I'm having a strange issue with my header redirection after successfull password_verify() Here is a part from the login.php
login.php
$sql = "SELECT * FROM formular WHERE email='".$emailUsername."' OR username='".$emailUsername."'";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
if (password_verify($password, $row["hash"])) {
if (isset($_POST["remember_me"])) {
$_SESSION["remember_me"] = $emailUsername;
setcookie('remember_me', md5($emailUsername . time()));
$stmt = $conn->prepare("INSERT INTO sessions (id) VALUES (?)");
$stmt->bind_param("s", $_COOKIE["remember_me"]);
$stmt->execute();
if ($stmt->affected_rows) {
}
$stmt->close();
$conn->close();
}
$_SESSION = array(
"login" => true,
"data" => array(
"username" => $row["username"],
"email" => $row["email"],
"time" => time() +10*5
)
);
header('Location: ../home/userarea.php');
exit();
}
else {
$errorField2 = "<div class=\"alert alert-danger\">".
"<strong>Whoops!</strong> Wrong entries!".
"</div>";
}
now on the top of every single page i have a file that checks if the session is set and then redirect the user to the page. and on the loginpage i have a remember_me checkbox that should set a cookie after successful entries, so that the user has not to logg in again and redirect him automatically to the userarea.php.
In my case any user can see userarea.php
bootstrap.php
ob_start();
if (isset($_SESSION["login"])) {
if ($_SESSION["data"]["time"] >= time()) {
if(isset($_COOKIE["remember_me"])) {
header('Location: ../home/userarea.php');
exit();
}
} else {
header('Location: ../log_reg/login.php');
exit();
}
} else {
//This line here is running my browser into the redirecting error "Page could not be loaded: The called website redirects the request so that it can never be terminated."
#header('Location: ../log_reg/login.php');
#exit();
}
ob_end_flush();
this file should set a cookie if remember_me isset and a session if the user just logged in without checking remember_me
Cookies are allowed to set in my browser so that could't be the problem.
