Jump to content

Setting Session Variables


Go to solution Solved by LeJack,

Recommended Posts

I have created a test account in my database with a user level of -1 and i think my code might be wrong but i am hoping someone can spot where i have gone wrong as i cannot, also a similar problem with another session variable loggedIn this is what i get when i login this is on the index page.

Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11

Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17
You must be logged in to view this page!

Index page source code: 

<?php

session_start();

error_reporting(E_ALL | E_NOTICE);

ini_set('display_errors', '1');

require 'connect.php';

if($_SESSION['loggedIn'] == 1) {

	//Do Nothing

	exit();
	
} else if($_SESSION['loggedIn'] != 1) {

	echo "You must be logged in to view this page!";

	exit();
}

if($_SESSION['user_level'] == -1) {

	header("Location: banned.php");

} if(isset($_SESSION['username'])) {

	echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> ";

}

?>

Also if you need my login source code: 

<?php
error_reporting(E_ALL | E_NOTICE);

require 'connect.php';

session_start();

if (isset($_POST['submit'])) {
   
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
   
    if (empty($username)) {
       
        echo "You did not enter a username, Redirecting...";
       
        echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
       
        exit();
       
    }
   
    if (empty($password)) {
       
        echo "You did not enter a password, Redirecting...";
       
        echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
       
        exit();
       
    } 
   
    //Prevent hackers from using SQL Injection to hack into Database
    $username = mysqli_real_escape_string($con, $_POST['username']);
    $password = mysqli_real_escape_string($con, $_POST['password']);

	$result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");

	$row = $result->fetch_array();

	$user_level = $row['user_level'];


// check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed
if($result->num_rows > 0)
{

//Set default user
	$_SESSION['loggedIn'] == 1;
	$_SESSION['user_level'] == 1;
	$_SESSION['username'] == trim($_POST['username']);
	header("Location: index.php");
	exit();	
} else if($row['user_level'] == 1) {

		$_SESSION['user_level'] == 1;

		//Location admin 
		header("Location: admin.php");

		exit();

	} else if($row['user_level'] == -1) {

		$_SESSION['user_level'] == -1;

		$_SESSION['username'] == trim($_POST['username']);

		//Location banned
		header("Location: banned.php");

		exit();
	} else if($_SESSION['loggedIn'] == true) {

		//Location default user home page
		header("index.php");
	} else {

		echo "Invalid Username/Password";
	}


  //Kill unwanted session
} if(isset($_POST['killsession'])) {

	session_destroy();
	echo "<br> <br> The Session Destroyed. (Basically means you have been logged out)";
	exit();

	}

?>

I appreciate all help :)

Link to comment
https://forums.phpfreaks.com/topic/292834-setting-session-variables/
Share on other sites

It still says on my index page i am not logged in and i still get this on my index page

Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11

Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17
You must be logged in to view this page!

Here's what i have changed in my login source code: (i will highlight what i have changed).

if($result->num_rows > 0)
{

//Set default user
	$_SESSION['loggedIn'];
	$_SESSION['user_level'];
	$_SESSION['username'] == trim($_POST['username']);
	header("Location: index.php");
	exit();	
} else if($row['user_level'] == 1) {

		$_SESSION['user_level'] == 1;

		//Location admin 
		header("Location: admin.php");

		exit();

	} else if($row['user_level'] == -1) {

		$_SESSION['user_level'] == -1;

		$_SESSION['username'] == trim($_POST['username']);

		//Location banned
		header("Location: banned.php");

		exit();
	} else if($_SESSION['loggedIn']) {

		//Location default user home page
		header("index.php");

	} else if(!$_SESSION['loggedIn']) {

		//Do Nothing

	} else {

		echo "Invalid Username/Password";
	}

and here's what i have changed in my index source code: 

if($_SESSION['loggedIn']) {

	//Do Nothing

	exit();

} else if(!$_SESSION['loggedIn']) {

	echo "You must be logged in to view this page!";

	exit();
}

Although this has not changed anything, i have probably not done it correctly as i am unsure.

Edited by Tom8001
  • Solution

You need to check if the session is set first. If it isn't, then show the custom error page. It looks like you're just trying to put the question mark before the session. That's not going to work.

 

SAMPLE:

if(isset($_SESSION['sample_session'])) {
     echo "Session cookie is set";
} else {
     echo "Session cookie needs to be set first";
}

Or you can do it the other way around.

if(!isset($_SESSION['sample_session'])) {
    echo "Session cookie needs to be set first";
} else {
     echo "Session cookie is set"; 
}
Edited by LeJack

$_SESSION is like any other variable. If you try to access it (or an index within it) without it existing, you will get an error.

if ($_SESSION['something'])

assumes 'something' already exists in session, which it doesn't at the point where you are trying to access it or you wouldn't be getting an error.

 

So, you need to check if the variable isset() before trying to just blindly use it in a comparison statement - if()

if (isset($_SESSION['something']) && $_SESSION['something'] == some_value)

In my login page i have set the values to the session variables, but yet when i go to the index page it says i'm not logged in when i am.

 

Not sure if anyone can spot an error in my code that i cannot

 

Login.php: 

<?php

error_reporting(E_ALL | E_NOTICE);

require 'connect.php';

if(isset($_POST['submit'])) { 

$username = trim($_POST['username']);
$password = trim($_POST['password']);

if(empty(trim($_POST['username']))) {

	echo "<br> <font color='red'> <h3>You did not enter a Username ! </h3> </font>";
} if(empty(trim($_POST['password']))) {

	echo "<br> <font color='red'> <h3>You did not enter a Password ! </h3> </font>";
}

$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);

$query = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");
$row = $query->fetch_array();
$user_level = $row['user_level'];
$active = $row['active'];

if($query->num_rows > 0) {

 	if($row['active'] == 1) {


   if($row['user_level'] == 1) {

	$_SESSION['user_level'] = 1;
	$_SESSION['active'] = 1;
	$_SESSION['loggedIn'] = 1;
	header("Location: admin.php");

	exit();

	}

	$_SESSION['user_level'] = 0;
	$_SESSION['active'] = 1;
	$_SESSION['loggedIn'] = 1;
	header("Location: index.php");

	exit();
	} else {

		echo "<br> <font color='red'> <h3>Username or Password is incorrect! </h3> </font>";
	}

	} if($row['active'] !== 1) {

		header("Location: banned.php");
		$_SESSION['loggedIn'] = 0;
	}

}


?>

Index.php: 

<?php

require 'connect.php';

if($_SESSION['loggedIn'] == 1) {

	//Do Nothing

} else if($_SESSION['loggedIn'] !== 1) {

	echo "<br> Your not logged in!, please login to view this page. <br>";
	echo "Accounts can only be created by the administrator. <br>";
	echo "<input type='submit' name='login' value='Go to login' onClick='gotologin()'>";


}

?>
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.