when I type a code to return me the username at the top to confirm what user is logged in, I get no user/username
this is profile.php
<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
sec_session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Profile</title>
<link rel="stylesheet" type="text/css" href="styles/main.css">
<script src="js/valida_cpf_cnpj.js"></script>
</head>
<body>
<div class="main">
<header></header>
<p class="div_evento"> Hello, <?php echo htmlentities($_SESSION['username']); ?>!</p>
<div class="content">
<?php if (login_check($mysqli) == true) : ?>
<form action="reg_profiles.php" method="post" class="registration" enctype="multipart/form-data">
<legend>Complete seu cadastro</legend>
<fieldset>
<label>Nome</label><br/>
<input type="text" name="nome" required /><br/>
<label>Sobrenome</label><br/>
<input type="text" name="sobrenome" required /><br/>
<label>Telefone</label><br/>
<input type="text" name="telefone" required /><br/>
<label>Celular/Whatsapp</label><br/>
<input type="text" name="cel_wts" required /><br/>
<label>Rua</label><br/>
<input type="text" name="rua" required /><br/>
<label>Número</label><br/>
<input type="text" name="numero" required /><br/>
<label>Bairro</label><br/>
<input type="text" name="bairro" required /><br/>
<label>Cidade</label><br/>
<input type="text" name="cidade" required /><br/>
<label>Estado</label><br/>
<input type="text" name="estado" required /><br/>
<label>País</label><br/>
<input type="text" name="pais" required /><br/>
<label>CPF/CNPJ</label><br/>
<input type="text" name="cpf_cnpj" onkeypress='mascaraMutuario(this,cpfCnpj)' onblur='clearTimeout()' required /><br/>
<label>Casa de Eventos</label><br/>
<input type="text" name="casa" required /><br/>
<label>Cargo Administrativo</label><br/>
<input type="text" name="cargo" /><br/>
<input type="submit" name="Enviar" value="Enviar" class="registerBtn" />
</fieldset>
</form>
</div> <!--end content-->
<?php else : ?>
<p>
<span class="error">You don´t have permission to see this page.</span> Please <a href="index.php">login</a>.
</p>
<?php endif; ?>
<footer class="footer" id="footer">
<span class="copyright">©Copyright 2015</span>
<span class="linkHD">
<a href="http://www.habitodigital.com" title="Hábito Digital" target="_blank">www.habitodigital.com</a>
</span>
</footer>
</div> <!--end main-->
</body>
</html>
functions.php
<?php
include_once 'psl-config.php';
function sec_session_start() {
$session_name = 'sec_session_id';
$secure = false;
// stops JavaScript access.
$httponly = true;
// force cookies
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start(); // init session
session_regenerate_id(); // recover session
}
function login($email, $password, $mysqli) {
if ($stmt = $mysqli->prepare("SELECT id, username, password, salt
FROM members
WHERE email = ?
LIMIT 1")) {
$stmt->bind_param('s', $email); // Relaciona "$email" ao parâmetro.
$stmt->execute(); // Executa a tarefa estabelecida.
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $salt);
$stmt->fetch();
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
if (checkbrute($user_id, $mysqli) == true) {
return false;
} else {
if ($db_password == $password) {
// correct passwrd
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/",
"",
$username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512',
$password . $user_browser);
// login success
return true;
} else {
// wrong passw
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time)
VALUES ('$user_id', '$now')");
return false;
}
}
} else {
// user does not exist
return false;
}
}
}
function checkbrute($user_id, $mysqli) {
$now = time();
$valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $mysqli->prepare("SELECT time
FROM login_attempts <code><pre>
WHERE user_id = ?
AND time > '$valid_attempts'")) {
$stmt->bind_param('i', $user_id);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 5) {
return true;
} else {
return false;
}
}
}
function login_check($mysqli) {
if (isset($_SESSION['user_id'],
$_SESSION['username'],
$_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT'];
if ($stmt = $mysqli->prepare("SELECT password
FROM members
WHERE id = ? LIMIT 1")) {
// Atribui "$user_id" ao parâmetro.
$stmt->bind_param('i', $user_id);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if ($stmt->num_rows == 1) {
$stmt->bind_result($password);
$stmt->fetch();
$login_check = hash('sha512', $password . $user_browser);
if ($login_check == $login_string) {
// loggin success
return true;
} else {
// loggin failed
return false;
}
} else {
// loggin failed
return false;
}
} else {
// loggin failed
return false;
}
} else {
// loggin failed
return false;
}
}
function esc_url($url) {
if ('' == $url) {
return $url;
}
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = (string) $url;
$count = 1;
while ($count) {
$url = str_replace($strip, '', $url, $count);
}
$url = str_replace(';//', '://', $url);
$url = htmlentities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
if ($url[0] !== '/') {
return '';
} else {
return $url;
}
}
?>