phphtmlsessionauthentication

How do I use a session for my login screen?

I am creating a webshop and I have the login working, but I ran into a problem. I need to use sessions in order to display and hide certain pages. It's a login screen for the backend of my webshop so it makes sense that it should be secured and hidden from people who aren't allowed to access the backend. I know that I need to start a session at the top of the page, but then what? I searched Google but I can't find a solution which I can apply to my code.

<?php
session_start();

*my information*

// Create connection
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

if(isset($_POST['submit'])) {
$uname = $_POST['username'];
$wwoord = $_POST['wachtwoord'];
$query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";
$result = mysqli_query($conn, $query);

if($result) {
    $_SESSION['ingelogd'] = true;
    echo"U bent ingelogd!";
    header("location: index.php");

} else {
    echo "Inloggegevens incorrect.";
}
}
?>

<html lang="en"><head>
<meta charset="UTF-8">
<title>Admin panel</title>
<link rel="stylesheet" type="text/css" href="tables.css">
</head>
<body>
<div id="content">
<ul>
<li><a href="index.php">Admin panel</a></li>
<li><a href="Medewerkersoverzicht.php">Medewerkersoverzicht</a></li>
<li><a href="addMedewerker.php">Medewerkers toevoegen</a></li>
<li><a href="Klantenoverzicht.php">Klantenoverzicht</a></li>
<li><a href="Productoverzicht.php">Productoverzicht</a></li>
<li><a href="addProduct.php">Product toevoegen</a></li>
<li><a href="reparatieOverzicht.php">Reparatieoverzicht</a></li>
<li><a href="contactoverzicht.php">Contactoverzicht</a></li>
</ul>
<h1>Admin login</h1>
<form role="form" method="post" action="index.php" class="contactForm">
    <table>
        <tr>
            <td><label for="username">Username</label></td>
            <td><input type="text" name="username" class="" id="username">      <br><br></td>
        </tr>
        <tr>
            <td><label for="wachtwoord">Wachtwoord</label></td>
            <td><input type="password" name="wachtwoord" class=""    id="wachtwoord"><br><br></td>
        </tr>
        <tr>
            <td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
        </tr>
    </table>
</form>
</div>
</html>
Solution

  • Once the session is started check for the existence of the session variable- if it already exists then redirect the user.

    <?php
if( !isset( $_SESSION ) ) session_start();

/* if the session already exists, redirect user */
if( isset( $_SESSION['ingelogd'] ) ) header("location: index.php");

/* don't echo content outwith the document body ~ other than suitable head content */

$msg='';
$conn = new mysqli( $dbhost, $dbuser, $dbpass, $dbname );
if ( $conn->connect_error ) die("Connection failed");/* don't reveal too much information about db ! */


if( isset( $_POST['submit'] ) ) {

    $uname = $_POST['username'];
    $wwoord = $_POST['wachtwoord'];
    $query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";

    /* best practise: don't mix OO & procedural code */
    $result = $conn->query( $query );

    if( $result ) {
        $_SESSION['ingelogd'] = true;
        header("location: index.php");
    } else {
        /* assign error message as a variable to echo later */
        $msg="Inloggegevens incorrect.";
    }
    $conn->close();
}
?>

<html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>Admin panel</title>
        <link rel="stylesheet" type="text/css" href="tables.css">
    </head>
    <body>
        <div id="content">
            <ul>
                <li><a href="index.php">Admin panel</a></li>
                <li><a href="Medewerkersoverzicht.php">Medewerkersoverzicht</a></li>
                <li><a href="addMedewerker.php">Medewerkers toevoegen</a></li>
                <li><a href="Klantenoverzicht.php">Klantenoverzicht</a></li>
                <li><a href="Productoverzicht.php">Productoverzicht</a></li>
                <li><a href="addProduct.php">Product toevoegen</a></li>
                <li><a href="reparatieOverzicht.php">Reparatieoverzicht</a></li>
                <li><a href="contactoverzicht.php">Contactoverzicht</a></li>
            </ul>
            <h1>Admin login</h1>
            <?php
                echo $msg;/* error message */
            ?>
            <form role="form" method="post" action="index.php" class="contactForm">
                <table>
                    <tr>
                        <td><label for="username">Username</label></td>
                        <td><input type="text" name="username" class="" id="username"><br><br></td>
                    </tr>
                    <tr>
                        <td><label for="wachtwoord">Wachtwoord</label></td>
                        <td><input type="password" name="wachtwoord" class="" id="wachtwoord"><br><br></td>
                    </tr>
                    <tr>
                        <td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
                    </tr>
                </table>
            </form>
        </div>
    </body>
</html>