I have problem with session authentication.
I have two file first is verifylogin.php and dashboard.php.
Problem is user can access dashboard.php without login
How can I make user need to log in to view dashboard.php page?
$conn = new mysqli($host, $user, $pass, $db);
if ($conn->connect_error) {
//to check if DB connection IS NOT OK
die("Connection failed: " . $conn->connect_error);
} else {
//connection OK - get records for the selected User account
$queryCheck = "select * from dash_user where username = '".$user_name."'";
$resultCheck = $conn->query($queryCheck);
if ($resultCheck->num_rows == 0) {
//if no record match
echo "<script>alert('Invalid User ID')</script>";
echo "<script>window.location.href='index.html';</script>";
} else {
// record matched, get the data
while ($row = $resultCheck->fetch_assoc()) {
if ($row["password"] == $user_Pwd) {
//in order to asign, use or destroy session
//calling the session_start() is compulsory
session_start();
//asign userid value to session username
$_SESSION["Username"] = $user_name;
$_SESSION["UserType"] = $row["UserType"];
//redirect to page dashbaord.php
// echo "<script>alert('Welcome $user_name!, Successfully Login!')</script>";
echo "<script>window.location.href='dashboard.php';</script>";
} else {
echo "<script>alert('Invalid Password')</script>";
echo "<script>window.location.href='index.html';</script>";
}
}
Above is for verifylogin.php
Below is for dashbaord.php
<body>
<!-- Include navbar -->
<?php include 'include/navbar.html';?>
<!--DATABASE CONNECT -->
<?php
$host = "";
$user = "";
$pwd = "";
$db = "";
$conn = new mysqli( $host, $user, $pwd, $db);
if($conn->connect_error)
{
die("Connection failed : ". $conn->connect_error);
}
else
{
$queryview = "select * from wp8w_uwp_usermeta";
$resultq = $conn->query($queryview);
$Bil = 1;
?>
<br>
<br>
<div class="container mt-5">
<div class="row justify-content-end my-2">
<div class="col-md-4 text-end">
<a href="export.php" class="btn btn-warning" target="_blank">Export to
CSV</a>
</div>
</div>
<table id="mytable" class="table table-striped">
<thead>
<tr>
<th scope="col">Bil</th>
<th scope="col">Username</th>
<th scope="col">Email</th>
<th scope="col">First Name</th>
<th scope="col">Nombor telefon</th>
<th scope="col">Action</th>
</tr>
</thead>
<?php
if($resultq->num_rows > 0){
while($row = $resultq->fetch_assoc()){
?>
<tbody>
<tr>
<td> <?php echo $Bil++;?>.</td>
<td> <?php echo $row['username'];?></td>
<td> <?php echo $row['email'];?> </td>
<td> <?php echo $row['first_name']; ?> </td>
<td> <?php echo $row['nombor_telefon'];?> </td>
<form method="post" action="viewdetail.php">
<td>
<input type="hidden" name="user_id" value="<?php echo $row['user_id'];?>">
<!-- <button class="btn btn-primary" type="submit">More Detail</button> WORKING -->
<a href="viewdetail.php?user_id=<?php echo $row['user_id'];?>">
<button class="btn btn-primary">More Detail</button>
</a>
<!-- <button type="submit"><a href="viewdetail.php?id=<?php echo $row['user_id'];?>" class="btn btn-primary">More Detail</a></button> -->
</td>
</form>
</tr>
<?php
}
}
else
{
echo "<tr><td colspan='6'> NO DATA SELECTED </td></tr>";
}
}
?>
<?php
$conn->close();
?>
</tbody>
</table>
</div>
<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js" integrity="sha384-Xe+8cL9oJa6tN/veChSP7q+mnSPaj5Bcu9mPX5F5xIGE0DVittaqT5lorf0EI7Vk" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.min.js" integrity="sha384-kjU+l4N0Yf4ZOJErLsIcvOU2qSb74wXpOhqTvwVx3OElZRweTnQ6d31fXEoRD1Jy" crossorigin="anonymous"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
</body>
No comments:
Post a Comment