Improper return to login page during system session stay

Asked

Viewed 38 times

-2

When I log in to the page inicio.php is with the session created.

When I force return to the page address login.php has an error, instead of staying on the page inicio.php because the user is already logged in to the system it goes to the page login.php which obliges the user to enter the login data.

'Cause I wish that remain on the page inicio.php and did not return to the page login.php to prevent the user from entering their login details again.

  • login.php (home page, go to the file valida_login and then goes to inicio.php)
<?php
    
    require(__DIR__ . '/conexao/conexao.php'); // Importa o arquivo conexao.php

    // Se existir o id da sessão ou se a sessão já aberta
    if (session_id() || isset($_SESSION)) {
        header('Location: inicio.php');
    }

    // Se existir a $_SESSION['id_usuario'] irá impedir que o login seja burlado
    if (isset($_SESSION['id_usuario'])) {
        header('Location: inicio.php');
    }

?>

<!DOCTYPE html>
<html lang="pt-br">
<head>
    <meta charset="utf-8">
    <title> Login </title>
    <link rel="stylesheet" href="/WEB/css/css.css">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
    <script type="text/javascript" src="/WEB/js/senha_login/senha_login.js"></script>
</head>
<body>
    <h1> Bem vindo ao sistema </h1>
    <form method="POST" action="valida_login.php">
        <p> Email: <input type="email" name="email" placeholder="Digite seu email" title="Campo para digitar o email de login do usuário" size=30 required maxlength="50"> </p>
        <p> Senha:
            <input type="password" id="senha" name="senha" placeholder="Digite a sua senha" title="Campo para digitar a senha de login do usuário"size="30" maxlength="32" required="" onclick="mostrarSenha()">
            <i class="fa fa-eye" id="text" aria-hidden="true" title="Ocultar senha"></i>
            <i class="fa fa-eye-slash" id="pass" aria-hidden="true" title="Mostrar senha"></i>
        </p>
        <button name="Entrar" title="Botão para entrar no sistema">Entrar</button>
        <a href="recuperar_senha.php" title="Recuperar sua senha de login através de seu email">Esqueceu sua senha?</a>
    </form>
</body>
</html>
  • inicio.php (if the login is done successfully stays on this page, logout.php redirects to login.php)
<?php

    require(__DIR__ . '/conexao/conexao.php');

    // Se não existir o id da sessão ou se a sessão não estiver aberta
    if (!session_id() || !isset($_SESSION)) {
        session_start();
    }

    // Se não existir a $_SESSION['id_usuario'] irá impedir que o login seja burlado
    if (!isset($_SESSION['id_usuario'])) {
        header('Location: login.php');
        die;
    }

    echo "Seja bem vindo ao sistema!";
?>

<p> <a href="logout.php" name="Sair" title="Sair do sistema">Sair</a> </p>
php

  • Are you giving session_start() on login? Try to leave only if(!$_SESSION['id_usuario'']) pq maybe the error is pq always has a session but not necessarily an id_user in it, and then it is in this loop

  • @andre_luiss still not understood well.

  • i meant is maybe you can have an existing session in the browser, and it will not necessarily have a key with "id_usuario" but will fall in your if

1 answer

0

the session_start() necessarily has to be defined before, of the code, this if placed:

// Se não existir o id da sessão ou se a sessão não estiver aberta
if (!session_id() || !isset($_SESSION)) {
    session_start();
}

only executes if the session DOES NOT HAVE AN ID, and if the session array has not set, you can delete if by leaving only the session_start() statement and remember that all requests (either for any internal page, or login or validation) to Session must be started. That is, in all the files, which can be opened directly by the user, regardless of whether or not the login is done, Session has already been opened, or created if it is a new user.

What you filter is precisely the content, if in the session you have a defined or valid id_user and with access to your content, then you show the content, if you don’t have it, you can destroy all the session data (clearing it) and directing the user to a login screen. In this validation, you can check a session time, or a permission or any other specific data you want, and if any does not pass, then you direct the user to the correct destination.

  • Inside php should only exist this if, nothing else but that if? not even the file that imports the database?

  • Even though I leave only the if still back to the login page needing to enter the login data again.

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.