Thank you for the suggestions (and I was cleaning up code to prevent SQL injection but stripped it out in case I may have written it incorrectly and it was causing the problem). Below is the complete code for both pages, the login.php where the user inputs their credentials and the index.php where they get directed back to. I want index.php to push them to login if they aren’t properly logged in and that is where this problem is arising. As you will see in the index.php page, I echo’d out the $_SESSION[‘user_id’] value that I test for at the top. If I comment out my if test in the first lines, then, of course, the page loads fine, AND it shows both a session_id value, as well as the proper user_id value as returned from the database. Whichever user I log in as, the user_id is correct. So everything seems to be working fine, except for the test to see if the $_SESSION[‘user_id’] value is set. Very puzzling (to me at least).
Unfortunately neither of your suggestions worked, I did add some code to check if the session is started, and if not, start it just to make sure. But even before I did that the code would echo out the session variable I was setting properly. And the code for session_write_close(); didn’t seem to make any difference either.
Any critique on the rest of the code is always welcome as well as I won’t learn what I am doing wrong unless someone points it out. With that said, some things I am aware are not at all complete (such as correcting for SQL injection attacks) but this is still development code and I typically don’t worry about some of that stuff until later. However, if some think that is a mistake and I should be implementing it from the start I’d be happy to hear that as well. I think I’ve cleared out anything in this code that would give away any pertinent info, but if someone sees something I overlooked let me know so I can correct it.
As it is written here, the code all works perfectly, except for the fact that index.php redirects ALL the time, unless I comment out the IF test in the first few lines.
Greg
CODE FOR login.php
<?php
include_once('../includes/helpers.inc.php'); // Custom functions (such as to make cleaning up input simpler)
include_once('../includes/dbconnect.inc.php'); // Pretty self explanatory (-:
if(isset($_POST['submit']))
{
$loginuser = $_POST['loginuser'];
$loginpassword = md5($_POST['loginpassword']);
$SQLGetUser = "SELECT user_id, username FROM user WHERE username='" . $loginuser . "' AND password='" . $loginpassword . "'";
$result = mysqli_query($link, $SQLGetUser);
if(!mysqli_num_rows($result))
{
$errornotice = "Unable to log you in.";
} else {
while($row = mysqli_fetch_assoc($result))
{
if (!session_id()){
session_start();
}
$_SESSION['user_id'] = $row['user_id'];
$user_id = $row['user_id'];
}
session_write_close();
header('Location: index.php');
exit();
}
}
include_once('../includes/header.inc.php');
include_once('../includes/navigation.inc.php');
?>
<div class="mainbody">
<div class="columncontainer2">
<div class="columncontainer1">
<div class="leftcolumn">
<div class="topicheader">
Administration Access
</div> <!-- topicheader -->
<h2 class="headercontent">Login</h2>
<div class="errorpost"><?php echo $errornotice; ?><br /><?php echo $dberrornotice; ?></div>
<div class="bodycontent">
<div id="loginform">
<form action="login.php" method="post">
<p>
<label for="username">Username: </label><input id="username" type="text" name="loginuser" />
<label for="password">Password: </label><input id="password" type="password" name="loginpassword" />
</p>
<p>Username Entered: <?php echo $loginuser; ?></p> // These lines I put in for testing, and all show the values I expect
<p>Password Entered: <?php echo $loginpassword; ?></p> // The one difference is when a proper set of credentials are entered
<p>SQL: <?php echo $SQLGetUser; ?></p> // And IF query in index.php is active, then it returns to this page with all variables
<p>SESSION USER ID: <?php echo $_SESSION['user_id']; ?></p> // wiped out (except the session one of course)
<p>User_ID: <?php echo $user_id; ?></p>
<input type="submit" name="submit" value="Log-In" />
</form>
</div>
</div>
</div>
<?php
include('../includes/rightcolumn.inc.php');
?>
</div> <!-- columncontainer1 -->
</div> <!-- columncontainer2 -->
</div><!-- mainbody -->
<?php
include('../includes/footer.inc.php');
?>
CODE FOR index.php
<?php
// If I comment out this IF then the page loads as expected
if(!isset($_SESSION['user_id']))
{
header('Location: login.php');
exit();
}
include_once('../includes/helpers.inc.php');
include_once('../includes/dbconnect.inc.php');
include_once('../includes/header.inc.php');
include_once('../includes/navigation.inc.php');
// Post Record Count
$post_count = $link->query("SELECT * FROM posts");
$comment_count = $link->query("SELECT * FROM comments");
?>
<div class="mainbody">
<div class="notation-spacer-bar"></div>
<div class="columncontainer2">
<div class="columncontainer1">
<div class="leftcolumn">
<div class="topicheader">
Blog Admin
</div> <!-- topicheader -->
<h2 class="headercontent">Login</h2>
<div class="bodycontent">
<div id="admin-menu">
<ul>
<li><a href="#">Admin Home</a></li>
<li><a href="#">New Post</a></li>
<li><a href="#">Delete Post</a></li>
<li><a href="logout.php">Log Out</a></li>
<li><a href="#">Blog Home</a></li>
</ul>
</div>
<div id="mainContent">
// THESE ECHO OUT EXACTLY THE VALUES THEY SHOULD
<p>SESSION ID: <?php echo $_SESSION['user_id']; ?></p>
<p>Session_ID: <?php echo session_id(); ?></p>
<table>
<tr>
<td>Total Blog Posts</td>
<td><?php echo $post_count->num_rows; ?></td>
</tr>
<tr>
<td>Total Comments</td>
<td><?php echo $comment_count->num_rows; ?></td>
</tr>
</table>
</div>
</div>
</div>
<?php
include('../../includes/inc_rightcolumn.inc');
?>
</div> <!-- columncontainer1 -->
</div> <!-- columncontainer2 -->
</div><!-- mainbody -->
<?php
include('../includes/footer.inc.php');
?>