User authentication is not working in dashboard.php

I have problem with session authentication.

I have two file first is verifylogin.php and dashboard.php.

Problem is user can access dashboard.php without login

How can I make user need to log in to view dashboard.php page?

$conn = new mysqli($host, $user, $pass, $db);
if ($conn->connect_error) {
    //to check if DB connection IS NOT OK
    die("Connection failed: " . $conn->connect_error);
} else {
    //connection OK - get records for the selected User account
    $queryCheck = "select * from dash_user where username = '".$user_name."'";
    $resultCheck = $conn->query($queryCheck);

    if ($resultCheck->num_rows == 0) {
        //if no record match
        echo "<script>alert('Invalid User ID')</script>";
        echo "<script>window.location.href='index.html';</script>";
    } else {
        // record matched, get the data
        while ($row = $resultCheck->fetch_assoc()) {
            if ($row["password"] == $user_Pwd) {
                //in order to asign, use or destroy session
                //calling the session_start() is compulsory
                session_start();
                //asign userid value to session username
                $_SESSION["Username"] = $user_name;
                $_SESSION["UserType"] = $row["UserType"];
                //redirect to page dashbaord.php
                // echo "<script>alert('Welcome $user_name!, Successfully Login!')</script>";
                echo "<script>window.location.href='dashboard.php';</script>";
            } else {
                echo "<script>alert('Invalid Password')</script>";
                echo "<script>window.location.href='index.html';</script>";
            }
        }

Above is for verifylogin.php

Below is for dashbaord.php

       <body>

       <!-- Include navbar -->
       <?php include 'include/navbar.html';?>
    
       <!--DATABASE CONNECT -->
       <?php

       $host = "";
       $user = "";
       $pwd = "";
       $db = "";
                 
       $conn = new mysqli( $host, $user, $pwd, $db);
                 
       if($conn->connect_error) 
       {
           die("Connection failed : ". $conn->connect_error);
       }
                             
       else

       {
          $queryview = "select * from wp8w_uwp_usermeta";
                 
         $resultq = $conn->query($queryview);

         $Bil = 1;
     ?>

    <br>
    <br>
     
    <div class="container mt-5">
    
    <div class="row justify-content-end my-2">
            <div class="col-md-4 text-end">
                <a href="export.php" class="btn btn-warning" target="_blank">Export to 
     CSV</a>
            </div>
    </div>
    
        <table id="mytable" class="table table-striped">
                <thead>
                    <tr>
                    <th scope="col">Bil</th>
                    <th scope="col">Username</th>
                    <th scope="col">Email</th>
                    <th scope="col">First Name</th>
                    <th scope="col">Nombor telefon</th>
                    <th scope="col">Action</th>
                    </tr>
                </thead>

                <?php
                    if($resultq->num_rows > 0){
                        while($row = $resultq->fetch_assoc()){
                ?>

                <tbody>
                    <tr>
                        <td> <?php echo $Bil++;?>.</td>
                        <td> <?php echo $row['username'];?></td>
                        <td> <?php echo $row['email'];?> </td>   
                        <td> <?php echo $row['first_name']; ?> </td>
                        <td> <?php echo $row['nombor_telefon'];?> </td>
                        <form method="post" action="viewdetail.php">
                            <td>
                            <input type="hidden" name="user_id" value="<?php echo $row['user_id'];?>"> 
                            <!-- <button class="btn btn-primary" type="submit">More Detail</button> WORKING -->
                            <a href="viewdetail.php?user_id=<?php echo $row['user_id'];?>">
                                <button class="btn btn-primary">More Detail</button>
                            </a>
                            <!-- <button type="submit"><a href="viewdetail.php?id=<?php echo $row['user_id'];?>" class="btn btn-primary">More Detail</a></button> -->
                            </td>
                        </form>
                    </tr>
    
                    <?php
                    }
                        } 
                            else 
                            {
                            echo "<tr><td colspan='6'> NO DATA SELECTED </td></tr>";
                            }
                        }
                    ?>
                    <?php
                            $conn->close();
                            ?>
                </tbody> 
        </table>
</div>         
    <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js" integrity="sha384-Xe+8cL9oJa6tN/veChSP7q+mnSPaj5Bcu9mPX5F5xIGE0DVittaqT5lorf0EI7Vk" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.min.js" integrity="sha384-kjU+l4N0Yf4ZOJErLsIcvOU2qSb74wXpOhqTvwVx3OElZRweTnQ6d31fXEoRD1Jy" crossorigin="anonymous"></script>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>

</body> 


Comments

Popular posts from this blog

Today Walkin 14th-Sept

Spring Elasticsearch Operations

Hibernate Search - Elasticsearch with JSON manipulation