Jump to content

Not saving session data after log in


JadWS
Go to solution Solved by Werezwolf,

Recommended Posts

Hey there im trying to make a log in and register system where when the user log in in the header it shows him a message greeting him with his username and when he is not logged it shows him a message greeting him as a guest. My problem is i suppose that in the header page (member.php page) the sessions are not saved and the user is never logged in. While testing my code . The user after logging in successfully it redirect him to member.php page where it should show him the username and all that. Yet it doesn't. Here are my codes :

 

TO BE NOTICED I DID REMOVE RGE ERROR_REPORTING(0); AND THE OTHER ONE BUT NOTHING HAPPENED. SO NO ERRORS.

 

member.php :

<?php
error_reporting(E_ALL ^ E_NOTICE);
error_reporting(0);
session_start();
$userid = $dbid; 
$username = $dbuser;
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
      <head>

      <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css">

      </head>
<body>

<div id="wrapper">

<!-- Website menu -->

		<div id="menu-bar">
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
		</div>	

<!-- End of Website menu -->
		
<div id="content">

<!-- Website header -->

		<div id="header">
			<h1>Testing header</h1>
			<?php
			 if ($username && $userid) {
			 echo $username; 
			} else {
			echo 'Welcome guest';
			}
			
			?>
		</div>	

<!-- End of Website header -->	

<!-- -----Website content----- -->		
<h2>Log in</h2>

<?php

$form='<form action="login.php" method="POST">
			<table>
				<tr>
					<td>Username :</td>
					<td><input type="text" name="user"></td>
				</tr>
				<tr>
					<td>Password :</td>
					<td><input type="password" name="pass"></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td><input type="submit" name="loginbtn" value="Log in"></td>
				</tr>
			</table>
		</form>';
		
$user = $_POST['user'];
$pass = $_POST['pass'];	

if ($_POST['loginbtn']) {

	if ($user) {
		
		if ($pass) {
			
			require 'core/connect.php';
			
			$query = mysql_query("SELECT * FROM users WHERE username = '$user' ");
			$row = mysql_fetch_assoc($query);
			$passwordFromPost = $_POST['pass'];
			$hashedPasswordFromDB = $row['password'];
			
				if (password_verify($passwordFromPost, $hashedPasswordFromDB)) {
					
					$query = mysql_query("SELECT * FROM users WHERE username = '$user' ");
					$numrows = mysql_num_rows($query);
					if ($numrows == 1) {
						
			$query = mysql_query("SELECT * FROM users WHERE username = '$user' ");
			$row = mysql_fetch_assoc($query);
			$dbactive = $row['active'];
			$dbuser = $row['username'];
						
						
							if ($dbactive == 1) {
								
                            $_SESSION['userid'] = $dbid;
                            $_SESSION['username'] = $dbuser;	
							echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page";
   
								
							} else {
								
							echo '<font color="red">You must activate your account to log in.</font>';
							echo $form;
								
							}
						
					} else {
						
					echo '<font color="red">You entered an invalid username or password.</font>';
					echo $form;
						
					}
					
				} else {
					
				echo '<font color="red">You entered an invalid username or password.</font>';	
				echo $form;
					
				}
			
			mysql_close();
			
		} else {
			
		echo '<font color="red">You must enter your password.</font>';
		echo $form;
			
		}
		
	} else {
		
	echo '<font color="red">You must enter your username.</font>';	
	echo $form;
	
	}
}else{
	
echo $form;	
	
}
 ?>
 
		
		
<p>Testing website content</p>
		
<!-- End of Website content -->		
</div>
		
<!-- Website footer -->	
		
		<div id="footer">
		
		</div>
		
<!-- End of Website footer -->		
	
</div>
	
</body>

</html>


And here is login.php :

<?php
error_reporting(E_ALL ^ E_NOTICE);
error_reporting(0);
session_start();
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
      <head>

      <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css">

      </head>
<body>

<div id="wrapper">

<!-- Website menu -->

        <div id="menu-bar">
            <li><a href="">Testing links</a></li>
            <li><a href="">Testing links</a></li>
            <li><a href="">Testing links</a></li>
            <li><a href="">Testing links</a></li>
            <li><a href="">Testing links</a></li>
            <li><a href="">Testing links</a></li>
        </div>  

<!-- End of Website menu -->

<div id="content">

<!-- Website header -->

        <div id="header">
            <h1>Testing header</h1>
            <?php
             if ($username && $userid) {
             echo $username; 
            } else {
            echo 'Welcome guest';
            }

            ?>
        </div>  

<!-- End of Website header -->  

<!-- -----Website content----- -->      
<h2>Log in</h2>

<?php

$form='<form action="login.php" method="POST">
            <table>
                <tr>
                    <td>Username :</td>
                    <td><input type="text" name="user"></td>
                </tr>
                <tr>
                    <td>Password :</td>
                    <td><input type="password" name="pass"></td>
                </tr>
                <tr>
                    <td></td>
                </tr>
                <tr>
                    <td></td>
                </tr>
                <tr>
                    <td></td>
                </tr>
                <tr>
                    <td></td>
                </tr>
                <tr>
                    <td><input type="submit" name="loginbtn" value="Log in"></td>
                </tr>
            </table>
        </form>';

$user = $_POST['user'];
$pass = $_POST['pass']; 

if ($_POST['loginbtn']) {

    if ($user) {

        if ($pass) {

            require 'core/connect.php';

            $query = mysql_query("SELECT * FROM users WHERE username = '$user' ");
            $row = mysql_fetch_assoc($query);
            $passwordFromPost = $_POST['pass'];
            $hashedPasswordFromDB = $row['password'];

                if (password_verify($passwordFromPost, $hashedPasswordFromDB)) {

                    $query = mysql_query("SELECT * FROM users WHERE username = '$user' ");
                    $numrows = mysql_num_rows($query);
                    if ($numrows == 1) {

            $query = mysql_query("SELECT * FROM users WHERE username = '$user' ");
            $row = mysql_fetch_assoc($query);
            $dbactive = $row['active'];
            $dbuser = $row['username'];


                            if ($dbactive == 1) {

                            $_SESSION['userid'] = $dbid;
                            $_SESSION['username'] = $dbuser;    
                            echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page";


                            } else {

                            echo '<font color="red">You must activate your account to log in.</font>';
                            echo $form;

                            }

                    } else {

                    echo '<font color="red">You entered an invalid username or password.</font>';
                    echo $form;

                    }

                } else {

                echo '<font color="red">You entered an invalid username or password.</font>';   
                echo $form;

                }

            mysql_close();

        } else {

        echo '<font color="red">You must enter your password.</font>';
        echo $form;

        }

    } else {

    echo '<font color="red">You must enter your username.</font>';  
    echo $form;

    }
}else{

echo $form; 

}
 ?>

 <!-- End of Website header --> 

<!-- -----Website content----- -->      

<p>Testing website content</p>

<!-- End of Website content -->     
</div>

<!-- Website footer --> 

        <div id="footer">

        </div>

<!-- End of Website footer -->      

</div>

</body>

</html>

Now i don't think that in login.php there is any problem because i tested the page and every thing works fine even this code :

echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page";

Where it shows him his username yet in member.php nothing happens.

Thanks for reading.

 

Link to comment
Share on other sites

What is the code for members.php? It appears to be the same as login.php? Is this a copy and paste issue?

 

First in login php

$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;

On line 5 & 6 where are the variables $dbid and $dbuser defined? All variables must be defined before using them, PHP does not jump ahead and look for variables further down the code. Using a variable before it is defined will result in a "Notice:  Undefined variable" message being produced and those $_SESSION variables being set to null (empty) values. I would only set these session variables when the user has successfully logs in.

 

When getting the users data from the users table you running three duplicate queries. Why? You have already got the users data returned from the first query there is no need for the other two queries.

 

Before using $user in your query you should be sanitizing it to prevent SQL Injection attacks, you could use mysql_real_escape_string to do this. Or a better approach would be to update your code to use MySQLi or PDO and use prepared queries. Which I recommend as the mysql_ functions are deprecated, which means they are no longer supported and could be removed from future versions of PHP.

 

Where defining the userid session variable after you have confirmed the user has entered the correct username/password you are using an undefined variable $dbid

$_SESSION['userid'] = $dbid; 

I assume this should be set to the user id return from your query if so then use $row['id'] (note: change id to the name of the field that contains the user id in your users table).

Link to comment
Share on other sites

shit sorry ... dint find the edit button .

Here is member.php :

<?php
error_reporting(E_ALL ^ E_NOTICE);
error_reporting(0);
session_start();
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>

<LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css">

</head>
<body>

<div id="wrapper">

<!-- Website menu -->

<div id="menu-bar">
<li><a href="">Testing links</a></li>
<li><a href="">Testing links</a></li>
<li><a href="">Testing links</a></li>
<li><a href="">Testing links</a></li>
<li><a href="">Testing links</a></li>
<li><a href="">Testing links</a></li>
</div> 

<!-- End of Website menu -->

<div id="content">

<!-- Website header -->

<div id="header">
<h1>Testing header</h1>
<?php

if ($username && $userid) {

echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>";

} else {

echo "Please login to access this page. <a href='./login.php'>Login here</a>";

}

?>
</div> 

<!-- End of Website header --> 

<!-- -----Website content----- --> 

<p>Testing website content</p>

<!-- End of Website content --> 
</div>

<!-- Website footer --> 

<div id="footer">

</div>

<!-- End of Website footer --> 

</div>

</body>

</html>

ye a copy/paste mistake ...

Link to comment
Share on other sites

Hey there guys i modified all my files and they are now all in mysqli/PDO as you suggested and ended up like that :

 

Login.php :

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
      <head>

      <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css">

      </head>
<body>

<div id="wrapper">

<!-- Website menu -->

		<div id="menu-bar">
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
		</div>	

<!-- End of Website menu -->
		
<div id="content">

<!-- Website header -->

		<div id="header">
			<h1>Testing header</h1>
			<?php
			 if ($username && $userid) {
			  
			} else {
			echo 'Welcome guest';
			}
			
			?>
		</div>	

<!-- End of Website header -->	

<!-- -----Website content----- -->		
<h2>Log in</h2>

<?php

$form='<form action="login.php" method="POST">
			<table>
				<tr>
					<td>Username :</td>
					<td><input type="text" name="user"></td>
				</tr>
				<tr>
					<td>Password :</td>
					<td><input type="password" name="pass"></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td></td>
				</tr>
				<tr>
					<td><input type="submit" name="loginbtn" value="Log in"></td>
				</tr>
			</table>
		</form>';
		
$user = $_POST['user'];
$pass = $_POST['pass'];	

if ($_POST['loginbtn']) {

	if ($user) {
		
		if ($pass) {
			
			require 'core/connect.php';
			
			$query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' ");
			$row = mysqli_fetch_assoc($query);
			$passwordFromPost = $_POST['pass'];
			$hashedPasswordFromDB = $row['password'];
			
				if (password_verify($passwordFromPost, $hashedPasswordFromDB)) {
					
					$query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' ");
					$numrows = mysqli_num_rows($query);
					if ($numrows == 1) {
						
			$query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' ");
			$row = mysqli_fetch_assoc($query);
			$dbactive = $row['active'];
			$dbuser = $row['username'];
						
						
							if ($dbactive == 1) {
								
                            $_SESSION['userid'] = $dbid;
                            $_SESSION['username'] = $dbuser;	
							echo "You have been logged in as <b>$dbuser</b> <a href='./member.php'>Click here</a> to go back to home page";
   
								
							} else {
								
							echo '<font color="red">You must activate your account to log in.</font>';
							echo $form;
								
							}
						
					} else {
						
					echo '<font color="red">You entered an invalid username or password.</font>';
					echo $form;
						
					}
					
				} else {
					
				echo '<font color="red">You entered an invalid username or password.</font>';	
				echo $form;
					
				}
			
			((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
			
		} else {
			
		echo '<font color="red">You must enter your password.</font>';
		echo $form;
			
		}
		
	} else {
		
	echo '<font color="red">You must enter your username.</font>';	
	echo $form;
	
	}
}else{
	
echo $form;	
	
}
 ?>
 
		
		
<p>Testing website content</p>
		
<!-- End of Website content -->		
</div>
		
<!-- Website footer -->	
		
		<div id="footer">
		
		</div>
		
<!-- End of Website footer -->		
	
</div>
	
</body>

</html>


And member.php :

<?php
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
      <head>

      <LINK REL=StyleSheet HREF="css/styletest.css" TYPE="text/css">

      </head>
<body>

<div id="wrapper">

<!-- Website menu -->

		<div id="menu-bar">
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
			<li><a href="">Testing links</a></li>
		</div>	

<!-- End of Website menu -->
		
<div id="content">

<!-- Website header -->

		<div id="header">
			<h1>Testing header</h1>
      <?php
       if ($username && $userid) {
	
              echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>";
 
       } else {
 
              echo "Please login to access this page. <a href='./login.php'>Login here</a>";
 
       }
 
        ?>
		</div>	

<!-- End of Website header -->	

<!-- -----Website content----- -->		
		
<p>Testing website content</p>
		
<!-- End of Website content -->		
</div>
		
<!-- Website footer -->	
		
		<div id="footer">
		
		</div>
		
<!-- End of Website footer -->		
	
</div>
	
</body>

</html>

With removing error_reporting(0); that i used to use for the mysqli errors no errors are shown and according to php my code is fully working .... so at this point i seriously have no idea what the problem is.

 

Ah sorry im getting the following errors in login.php :

 

Notice: Undefined variable: username in C:\wamp\www\test\login.php on line 37

Notice: Undefined index: user in C:\wamp\www\test\login.php on line 81

Notice: Undefined index: pass in C:\wamp\www\test\login.php on line 82

Notice: Undefined index: loginbtn in C:\wamp\www\test\login.php on line 84

 

Maybe thats the problem ?

Edited by JadWS
Link to comment
Share on other sites

  • Solution

On member.php Your not checking if the values are set or not change

if ($username && $userid) { 

To

if(!isempty($username) && !isempty($userid){
    echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>";
}else{
    echo "Please login to access this page. <a href='./login.php'>Login here</a>";
}

Depending on what you want to check you should look at this site.

https://www.virendrachandak.com/techtalk/php-isset-vs-empty-vs-is_null/

 

On Login.php

if ($_POST['loginbtn']) {

should be

if(isset($_POST['loginbtn'])) {

and are $user and $pass ment to be $_POST['user'] and $_POST['pass]

 

if thats the case you then should be useing

if(isset($_POST['user']) && isset($_POST['pass'])) {
//perform database query
}else{
//user failed to provide username or password
}

Hope it helps you allot :happy-04:

Edited by Werezwolf
Link to comment
Share on other sites

On member.php Your not checking if the values are set or not change

if(!isempty($username) && !isempty($userid){

What is isempty()? Never seen that. Shouldn't it just be "!empty()"? You're also missing a closing parenthesis there after the $userid check.

Link to comment
Share on other sites

Guys guys .. im sorry but it worked ... it was a problem with your code ... look at member.php now :

 

Member.php :

<!-- Website header -->

		<div id="header">
			<h1>Testing header</h1>
      <?php
      
       if (empty($username) && empty($userid) ) {
    
            echo "Please login to access this page. <a href='./login.php'>Login here</a>";
 
       } else {
 
            echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>";     
 
       }
 
        ?>
		</div>	

<!-- End of Website header -->	

The only mistake in your code is that you said :

 

 

On member.php Your not checking if the values are set or not change

if ($username && $userid) {

To

if(!isempty($username) && !isempty($userid){
    echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>";
}else{
    echo "Please login to access this page. <a href='./login.php'>Login here</a>";
}

Depending on what you want to check you should look at this site.

https://www.virendra...pty-vs-is_null/

 

 

While it should be :

      <?php
	  
       if (empty($username) && empty($userid) ) {
	
			echo "Please login to access this page. <a href='./login.php'>Login here</a>";
 
       } else {
 
			echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>";     
 
       }
 
        ?>

THanks all for your help . You can close this thread.

 

Posting the solution in this reply in case any one run into such problem.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.