Redirect access with sessions

Navigation
3

By entering the valid user and password, the system creates a CONTROL variable to which the value of 1 is assigned.
LOGIN.PHP: 

<?php
    require ('includes/config.php');    
    if (isset($_POST['user'])) {
        $usuariodao = new UsuarioDAO();
        $u = $usuariodao->login($_POST['user'], $_POST['password']);
        if($u){
            $_SESSION['USUARIO_ACTUAL'] = serialize($u);
            $_SESSION['CONTROL'] = 1;
            header("Location: index2.php");
            exit;
        } else {
            $tpl = new Plantilla();
            $tpl->assign('ErrorLogin', "Usuario y/o Clave incorrectos");
            $tpl->display("login.tpl.php");
        }
    }
?>

INDEX2.PHP: 

<?php
    require ('includes/config.php');
    if ($_SESSION['CONTROL'] !== 1) {
        header("Location: index.php");  <-- EJECUTAR SI "CONTROL" no fue definido.
        exit;
    }
    echo "EXITO";
//---- CODIGO QUE SE EJECUTARÁ
?>

If the password and username are correct, it shows "SUCCESS" and in the bar it is: link But if I open another window and copy the url it shows "SUCCESS". It does not enter to execute INDEX.PHP. But if I close the browser and paste the URL link , it executes the header redirecting to index.php. What is the problem?

    
asked by Piropeator 14.02.2017 в 16:04
source

2 answers

2

I can see that you never get to change the value of the session when the login success has already taken place.

Above to evaluate if the session is different from null or that determines that it is empty you should use: empty e isset . Also, you could use unset to destroy the session.

For this you would have to modify: 

<?php
    require ('includes/config.php');

    if ((!isset($_SESSION['CONTROL']) && empty($_SESSION['CONTROL'])) || $_SESSION['CONTROL'] !== 1) {
        header("Location: index.php");
        exit;
    }
    else{
       $_SESSION['CONTROL'] = 0; // Asignarle otro valor diferente a 1
       unset($_SESSION['CONTROL']); // o destruirlo
       echo "EXITO";
    }
?>

On the handling of sessions in php it is necessary to include session_start(); .

    
answered by 15.02.2017 / 04:20
source
0

Check if you are not misusing your header function. According to PHP:

  

Remember that header () must be called before displaying anything on the screen, HTML tags, blank lines from a file or from PHP. It is a common error to read code with functions such as include or require, or other types of file access functions that include spaces or blank lines that are displayed before calling the function header () . The same problem occurs when a single PHP / HTML file is used.

link

Check if the first thing you show is your header, as the indicated text says and that before it you are not introducing absolutely anything, even a minimum space in any part of the code, to be displayed on the screen.

On the other hand, the log is telling you that the CONTROL constant is already defined in your login.php file. If it is the same value, you do not need to define it again, if it is a different value, it is better to give it a different name.

Have you checked the login.php file?

This thread could also be useful: PHP and the header function (location:)

If possible, check the source code of the page when you try to open it. Maybe you can see if there is something before the header.

Update

I would review the configuration of the .htaccess file in the root folders where the files you are using are located, especially index2.php

I would also look at the includes / config.php file

Somewhere the flow enters a loop from which it can not exit. As suggested in a comment, check the logs and if you do not find anything, review the code of your files in the order they should appear.

Since the error message suggests cleaning cookies, trying to delete all the data from the browser if possible, or opening a private session of it, that sometimes helps to debug possible things that may remain in memory.

    
answered by 14.02.2017 в 18:48
Separate a column in several SQL Server Undefined variable in a single view of laravel