not POST.
    header("Location: login.php");
    exit;
}

if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

?>

this is my profile.php

<?php
session_start();

if (!isset($_SESSION['user_id'])) {
    // If the user is not logged in, redirect them to the login page.
    header("Location: login.php");
    exit;
}

require_once('db_connection.php'); // Include the file that contains your database connection details.

$user_id = $_SESSION['user_id'];

// Retrieve user profile information from the database.
$sql = "SELECT full_name, nickname, age, creation_date FROM users WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows === 1) {
    $user = $result->fetch_assoc();
} else {
    // Handle the case where the user's profile is not found (e.g., database error).
    echo "Error: Unable to retrieve user profile. Please try again later.";

    
}

if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

?>

<!DOCTYPE html>
<html>
<head>
    <title>User Profile - Diary Website</title>
</head>
<body>
    <h1>User Profile</h1>
    <a href="diary_form.php">Write a Diary Entry</a>
    <a href="logout.php">Log out</a>

    <h2>Profile Information</h2>
    <?php if (isset($user)) : ?>
        <p><strong>Full Name:</strong> <?php echo $user['full_name']; ?></p>
        <p><strong>Nickname:</strong> <?php echo $user['nickname']; ?></p>
        <p><strong>Age:</strong> <?php echo $user['age']; ?></p>
        <p><strong>Account Created On:</strong> <?php echo $user['creation_date']; ?></p>
    <?php endif; ?>
</body>
</html>

this is my first time asking here. i hope you can help me. I'm a college student and planning to create a diary website using phpmyadmin database from xampp

I did look for answers chatgpt recommended but it does not work and it cant pinpoint the problem. so if there php developer here, please help. thanksss

CodePudding user response:

Are you sure it's staying on the login page and not being redirected back to it, from profile.php?

Also, if on the login page you have the form process to login_process.php, so what is the purpose of the PHP code at the top of the login page?

I'd guess that it's doing just what it says on the tin, you just aren't seeing what is going on.

Your login page will direct to login_process and use the $_POST array, but then that goes to profile which also tries to use the $_POST array (now empty) and because it cannot use it, redirects back to the login page.

HTH

CodePudding user response:

In profile.php after line session_start()

try var_dump($_SESSION['user_id']); exit();

or print_r($_SESSION); exit();

to ensure that $_SESSION working and $_SESSION['user_id'] !== null cause isset function return false when input is null

https://www.php.net/manual/en/function.isset.php

Page link:https//www.codepudding.com/os/694065.html

Prev:Fatal error: Uncaught Error: Call to undefined function wp_generate_password() or wp_mail()
Next:Back
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding