echo $_SESSION name in value

[alphamoment]

Hello, I'm using a PHP Script that allows users to change their password. however, I'd like it so they can change the password for the account they're logged into only.

Here's my code;

 

<?php if(isset($_SESSION['user'])){?>

<?php

$Return = $_GET['return'];

IF ($Return == 0) {
	echo"Please enter your details into this form and press submit to change your password.<br>";
}
IF ($Return == 1) {
	echo"<font color=red>ERROR: Account information is incorrect!</font><br>";
}
ELSE IF ($Return == 2) {
	echo"<font color=red>ERROR: Length of New Password should be between 5-10 Alphanumeric!</font><br>";
}
ELSE IF ($Return == 3) {
	echo"<font color=green>SUCCESS: Password has been changed!</font><br>";
}
ELSE IF ($Return == 4) {
	echo"<font color=red>ERROR: Blank Information was entered!</font><br>";
}
echo"<table width='300' border='0' cellpadding='0' cellspacing='1'>
<tr>
	<form name='form1' method='post' action='changepass.php'>	
	<td>
		<table width='300' border='0' cellpadding='3' cellspacing='1'>
		<tr>
			<td width='294'><input name='myusername' placeholder='Username' readonly='true' type='text' id='myusername'></td>
		</tr>
		<tr>
			<td width='294'><input name='oldpassword' placeholder='Old Password'  type='password' id='oldpassword'></td>
		</tr>
		<tr>
			<td width='294'><input name='newpassword' placeholder='New Password'  type='password' id='newpassword'></td>
		</tr>
		<tr>
			<br>
			<td><input type='submit' name='Submit' class='btn btn-primary btn-block' value='Change Password'></td>
		</tr>
		</table>
	</td>
	</form>
</tr>
</table>";
?>
</center>
   <?php }else{ ?>

  Sorry, you are <u>not</u> authorized to access this page

	<?php } ?>

Here's things I've tried that dont seem to work;

 

if(isset($_SESSION['user']))
$val = $_SESSION['user'];
else
$val = "";

<input name='myusername' placeholder='Username' value='$val' readonly='true' type='text' id='myusername'>
______________________

<input name='myusername' placeholder='Username' value='echo htmlentities($_SESSION['user']['0']'readonly='true' type='text'  id='myusername'>

I keep getting errors on trying the methods above. Is thereany other approach I could take? Thanks in advance!

[ginerjm]

Are the errors PHP errors or logical errors?

[alphamoment]

For the first example;

Notice: Array to string conversion in /opt/lampp/htdocs/cpass.php on line 161  /// Line 161 = </table>";


Second example;

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in /opt/lampp/htdocs/cpass.php on line 141

And if this helps: <?php print_r($_SESSION); ?> = Array ( [user] => Array ( [0] => alpha [1] => ُHWV ) )
 

[ginerjm]

161 is probably a quote problem above there.

141 you typed something wrong in that line

the last - I haven't seen so can't help

 

btw - don't need to use php tags just because you start a new line.  This kind of coding:

 

<?php if(isset($_SESSION['user'])){?> 
 
<?php 

 

makes absolutely no sense at all.  You have other instances of this silliness as well

 

Plus - if you are not going to make use of the PHP 'heredocs' feature for your html, then at least break it up into logical chunks to make it easier to debug as you are about to do now. 

[alphamoment]

I managed to fix the problem, thank you for the feedback! - I'll post in-case it may help someone else in the future

By removing the heredocs feature;

 

<?php if(isset($_SESSION['user'])){

$Return = $_GET['return'];
// return info
// table info

<input name='myusername' placeholder='Username'  value='<?php echo htmlentities($_SESSION['user']['0'], ENT_QUOTES, 'UTF-8'); ?>' readonly type='text' id='myusername'>