-2

My website navigation bar should change accordingly to the session before and after login. However, the session is not working as it displays both login and logout menu, here's my php login code:

<?php
session_start();
include 'dbh.php';

$login_email = $_POST ['login_email'];
$login_pwd = $_POST ['login_pwd'];

$sql_login = "select * from userdata where email='$login_email' and 
pwd='$login_pwd'";

$check_user= mysqli_query($conn, $sql_login);

if($row = mysqli_fetch_assoc($check_user)){
    $_SESSION['id']= $row['id'];
    $_SESSION['authenticated']=true;

    header("Location: testing.html");
}else{
    echo "Your email or password is incorrect"; 
}

mysqli_close($conn);

HTML (including login and registration drop down menu):

<?php
if(isset($_SESSION['authenticated']))
{
    echo '
    <li class="dropdown">
      <a class="dropdown-toggle" data-toggle="dropdown" href="#"><b>Admin</b><span class="caret"></span></a>
      <ul class="dropdown-menu">
        <li><a href="logout.php">Logout</a></li>
      </ul>
    </li>';
}else{
    echo '
    <li class="dropdown">
    <a href="#" class="dropdown-toggle" data-toggle="dropdown"><b>LOGIN</b><span class="caret"></span></a>
        <ul id="login-dp" class="dropdown-menu">
            <ul class="nav nav-tabs">
                <li class="active"><a href="#Login" data-toggle="tab">Login</a></li>
                <li><a href="#Registration" data-toggle="tab">Registration</a></li>
                <div class = "tab-content">
                <div class="tab-pane active" id="Login">
                    <b><em>Listen to the voice of Soul</em></b>
                    <form class="form" role="form" method="post" action="login.php" accept-charset="UTF-8"id="login-nav">
                        <div class="form-group">
                            <label class="sr-only" for="email1">Email address</label>
                            <input type="email" class="form-control"id="email1" name="login_email" placeholder="Email address" required>
                        </div>
                        <div class="form-group">
                            <label class="sr-only" for="pwd1">Password</label>
                            <input type="password" class="form-control" id="pwd1" name="login_pwd" placeholder="Password" required>
                            <div class="help-block text-right"><a href="">Forget the password?</a></div>
                        </div>  
                        <div class="form-group">
                            <input type="submit" name="loginBtn" class="btn btn-primary btn-block">Sign in</button>
                        </div>
                        <div class="checkbox">
                            <label><input type="checkbox">Keep me logged-in</label>
                        </div>
                    </form>
                </div>
                <div class="tab-pane" id="Registration">
                    <b><em>Listen to the voice of Soul</em></b>
                    <form class="form" role="form" method="POST" action="signup.php" accept-charset="UTF-8"id="signup-nav">
                        <div class="form-group">
                            <label class="sr-only" for="email2">Email address</label>
                            <input type="email" class="form-control"id="email2" name="signup_email" placeholder="Email address" required>
                        </div>
                        <div class="form-group">
                            <label class="sr-only" for="password2">Password</label>
                            <input type="password" class="form-control" id="pwd2" name="signup_pwd" placeholder="Password" required>
                        </div>  
                        <div class="form-group">
                            <label class="sr-only" for="password3">Confirm Password</label>
                            <input type="password" class="form-control" id="pwdcon" name="signup_pwdcon" placeholder="Confirm Password" required>
                        </div>  
                        <div class="form-group">
                            <input type="submit" name="signUpBtn" value="Sign Up" class="btn btn-primary btn-block"></button>
                        </div>
                    </form>
                </div>  
                </div>
            </ul>
        </ul>
    </li>';
}
?>

I am new to both php and html, is it because of the wrong echo tag?

Alois
  • 130
  • 1
  • 2
  • 14
  • Just a couple of considerations since you're new to PHP: don't use POST variables in the query without at least [sanitizing](http://php.net/manual/en/mysqli.real-escape-string.php) these. 2nd: after a redirect with header("Location:") you [should insert a die() statement](https://stackoverflow.com/a/20932511/1677209). – T30 Nov 27 '17 at 10:55
  • if (!$check_user){ die("Connection failed: ".mysqli_connect_error()); } Something like this? @T30 – Alois Nov 27 '17 at 11:01
  • I was just saying that you should call `exit()` or `die()` after a redirect with `header(Location:...)`, otherwise the subsequent code keep on running on the server. This is not an issue in this scenario (you just have a mysqli_close directive) but can lead to serious issues in more complex scripts. Your comment is about unsuccessful logins (in this case I prefer to output the form again with an error message, instead of die() but it's another topic!) – T30 Nov 27 '17 at 11:10
  • okay i got it, will make further improvement. Thanks again – Alois Nov 27 '17 at 11:13

2 Answers2

0

If it's outputting both the if and else conditions, probably it's not interpreting it as php.

Instead of redirecting to an HTML file, try a php file ("Location: testing.php")

T30
  • 11,422
  • 7
  • 53
  • 57
  • It works! thank you so much I was really confusing with php and html combination, it fixed nicely – Alois Nov 27 '17 at 10:59
0

Remember to add session_start() to the top of the HTML page and make sure you're if statement is using the right comparison type:

if ($_SESSION['authenticated'] == true){

On another note, your sql statement is vulnerable to sql injection, you should use php prepared statements or at least sanitize the data in the variable $_POST

Nabil Ali
  • 147
  • 1
  • 13
  • Tried but it remain the same. Okay noted. Guess i need to spend a lot of time learning these. Thank you – Alois Nov 27 '17 at 11:00