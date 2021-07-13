Since you have made changes to the code, you would need to post the current code to get help with it.
Some points about the first posted code -
- Each user written function should be responsible for doing one thing only. A function named checkLogin should only check if the login (authentication) was successful or not and return the result to the calling code. That particularly named function should not be responsible for creating a database connection, displaying errors, setting session variables, or redirecting.
- Every redirect needs an exit/die statement after it to stop php code execution.
- Don’t unconditionally display raw database errors. Just let php catch and handle the exception from most database statements, where php will ‘automatically’ display/log the raw error information the same as for php errors. The exception to this rule is when inserting/updating duplicate user submitted data. In this case, your code should catch the exception and detect if the error number is for a duplicate index. For all other error numbers, just re-throw the exception and let php handle it.
- When the user successfully logs in, you should store the user id (auto-increment primary index) in the session variable, then use that user id to query on each page request to get any other user data.
- The redirect upon successful completion of the form processing should be to the exact same url of the current page to cause a get request for that page. If you want to display a one-time success message, store it in a session variable, then test, display, and clear that session variable at the appropriate location in the html document.
- There’s no need to close database connections in your code. Php will automatically destroy all resources used on a page when the script ends, which will be a fraction of a second after the point where you tried to close the connection yourself.