I have a page where I run three checks on a form:
1) I select the user id (ID_Collaboratore) from his table when the email corresponds to the variable $ email, if the email does not exist I send out an error message
2) If the email is associated with a registered user then I check the token entered by the user, where if the token has been used (SI), then an error message is issued, otherwise I change that token from NO (not used) to SI (used), making the update and send it to the second page. Now the problem starts here.
What interests me: case: User with existing email, enter tokens that can be used, change the token change from NO to YES, creation of the $ _SESSION ['collab_tkn'];
Because in the page where the user is sent back there will be a check of $ _SESSION, where if the $ _SESSION is equivalent to that of the previous page, it can display the content of the page, otherwise it will be sent to the index page
code:
<?php session_start(); ?>
<?php if(isset($_SESSION["collab_tkn"])){
include('error_reporting.php'); ?>
<!--Inserisci Codice-->
<?php }else{
header("Location: index.php?ut=N");?>
<?php } ?>
code about my php script for the form:
<?php
include('errore_reporting.php');
$messaggio = "";
if (isset($_POST['submit']))
{
include 'connection/cnt.php';
$token = $connessione->real_escape_string($_POST['rec_token']);
$utilizzato = $connessione->real_escape_string($_POST['utilizzato']);
$email = $connessione->real_escape_string($_POST['email']);
$controllo_collab = mysqli_query($connessione,"SELECT ID_Collaboratore FROM collaboratori WHERE email='".$email."'");
$verifica=mysqli_num_rows($controllo_collab);
if($verifica==0)
{
$messaggio = '<div class="alert alert-danger" role="alert">
Attenzione si è tentato di utilizzare un email inesistente.
</div>';
}
else
{
$valori = $controllo_collab->fetch_array();
$_SESSION['collab_tkn'] = $valori['ID_Collaboratore'];
$query = $connessione->query("SELECT utilizzato FROM token_rec_cred WHERE rec_token='$token'");
$data = $query->fetch_array();
$_SESSION['tkn_rec_cred'] = $data['utilizzato'];
if ($_SESSION['tkn_rec_cred'] == 'SI' )
{
$messaggio = '<div class="alert alert-danger" role="alert">
Attenzione si è tentato di utilizzare un Token già usato.
</div>';
}
if ($_SESSION['tkn_rec_cred'] == 'NO' )
{
$connessione->query("UPDATE token_rec_cred SET utilizzato='$utilizzato' WHERE rec_token='$token'");
header('Location: rec_cred.php?tokn=Y');
}
}
}
if ($messaggio != "") echo $messaggio;
?>
at present the problem is in this piece of code between the query and the initialization of the $ _SESSION, that is:
$controllo_collab = mysqli_query($connessione,"SELECT ID_Collaboratore FROM collaboratori WHERE email='".$email."'");
$verifica=mysqli_num_rows($controllo_collab);
and
$valori = $controllo_collab->fetch_array();
$_SESSION['collab_tkn'] = $valori['ID_Collaboratore'];
even if initialized when the user is redirected to the second page, it always gives me a fake and sends it back to me in index, why?
I hope I get the problem correctly. When your second snipped is the index.php, then you have to call session_start() again.
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. Source
So you have to call session_start() on every call to resume the session.
include('errore_reporting.php');
session_start(); // Important!
$messaggio = "";
if (isset($_POST['submit']))
// ... The rest of your code