When entering the valid username and password, the system creates a CONTROL variable that is assigned the value of 1.
LOGIN.PHP:
<?php
require ('includes/config.php');
if (isset($_POST['user'])) {
$usuariodao = new UsuarioDAO();
$u = $usuariodao->login($_POST['user'], $_POST['password']);
if($u){
$_SESSION['USUARIO_ACTUAL'] = serialize($u);
$_SESSION['CONTROL'] = 1;
header("Location: index2.php");
exit;
} else {
$tpl = new Plantilla();
$tpl->assign('ErrorLogin', "Usuario y/o Clave incorrectos");
$tpl->display("login.tpl.php");
}
}
?>
INDEX2.PHP:
<?php
require ('includes/config.php');
if ($_SESSION['CONTROL'] !== 1) {
header("Location: index.php"); <-- EJECUTAR SI "CONTROL" no fue definido.
exit;
}
echo "EXITO";
//---- CODIGO QUE SE EJECUTARÁ
?>
If the password and user are correct, it shows "SUCCESS" and the bar reads: http://localhost/index2.php But if I open another window and copy the url, it still shows "SUCCESS". It does not enter to execute INDEX.PHP. But if I close the browser and paste the url http://localhost/index2.php it does execute the header redirecting to index.php. What is the problem??
I can see that you never get to change the value of the session when the login success has already been done.
Above to evaluate if the session is other than null or that it determines that it is empty you should use:
empty
eisset
. You could also useunset
to destroy the session.For this you would have to modify:
Regarding the handling of sessions in php it is necessary to include
session_start();
.Check if you are not misusing your header function. According to PHP:
http://php.net/manual/es/function.header.php
Check if the first thing you show is your header, as the indicated text says and that before it you are not entering absolutely anything, not even a minimum space in any part of the code, so that it is displayed on the screen.
On the other hand, the log is telling you that the CONTROL Constant is already defined in your login.php file. If it is the same value you do not need to define it again, if it is a different value you should give it a different name.
Have you checked the login.php file?
This thread might also help you: PHP and the header(location: ) function
If possible, check the source code of the page when you try to open it, maybe you can see if there is something before the header.
Update
I would check the .htaccess file settings in the root folders where the files you are using are located, especially index2.php
I would also look at the includes/config.php file
Somewhere the flow enters a loop from which it cannot get out. As suggested in a comment, check the logs and if you don't find anything, go through the code in your files in the order they should appear.
Since the error message suggests clearing cookies, I'd try clearing all browser data if possible, or opening a private browser session, that sometimes helps debug possible things that might stick around.