php - Variable errors in session for admin pages -
i creating login website. can code below working: lets me log in! yet can't start session work: people can still pages via url.
log in php:
<?php //calling connection database include "connection.php"; //if user posts called login if(isset($_post['login'])){ //declaring variables user input , using escape string protect php scripts $user = mysqli_real_escape_string($dbconn,$_post['user']); $pass = mysqli_real_escape_string($dbconn,$_post['pass']); //select users table user input matches un , pw $sel_user = "select * users un='$user' , pw='$pass'"; //put content held in sel_user variable run_user $run_user = mysqli_query($dbconn, $sel_user); //use run_user counting rows , save in check_user $check_user = mysqli_num_rows($run_user); //if content row numbers greater 0 if($check_user>0){ //session un equal user input stored in $user $_session['username']=$user; //display admin main page header('location: ../adminmain.php'); } else { //display log in error page header('location: ../loginerror.php'); } } //close database connection mysqli_close($dbconn); ?> start session code says undefined variables:
<?php include"includes/loginrequiredb.php"; if($_session['username'] !=$user){ session_destroy(); header("location: view.php"); die(); }else { echo "welcome site have logged in" . $_session['username']; } ?>
without starting session can not values $_session.
you need start session in both files as:
session_start(); note need start_session() in both files in welcome file.
side note:
i suggest use isset() checking either value set or not.
Comments
Post a Comment