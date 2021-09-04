After login.php logs user in a webpage opens but the link on that webpage takes me back to login.php

PHP
#1

I use a PDO login system for my students’ homework page.

This week, if the login is OK, login.php includes:

include '20EAP_40_Qs.html.php';

I put a link on 20EAP_40_questions.html.php to another “listen and fill in the gaps” page: 20EAPwW1.html.php

But when I click the link, I end up back at the login.php

Can I get around this?

I can include 20EAPwW1.html.php too, but then the 2 pages are both on 1 page.

#2

Well without seeing specifies I believe the main issue is you are not working off of a main structure/page setup. For example just looking at a “typical” setup you might see a url like myschoolsite.com/students and inside this student directory you would have an index.php page.

On this page you would make sure the student is logged in by checking for a student_id that has been saved to session. If they are NOT logged in you would use a header to direct the user to the log in page. If all is OK then other files can be included on the index.php page.

As for the page names I would never use both an .html AND a .php file extension in the name. In most cases I would use .php if any php is used on the page.

There are many ways to structure a site and whether want a student to go to a page like 20EAP_40_Qs.php directly with a link or have a page included after checks are made is up to you.

An example of how you might do it would be: With each load of index.php a query is made to check the pages/assignments the student currently needs to do or read AND has access to (remember due dates, only allowed access ONCE etc can restrict access to a page).

This query can build an array of $current_assignments , which might hold values like ’ 20EAP40Qs', ‘20EAP40questions’ .

$current_assignments = array('20EAP40Qs', '20EAP40questions');

Note:: No Underscores in the url as those are treated as spaces.

if a student clicks a link like

"myschoolsite.com/students/index.php?pg=20EAP40Qs"

you can do can do a check of this request against the $current_assignments array so only allowed content is shown and you are NOT making any queries based off of a GET URL and only allowed pages would pass.

if(isset($_GET['pg']) && !empty($current_assignments) && in_array($_GET['pg'],$current_assignments)){
	include 'files/'.$_GET['pg'].'php';
}else{
	include 'files/default_content.php';
}

This allows for a “Student Home Page” to be shown by default

Any form processing, i.e. “turning in assignments” should be at the TOP of the page just after you have checked that a student is logged in and before the ‘current_assignments’ query.

Once an assignment is turned in it should no longer be found in the query results for ‘current_assignments’ and thus not in that array.

If the page they are looking at is an informational page like 20EAP40Qs and you have a link in the page content to a questions page that should be fine.

"myschoolsite.com/students/index.php?pg=20EAP40questions"
Again you check of this request against the $current_assignments array.

So links a student will see on any page or menu are rendered by or validated by the $current_assignments array.

I am sure others will tell you other ways but this way you are never making a query based on a GET value and only including files the student has access to.

#3

Thanks for your reply!

I will study what you wrote and try and make it work for me.

The reason I use “include” a lot, at least at home on my laptop, when I’m testing things, is: I echo a lot of things to follow what is going on.

If you “echo” before header(‘Location: …’) it won’t work. header must come first.

What I have is an index.php which is the register and login form.

Say the student is registered, enters his user and pw, a click of the login button and login.php takes over, checks first the email the student uses as user name. If that is in the database, then it checks the password. If that is OK, then we include the relevant web page, like:

include '20EAP_40_Qs.html.php'; exit();

But I can’t figure out why I end up back at the index.php, which is the login form.

I suppose include means, I never actually leave login.php At the bottom of login.php, when all else fails, I have:

include_once 'index.php'

If I use header(‘Location: 20EAPwW1.html.php’) will that do the trick???

PS I first learned to use PHP a little from a book by Kevin Hank (Java expert) PHP Novice to Ninja, and he always used .html.php when the page was a mixture of html and php. It’s just habit!

#4

In general you don’t put an exit() after include. That to me is a sign of bad planning or design choices.

I have not heard or seen you mention anything about checking if the user IS logged in on your “index,php” page. SO it will always shows its default state. The use of the index.php page for Register or Log In is great but I think when you log in you should set the student id to $_SESSION['student id'] and use a header to send the student to a student directory. Then follow the steps I laid out checking for that $_SESSION['student id'] and if all is good continue with page includes.

If you really are intent on putting everything on one page it will make the page more complicated but you would basically be checking IF the person is logged in and showing different states based on this. Basic idea.

 
//Make sure session is started once on the top of the page/
//session_start();	
if(!empty($_SESSION['student id'])){
	//Do Logged in things, e.g. include 'page.php';
}else{
	//Show log in form (default) with link to register
}

This is a more controlled way of handling what is shown on the page, than throwing an exit tag out to stop the page from loading other content.

#5

Thanks again for your reply!

As you can see, I am only a rank amateur at this. I can only cobble together bits from here and there, then try and try till it works on my laptop, always keeping an eye on /var/log/apache2/error.log

When it works at home, I can upload and try again.

I do have a $_SESSION[‘success’]

// if the email checks out, carry on with $user['password'] from  $stmt->fetch();
//validate the password with $user password from the allstudents table
if(password_verify($password, $user['password'])){
    //action after a successful login
    //for now just message a successful login
    $_SESSION['success'] = 'User verification successful';

and at the top of the webpages I put:

<?php
if(!isset($_SESSION['success'])) {
	header('location: index.php');
	//include 'index.php';
	//exit();
	}
?>

(I am not too worried about security, because there are no important data here.)

No, I do not want both pages in 1 include, I want them separate.

It will take me a while to digest what you have told me, but thank you very much!

Light at the end of the tunnel!