Page 1 of 1

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 6:51 am
by Celauran
Variables are not evaluated inside single quotes. You'll need to use double quotes or append the variable to the string.

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 7:01 am
by Celauran
You're still using single quotes.

Code: Select all

header('Location:affiliate-profile.php?id=$id');
Try this:

Code: Select all

header("Location: affiliate-profile.php?id={$id}");

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 7:06 am
by Celauran
Well, I see that $id isn't defined, so that's problematic. Also, I don't know what page this is. Redirect loop, maybe?

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 7:47 am
by Celauran
You define $id simply through $id = some value. But let's take a step back and look at the login process. You're presenting the user a form, getting username and password (you really should not be using md5 here, by the way), checking that against the database, and logging the user in. Further redirects depend on the user id, but you're storing their username in session data. Maybe store the ID instead? Alternately, maybe you don't use ?id= at all in your URLs. You're already checking session data to determine whether or not the user is logged in. You can just grab their data from the DB once you've identified them, no?

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 8:37 am
by Celauran
ianhaney wrote:Ok, yeah have heard usin md5 is not good to use and to salt the password by using sha56, is that right?
No. Use bcrypt. Use bcrypt.

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 8:42 am
by Celauran
ianhaney wrote:It has logged me in now but just need to work the issue out of checking if already logged in and if so to redirect from the login page to the profile page, it is doing it but the url looks like the following

http://it-doneright.co.uk/affiliate-profile.php?id=

and on the page it says No results to display

the url should look like http://it-doneright.co.uk/affiliate-profile.php?id=14

would the coding in the login page need changing or the profile page coding?
As I mentioned in an earlier post, you're not defining $id. You can take different approaches here and while perhaps not the most elegant, the simplest is simply to pull the ID from the database after you've checked that a username is stored in session data and pass that into your header redirect.

Alternately, you can redirect without any query string and check session data on the profile page instead. Functionally they're equivalent, though not having query strings at the end of your URLs always looks a little nicer IMO.

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 8:56 am
by Celauran
I'm not sure what Bcrypt object you're trying to instantiate. You really just need to call password_hash

Code: Select all

[9:54][local][~]
% php -a
Interactive shell

php > $password = 'top_secret_special_sauce';
php > $hashed = password_hash($password, PASSWORD_DEFAULT);
php > print $hashed;
$2y$10$qDJNhRodgQs9F16IyJGueuAi3NUziToFMFYj4gkOaq0B4cvpYsHSm
php >

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 8:57 am
by Celauran
But this is getting way off track. Let's focus on one thing at a time.

Re: check if logged in php issue

Posted: Tue Dec 08, 2015 9:01 am
by Celauran
Don't worry about it. For now, at least, let's focus on the task at hand.