jeudi 26 avril 2018

Login System causes ERR_TOO_MANY_REDIRECTS

I am working on a login system for a website and produced a system that checks the user's credentials against my database and redirects the user based on if the information is correct or not. I have now implemented a system to prevent the user from accessing the page if they are not currently logged in however once directed to this page chrome produces the following error:

ERR_TOO_MANY_REDIRECTS

I will list below all the code that I feel is relevant but feel free to ask for anything else you feel is needed.

The file that checks credentials against the database:

<?php
// check login logic here
require('../includes/sessions.inc.php');
require('../includes/conn.inc.php');

$userLogin = filter_var($_POST['userLogin'], FILTER_VALIDATE_EMAIL);
if($userLogin) {
    //email good
    //check if in database next
    $sql= "SELECT * FROM Users WHERE userLogin = :userLogin";
    $stmt = $pdo->prepare($sql);
    $stmt->bindParam(':userLogin', $userLogin, PDO::PARAM_STR);
    $stmt->execute();
    $numUsers = $stmt->rowCount();
    if($numUsers == 0){
        // email not in database error
        $_SESSION['loginError'] = 1;
        $referer = "loginFail.php";
        }else{
            // need to check password next
            $row =$stmt->fetchObject();
            $dbPasswordHash = $row->userPassword;
            if(password_verify($_POST['password'], $dbPasswordHash)) {
                unset($_SESSION['loginError']);
                $_SESSION['login'] = 1;
                $referer = "cms/cms.php";
            }else{
                // database does not match error
                $_SESSION['loginError'] = 1;
                $referer = "loginFail.php";
            }   
        }        
}else{
    //Not valid email error
    $_SESSION['loginError'] = 1;
    $referer = "loginFail.php";
}
header("Location: ../".$referer);
?>

The 'authorize' file to check that a user is logged in before displaying the page:

<?php
// check if session login and redirect if not
if(!isset($_SESSION['login'])){
    header('Location: ../cms/cms.php');
    exit;
}
else
{
    header('Location: ../loginFail.php');
    exit; 
}
?>

To check that the user is logged in before showing the cms page I use the following:

require('../includes/authorize.inc.php');

Any help or suggestions would be appreciated.




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)