Need help for php access control

PHP
1 
           function userIsLoggedIn(){

                    if(isset($_POST['action']) and $_POST['action'] == 'login'){
           
                 if (!isset($_POST['email']) or $_POST['email'] == '' or !isset($_POST['password']) or           $_POST['password'] == ''){
        
                 echo 'Please fill in both fields';
                 return FALSE;
                exit();
        }


        
        if (databaseContainsAuthor($_POST['email'], $_POST['password']) and userAccountIsActive($_POST['email'])){
            if(!isset($_SESSION)){session_start();};
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['email'] = $_POST['email'];
            $_SESSION['password'] = $_POST['password'];
            
            echo 'Please Wait, Redirecting...';
            exit();
            
        }
        
        else{
            if(!isset($_SESSION)){session_start();};
            unset($_SESSION['loggedIn']);
            unset($_SESSION['email']);
            unset($_SESSION['password']);
            echo 'The specified email address or password was incorrect.';
            exit();
            
            
        }
    }
    
    if (isset($_POST['action']) and $_POST['action']=='logout'){
        session_start();
        unset($_SESSION['loggedIn']);
        unset($_SESSION['email']);
        unset($_SESSION['password']);
        header('Location: .');
        exit();
    }
    
    if(!isset($_SESSION)){session_start();};
    if (isset($_SESSION['loggedIn'])){
        return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);
    }
}

    include $_SERVER['DOCUMENT_ROOT'] . '/templates/header.html.php';
    if(userIsLoggedIn()){
    include $_SERVER['DOCUMENT_ROOT'] . '/templates/favourite-box.html.php';
    };

You can see that i am not using return false or true for userIsLoggedIn() function nevertheless the template favourite box in including when i am loggedIn and it is not including when i am logged out.
Why it is working perfectly?

2

Surely this line of code towards the end of the function might well return true?

        return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);

And I think this one close to the top might well return false.

                 return FALSE;
3

The fact that you are echoing messages tells me that headers have already been sent to the browser, e.g. <html> etc. session_start() must be called before anything is sent to the browser.

4

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.