JadWS Posted February 10, 2015 Share Posted February 10, 2015 Hey there im trying to make a log in and register system where when the user log in in the header it shows him a message greeting him with his username and when he is not logged it shows him a message greeting him as a guest. My problem is i suppose that in the header page (member.php page) the sessions are not saved and the user is never logged in. While testing my code . The user after logging in successfully it redirect him to member.php page where it should show him the username and all that. Yet it doesn't. Here are my codes : TO BE NOTICED I DID REMOVE RGE ERROR_REPORTING(0); AND THE OTHER ONE BUT NOTHING HAPPENED. SO NO ERRORS. member.php : <?php error_reporting(E_ALL ^ E_NOTICE); error_reporting(0); session_start(); $userid = $dbid; $username = $dbuser; $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css"> </head> <body> <div id="wrapper"> <!-- Website menu --> <div id="menu-bar"> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> </div> <!-- End of Website menu --> <div id="content"> <!-- Website header --> <div id="header"> <h1>Testing header</h1> <?php if ($username && $userid) { echo $username; } else { echo 'Welcome guest'; } ?> </div> <!-- End of Website header --> <!-- -----Website content----- --> <h2>Log in</h2> <?php $form='<form action="login.php" method="POST"> <table> <tr> <td>Username :</td> <td><input type="text" name="user"></td> </tr> <tr> <td>Password :</td> <td><input type="password" name="pass"></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td><input type="submit" name="loginbtn" value="Log in"></td> </tr> </table> </form>'; $user = $_POST['user']; $pass = $_POST['pass']; if ($_POST['loginbtn']) { if ($user) { if ($pass) { require 'core/connect.php'; $query = mysql_query("SELECT * FROM users WHERE username = '$user' "); $row = mysql_fetch_assoc($query); $passwordFromPost = $_POST['pass']; $hashedPasswordFromDB = $row['password']; if (password_verify($passwordFromPost, $hashedPasswordFromDB)) { $query = mysql_query("SELECT * FROM users WHERE username = '$user' "); $numrows = mysql_num_rows($query); if ($numrows == 1) { $query = mysql_query("SELECT * FROM users WHERE username = '$user' "); $row = mysql_fetch_assoc($query); $dbactive = $row['active']; $dbuser = $row['username']; if ($dbactive == 1) { $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page"; } else { echo '<font color="red">You must activate your account to log in.</font>'; echo $form; } } else { echo '<font color="red">You entered an invalid username or password.</font>'; echo $form; } } else { echo '<font color="red">You entered an invalid username or password.</font>'; echo $form; } mysql_close(); } else { echo '<font color="red">You must enter your password.</font>'; echo $form; } } else { echo '<font color="red">You must enter your username.</font>'; echo $form; } }else{ echo $form; } ?> <p>Testing website content</p> <!-- End of Website content --> </div> <!-- Website footer --> <div id="footer"> </div> <!-- End of Website footer --> </div> </body> </html> And here is login.php : <?php error_reporting(E_ALL ^ E_NOTICE); error_reporting(0); session_start(); $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css"> </head> <body> <div id="wrapper"> <!-- Website menu --> <div id="menu-bar"> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> </div> <!-- End of Website menu --> <div id="content"> <!-- Website header --> <div id="header"> <h1>Testing header</h1> <?php if ($username && $userid) { echo $username; } else { echo 'Welcome guest'; } ?> </div> <!-- End of Website header --> <!-- -----Website content----- --> <h2>Log in</h2> <?php $form='<form action="login.php" method="POST"> <table> <tr> <td>Username :</td> <td><input type="text" name="user"></td> </tr> <tr> <td>Password :</td> <td><input type="password" name="pass"></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td><input type="submit" name="loginbtn" value="Log in"></td> </tr> </table> </form>'; $user = $_POST['user']; $pass = $_POST['pass']; if ($_POST['loginbtn']) { if ($user) { if ($pass) { require 'core/connect.php'; $query = mysql_query("SELECT * FROM users WHERE username = '$user' "); $row = mysql_fetch_assoc($query); $passwordFromPost = $_POST['pass']; $hashedPasswordFromDB = $row['password']; if (password_verify($passwordFromPost, $hashedPasswordFromDB)) { $query = mysql_query("SELECT * FROM users WHERE username = '$user' "); $numrows = mysql_num_rows($query); if ($numrows == 1) { $query = mysql_query("SELECT * FROM users WHERE username = '$user' "); $row = mysql_fetch_assoc($query); $dbactive = $row['active']; $dbuser = $row['username']; if ($dbactive == 1) { $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page"; } else { echo '<font color="red">You must activate your account to log in.</font>'; echo $form; } } else { echo '<font color="red">You entered an invalid username or password.</font>'; echo $form; } } else { echo '<font color="red">You entered an invalid username or password.</font>'; echo $form; } mysql_close(); } else { echo '<font color="red">You must enter your password.</font>'; echo $form; } } else { echo '<font color="red">You must enter your username.</font>'; echo $form; } }else{ echo $form; } ?> <!-- End of Website header --> <!-- -----Website content----- --> <p>Testing website content</p> <!-- End of Website content --> </div> <!-- Website footer --> <div id="footer"> </div> <!-- End of Website footer --> </div> </body> </html> Now i don't think that in login.php there is any problem because i tested the page and every thing works fine even this code : echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page"; Where it shows him his username yet in member.php nothing happens. Thanks for reading. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted February 10, 2015 Share Posted February 10, 2015 What is the code for members.php? It appears to be the same as login.php? Is this a copy and paste issue? First in login php $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; On line 5 & 6 where are the variables $dbid and $dbuser defined? All variables must be defined before using them, PHP does not jump ahead and look for variables further down the code. Using a variable before it is defined will result in a "Notice: Undefined variable" message being produced and those $_SESSION variables being set to null (empty) values. I would only set these session variables when the user has successfully logs in. When getting the users data from the users table you running three duplicate queries. Why? You have already got the users data returned from the first query there is no need for the other two queries. Before using $user in your query you should be sanitizing it to prevent SQL Injection attacks, you could use mysql_real_escape_string to do this. Or a better approach would be to update your code to use MySQLi or PDO and use prepared queries. Which I recommend as the mysql_ functions are deprecated, which means they are no longer supported and could be removed from future versions of PHP. Where defining the userid session variable after you have confirmed the user has entered the correct username/password you are using an undefined variable $dbid $_SESSION['userid'] = $dbid; I assume this should be set to the user id return from your query if so then use $row['id'] (note: change id to the name of the field that contains the user id in your users table). Quote Link to comment Share on other sites More sharing options...
JadWS Posted February 10, 2015 Author Share Posted February 10, 2015 shit sorry ... dint find the edit button . Here is member.php : <?php error_reporting(E_ALL ^ E_NOTICE); error_reporting(0); session_start(); $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css"> </head> <body> <div id="wrapper"> <!-- Website menu --> <div id="menu-bar"> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> </div> <!-- End of Website menu --> <div id="content"> <!-- Website header --> <div id="header"> <h1>Testing header</h1> <?php if ($username && $userid) { echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>"; } else { echo "Please login to access this page. <a href='./login.php'>Login here</a>"; } ?> </div> <!-- End of Website header --> <!-- -----Website content----- --> <p>Testing website content</p> <!-- End of Website content --> </div> <!-- Website footer --> <div id="footer"> </div> <!-- End of Website footer --> </div> </body> </html> ye a copy/paste mistake ... Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted February 10, 2015 Share Posted February 10, 2015 These two lines will be overwriting your session variables here $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; . Maybe you meant to get the data from the session variables. $userid = $_SESSION['userid']; $username = $_SESSION['username']; Quote Link to comment Share on other sites More sharing options...
JadWS Posted February 10, 2015 Author Share Posted February 10, 2015 (edited) Hey there guys i modified all my files and they are now all in mysqli/PDO as you suggested and ended up like that : Login.php : <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css"> </head> <body> <div id="wrapper"> <!-- Website menu --> <div id="menu-bar"> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> </div> <!-- End of Website menu --> <div id="content"> <!-- Website header --> <div id="header"> <h1>Testing header</h1> <?php if ($username && $userid) { } else { echo 'Welcome guest'; } ?> </div> <!-- End of Website header --> <!-- -----Website content----- --> <h2>Log in</h2> <?php $form='<form action="login.php" method="POST"> <table> <tr> <td>Username :</td> <td><input type="text" name="user"></td> </tr> <tr> <td>Password :</td> <td><input type="password" name="pass"></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td><input type="submit" name="loginbtn" value="Log in"></td> </tr> </table> </form>'; $user = $_POST['user']; $pass = $_POST['pass']; if ($_POST['loginbtn']) { if ($user) { if ($pass) { require 'core/connect.php'; $query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' "); $row = mysqli_fetch_assoc($query); $passwordFromPost = $_POST['pass']; $hashedPasswordFromDB = $row['password']; if (password_verify($passwordFromPost, $hashedPasswordFromDB)) { $query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' "); $numrows = mysqli_num_rows($query); if ($numrows == 1) { $query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' "); $row = mysqli_fetch_assoc($query); $dbactive = $row['active']; $dbuser = $row['username']; if ($dbactive == 1) { $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page"; } else { echo '<font color="red">You must activate your account to log in.</font>'; echo $form; } } else { echo '<font color="red">You entered an invalid username or password.</font>'; echo $form; } } else { echo '<font color="red">You entered an invalid username or password.</font>'; echo $form; } ((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); } else { echo '<font color="red">You must enter your password.</font>'; echo $form; } } else { echo '<font color="red">You must enter your username.</font>'; echo $form; } }else{ echo $form; } ?> <p>Testing website content</p> <!-- End of Website content --> </div> <!-- Website footer --> <div id="footer"> </div> <!-- End of Website footer --> </div> </body> </html> And member.php : <?php session_start(); $userid = $_SESSION['userid']; $username = $_SESSION['username']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css"> </head> <body> <div id="wrapper"> <!-- Website menu --> <div id="menu-bar"> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> <li><a href="">Testing links</a></li> </div> <!-- End of Website menu --> <div id="content"> <!-- Website header --> <div id="header"> <h1>Testing header</h1> <?php if ($username && $userid) { echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>"; } else { echo "Please login to access this page. <a href='./login.php'>Login here</a>"; } ?> </div> <!-- End of Website header --> <!-- -----Website content----- --> <p>Testing website content</p> <!-- End of Website content --> </div> <!-- Website footer --> <div id="footer"> </div> <!-- End of Website footer --> </div> </body> </html> With removing error_reporting(0); that i used to use for the mysqli errors no errors are shown and according to php my code is fully working .... so at this point i seriously have no idea what the problem is. Ah sorry im getting the following errors in login.php : Notice: Undefined variable: username in C:\wamp\www\test\login.php on line 37 Notice: Undefined index: user in C:\wamp\www\test\login.php on line 81 Notice: Undefined index: pass in C:\wamp\www\test\login.php on line 82 Notice: Undefined index: loginbtn in C:\wamp\www\test\login.php on line 84 Maybe thats the problem ? Edited February 10, 2015 by JadWS Quote Link to comment Share on other sites More sharing options...
Solution Werezwolf Posted February 11, 2015 Solution Share Posted February 11, 2015 (edited) On member.php Your not checking if the values are set or not change if ($username && $userid) { To if(!isempty($username) && !isempty($userid){ echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>"; }else{ echo "Please login to access this page. <a href='./login.php'>Login here</a>"; } Depending on what you want to check you should look at this site. https://www.virendrachandak.com/techtalk/php-isset-vs-empty-vs-is_null/ On Login.php if ($_POST['loginbtn']) { should be if(isset($_POST['loginbtn'])) { and are $user and $pass ment to be $_POST['user'] and $_POST['pass] if thats the case you then should be useing if(isset($_POST['user']) && isset($_POST['pass'])) { //perform database query }else{ //user failed to provide username or password } Hope it helps you allot Edited February 11, 2015 by Werezwolf Quote Link to comment Share on other sites More sharing options...
CroNiX Posted February 11, 2015 Share Posted February 11, 2015 On member.php Your not checking if the values are set or not change if(!isempty($username) && !isempty($userid){ What is isempty()? Never seen that. Shouldn't it just be "!empty()"? You're also missing a closing parenthesis there after the $userid check. Quote Link to comment Share on other sites More sharing options...
JadWS Posted February 11, 2015 Author Share Posted February 11, 2015 Thank you for your replies. Wazerwolf your code did not help me because again member.php didnt really save any of the data or sessions and the user is never logged in there :/ but thanks for your help any way. Quote Link to comment Share on other sites More sharing options...
JadWS Posted February 11, 2015 Author Share Posted February 11, 2015 Guys guys .. im sorry but it worked ... it was a problem with your code ... look at member.php now : Member.php : <!-- Website header --> <div id="header"> <h1>Testing header</h1> <?php if (empty($username) && empty($userid) ) { echo "Please login to access this page. <a href='./login.php'>Login here</a>"; } else { echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>"; } ?> </div> <!-- End of Website header --> The only mistake in your code is that you said : On member.php Your not checking if the values are set or not change if ($username && $userid) { To if(!isempty($username) && !isempty($userid){ echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>";}else{ echo "Please login to access this page. <a href='./login.php'>Login here</a>";}Depending on what you want to check you should look at this site. https://www.virendra...pty-vs-is_null/ While it should be : <?php if (empty($username) && empty($userid) ) { echo "Please login to access this page. <a href='./login.php'>Login here</a>"; } else { echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>"; } ?> THanks all for your help . You can close this thread. Posting the solution in this reply in case any one run into such problem. Quote Link to comment Share on other sites More sharing options...
Werezwolf Posted February 11, 2015 Share Posted February 11, 2015 What is isempty()? Never seen that. Shouldn't it just be "!empty()"? You're also missing a closing parenthesis there after the $userid check. That's what i get for not typing in a syntax highlighter and on my phone couldn't fix it up when i got home. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.