PHP Session lost/login not working

Question

I have a question regarding sessions in php. I made a login page, and whenever I tried it, it just gave me a redirect error. So I followed the answer from this question.

So now, instead of getting the redirect error, whenever I press the login button nothing happens, the form is emptied and that is all. What am I doing wrong? This is currently how the code which is giving me issues looks like.

index.php:

    <?phpsession_start();
if (isset($_SESSION['valid_user'])) {

Header("Location: index.php");
exit(); 
}
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$password = $_POST['password'];

$file = file_get_contents("data.txt");
if (strstr($file, "$name||$password")) {


    $_SESSION["valid_user"] = $_POST["name"];
    $_SESSION["valid_time"] = time();


    Header("Location: welcome.php");


} elseif (empty($name) && empty($password)) {

    echo "Both fields are empty. Please fill them.";
} elseif (empty($name)) {

    echo "No name was entered.";
} elseif (empty($password)) {

    echo "No password was entered";
} else {

    echo "Wrong credentials, please try again.";
}
}

To be more specific the code which I think is the problem is this part:

 <?phpsession_start();
if (isset($_SESSION['valid_user'])) {

Header("Location: index.php");
exit(); 
}

But whenever I try it I either get the redirect error:

• My browser gives me "ERR_TOO_MANY_REDIRECTS" when I try to enter the page.

or the page just empties the form and nothing else happens. And the error messages which are supposed to be displayed when I don't type anything in the form is not displaying either. It's been giving me headaches the whole day today so if anyone could just point me in the right direction that would be great.

Also the form HTML I use in index.php:

<body>
    <form method="post" action="index.php" >
        <p>Enter name:</p>
        <input type="text" name="name" />
        <br/>
        <br/>
        <p>Enter password:</p>
        <input type="password" name="password" />
        <br/>
        <br/>
        <input type="submit" value="Login" name="submit"/>
    </form>
</body>

Answer 1

I think there are too many errors related to code. There must be spaces between the opening PHP tag and session_start();.

Plus, the conditional statement you've given in if (isset($_SESSION['valid_user'])) is being interpreted as "if it IS set". What you should have used is the ! operator, meaning if it is "NOT" set.

That is why you are getting "too many redirects".

<?php session_start();// try putting space between here
if (!isset($_SESSION['valid_user'])) {

header("Location: login.php"); // Redirect back to your login page
exit(); 
}

also in } elseif (empty($name) && empty($password)) { // all elseif should be like else if(condition)

also change file names.

You should also add an exit; after every header, otherwise your code will want to continue to execute.

Problem is here when you have a valid user then you are trying to redirect it on index.php which again check for valid user and again redirect on index.php its like INFINITE loop.

Thanx @Fred-ii-

Answer 2

You've got your answer but here is an explanation about "Too many redirects". You are getting that error on your browser because your code is keep redirecting to another page. Both of your statements are returning true:

if (isset($_SESSION['valid_user'])) {
} //Returning true - Redirect to index

if (strstr($file, "$name||$password")) {
} //Returning true - Redirect to welcome

As there are/were no exits after the redirects, the code carries on executing: redirect here than redirect there...

Also you should check the session validation as follows:

if(!isset($_SESSION['session']) || $_SESSION[''] == "")

This will check if the session is not set OR empty.