After login.php logs user in a webpage opens but the link on that webpage takes me back to login.php

I use a PDO login system for my students’ homework page.

This week, if the login is OK, login.php includes:

include '20EAP_40_Qs.html.php';

I put a link on 20EAP_40_questions.html.php to another “listen and fill in the gaps” page: 20EAPwW1.html.php

But when I click the link, I end up back at the login.php

Can I get around this?

I can include 20EAPwW1.html.php too, but then the 2 pages are both on 1 page.

Well without seeing specifies I believe the main issue is you are not working off of a main structure/page setup. For example just looking at a “typical” setup you might see a url like myschoolsite.com/students and inside this student directory you would have an index.php page.

On this page you would make sure the student is logged in by checking for a student_id that has been saved to session. If they are NOT logged in you would use a header to direct the user to the log in page. If all is OK then other files can be included on the index.php page.

As for the page names I would never use both an .html AND a .php file extension in the name. In most cases I would use .php if any php is used on the page.

There are many ways to structure a site and whether want a student to go to a page like 20EAP_40_Qs.php directly with a link or have a page included after checks are made is up to you.

An example of how you might do it would be: With each load of index.php a query is made to check the pages/assignments the student currently needs to do or read AND has access to (remember due dates, only allowed access ONCE etc can restrict access to a page).

This query can build an array of $current_assignments , which might hold values like ’ 20EAP40Qs', ‘20EAP40questions’ .

$current_assignments = array('20EAP40Qs', '20EAP40questions');

Note:: No Underscores in the url as those are treated as spaces.

if a student clicks a link like

"myschoolsite.com/students/index.php?pg=20EAP40Qs"

you can do can do a check of this request against the $current_assignments array so only allowed content is shown and you are NOT making any queries based off of a GET URL and only allowed pages would pass.

if(isset($_GET['pg']) && !empty($current_assignments) && in_array($_GET['pg'],$current_assignments)){
	include 'files/'.$_GET['pg'].'php';
}else{
	include 'files/default_content.php';
}

This allows for a “Student Home Page” to be shown by default

Any form processing, i.e. “turning in assignments” should be at the TOP of the page just after you have checked that a student is logged in and before the ‘current_assignments’ query.

Once an assignment is turned in it should no longer be found in the query results for ‘current_assignments’ and thus not in that array.

If the page they are looking at is an informational page like 20EAP40Qs and you have a link in the page content to a questions page that should be fine.

"myschoolsite.com/students/index.php?pg=20EAP40questions"
Again you check of this request against the $current_assignments array.

So links a student will see on any page or menu are rendered by or validated by the $current_assignments array.

I am sure others will tell you other ways but this way you are never making a query based on a GET value and only including files the student has access to.

1 Like

Thanks for your reply!

I will study what you wrote and try and make it work for me.

The reason I use “include” a lot, at least at home on my laptop, when I’m testing things, is: I echo a lot of things to follow what is going on.

If you “echo” before header(‘Location: …’) it won’t work. header must come first.

What I have is an index.php which is the register and login form.

Say the student is registered, enters his user and pw, a click of the login button and login.php takes over, checks first the email the student uses as user name. If that is in the database, then it checks the password. If that is OK, then we include the relevant web page, like:

include '20EAP_40_Qs.html.php'; exit();

But I can’t figure out why I end up back at the index.php, which is the login form.

I suppose include means, I never actually leave login.php At the bottom of login.php, when all else fails, I have:

include_once 'index.php'

If I use header(‘Location: 20EAPwW1.html.php’) will that do the trick???

PS I first learned to use PHP a little from a book by Kevin Hank (Java expert) PHP Novice to Ninja, and he always used .html.php when the page was a mixture of html and php. It’s just habit!

1 Like

In general you don’t put an exit() after include. That to me is a sign of bad planning or design choices.

I have not heard or seen you mention anything about checking if the user IS logged in on your “index,php” page. SO it will always shows its default state. The use of the index.php page for Register or Log In is great but I think when you log in you should set the student id to $_SESSION['student id'] and use a header to send the student to a student directory. Then follow the steps I laid out checking for that $_SESSION['student id'] and if all is good continue with page includes.

If you really are intent on putting everything on one page it will make the page more complicated but you would basically be checking IF the person is logged in and showing different states based on this. Basic idea.

 
//Make sure session is started once on the top of the page/
//session_start();	
if(!empty($_SESSION['student id'])){
	//Do Logged in things, e.g. include 'page.php';
}else{
	//Show log in form (default) with link to register
}

This is a more controlled way of handling what is shown on the page, than throwing an exit tag out to stop the page from loading other content.

1 Like

Thanks again for your reply!

As you can see, I am only a rank amateur at this. I can only cobble together bits from here and there, then try and try till it works on my laptop, always keeping an eye on /var/log/apache2/error.log

When it works at home, I can upload and try again.

I do have a $_SESSION[‘success’]

// if the email checks out, carry on with $user['password'] from  $stmt->fetch();
//validate the password with $user password from the allstudents table
if(password_verify($password, $user['password'])){
    //action after a successful login
    //for now just message a successful login
    $_SESSION['success'] = 'User verification successful';

and at the top of the webpages I put:

<?php
if(!isset($_SESSION['success'])) {
	header('location: index.php');
	//include 'index.php';
	//exit();
	}
?>

(I am not too worried about security, because there are no important data here.)

No, I do not want both pages in 1 include, I want them separate.

It will take me a while to digest what you have told me, but thank you very much!

Light at the end of the tunnel!

1 Like

Not a problem at all about just learning. We are all learning new things everyday.
A general session of ‘success’ is better than no session being set at all during successful login. It would be within that successful password_verify condition where you would direct the student to their section of the site.

if(password_verify($password, $user['password'])){
    //action after a successful login
    $_SESSION['success'] = 'User verification successful';
	header("location: student/index.php");
	exit;
}

Make a “student” directory (folder) and make a new index.php page inside it. Be sure to have session_start(); at the top of the page followed by your “success” check. Make sure to back out of the “student” directory with ../ in your header location call so it points to the main site index and USE an exit after this.

<?php
session_start();
//Check for log in success session
if(!isset($_SESSION['success'])) {
	header('location: ../index.php');
	exit;
}
?>

How you go about it from here is up to you but this is a basic example of the index page.

<?php
session_start();
//Check for log in success session
if(!isset($_SESSION['success'])) {
	header('location: ../index.php');
	exit;
}

//Any form processing can go here i.e. turning in assignments

//Any queries to define current assignments can go here and set to array.
$current_assignments = array();
							   
//Example:
while($row = $query->fetch(PDO::FETCH_ASSOC)){
	$current_assignments[] = $row['assignment_file'];
} 
?>
<!DOCTYPE html>
<html>
<head>
	<title>Student Section</title>
</head>
<body>
<?php
//include display file
if(isset($_GET['pg']) && !empty($current_assignments) && in_array($_GET['pg'],$current_assignments)){
	include 'files/'.$_GET['pg'].'php';
}else{
	include 'files/default_content.php';
}
?>
</body>
</html>

Inside “student” directory I created another directory called “files”, where all content pages are stored, Be sure to make a default_content.php page.
It can be a page that simply has this until you develop it more.

<h2>Welcome To The Student Section</h2>

Best of luck in your journey!

2 Likes

Hi!

Thank you again for all your advice!

Although I haven’t tried stuff like this yet

"myschoolsite.com/students/index.php?pg=20EAP40questions"

I have got it working.

I kept getting messages like this in apache2 error.log

[Sun Sep 05 07:30:40.994577 2021] [php7:notice] [pid 953] [client ::1:56306] PHP Notice: session_start(): A session had already been started - ignoring in /var/www/html/20EAPcw/20EAP40Qs.html.php on line 3, referer: http://localhost/20EAPcw/index.php

So I thought, “delete session_start(); at the top, don’t need it.”

That seems to have caused the trouble, because then the webpage 20EAP40Qs.html.php is not aware that $_SESSION[‘success’] is set, and bounces back to index.php.

As soon as I reinstate session_start(); at the top of 20EAP40Qs.html.php, it works again! I tried many times this morning with and without session_start(); That is definitely the problem!

So I will live with the apache2 error warnings about session_start(), as long as the webpage functions!

Now I need to figure out how

"myschoolsite.com/students/index.php?pg=20EAP40questions"

works!

Thank you for your help!

Have session_start(); at the top of your primary index.php page where you include log in or registration and not on the included log in or registration pages.

On the students/index.php page have session_start(); and $_SESSION[‘success’] check condition on the index page of students, where you wish to check if the user is logged.

session_start(); and $_SESSION[‘success’] check is not on any of the included pages.

Assuming you get past the session and log in issue and make it to the students/index.php page you can define the $current_assignments array directly with file names a student can view as I showed in POST #2 above to get that aspect working where it can show a default page or a page defined in the array.

$current_assignments = array('20EAP40Qs', '20EAP40questions');

Let me know how it goes.

OK will keep you updated on my floundering!

At the moment, instead of /students I have a folder for each class, like /20EAPcw each with its own index.php, because, all the classes have different times to be online. index.php also does UPDATE attendance20EAP SET … to record attendance, or lateness

I have 5 classes and probably will get 2 or 3 more come October! They each have their own MySQL table. Gotta keep them separate!

I have a PHP timer at the top of the main /20EAPcw/index.php. The online class page will only be available during those times. Otherwise, they see a javascript clock and a message showing when the page will be/was available, if they arrive too early or too late. Also, they must send their answers before the deadline or they can’t send.

At one point I had a school portal system with many schools and classes and so you never need many mysql tables for each class. You just need to have a field(s) to define the school/class and grade etc. Each user belongs to a particular set of classes for the designated date span.

1 Like