Dzień dobry. Od kilku godzin próbuję zrobić skrypt, który zabezpieczy stronę logowania (login.php) przed wpisaniem index.php. Czyli ma sprawdzać, czy jest sesja po zalogowaniu. Proszę o pomoc.
login.php
<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
<title>User Login and Registration</title>
<link rel="stylesheet" type="text/css" href="style.css" >
<link rel="stylesheet" type="text/css" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" >
<link rel="stylesheet" type="text/css" href="squarestyle.css">
</head>
<body>
<div class="nav-login">
<form action="includes/login.inc.php" method="POST">
<div id="login-kwad"></div>
<div id="stopka"></div>
<div id="form-wrapper">
<div calss="container">
<div class="login-box">
<div class="col-md-6">
<h2 style="color: white;">Login Here</h2>
<div class="form-group">
<label style="color: white;">E-Mail/Username<span>*</span></label>
<input type="text" name="uid" class="form-control" placeholder="Username/Email" required />
</div>
<div class="form-group">
<label style="color: white;">Password</label>
<input type="password" name="pwd" class="form-control" placeholder="Password" required />
</div>
<button id="login-btn" type="submit" class="btn btn-primary"> Login </button>
<button id="register-site" type="submit" class="btn btn-primary" onClick="window.location = 'signup.php'"> Register </button>
</form>
</div>
</div>
<div id="txt-stopka">
<p>© 2019 site.com</p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
login.inc.php:
<?php
session_start();
if (isset($_POST['submit']))
{
include'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//Check if inputs are empty
if (empty($uid) || empty($pwd))
{
header("Location ../login.php?login=empty");
exit();
}
else
{
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = msqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($result < 1)
{
header("Location ../login.php?login=error");
exit();
}
else
{
if ($row = mysqli_fetch_assoc($result))
{
//De-hashing password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false)
{
header("Location ../login.php?login=error");
exit();
}
elseif ($hashedPwdCheck == true)
{
//Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location ../login.php?login=success");
exit();
}
}
}
}
}
else
{
header("Location ../login.php?login=error");
exit();
}
?>