i'm having a problem with my sessions, i have a functionality in my application wich requires two different type of users logging in, one is the Admin, with that means he can do everything possible within the application, and other is the Editor, and he can only do a couple of things in it.
My problem is that the sessions seem to be overlaping one another, i login in the admin and the session info is the one from the Editor.
Heres my login from the Admin:
<!---Login PHP--->
<?php
if( isset($_POST['btn-login']) ) {
$email = $_POST['email'];
$senha = $_POST['senha'];
$Error = false;
if (empty($email)) {
$Error= true;
$error = "Preencha o email.";
}
if (empty($senha)) {
$Error = true;
$error2 = "Preencha a senha.";
}
if($email) {
$sql = "SELECT email FROM admin WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
//echo "Email - ".$cout;
}
if($senha) {
$sql = "SELECT senha FROM admin WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
if($cout == 1) {
//echo "<br>Password - ".$cout;
$hashed = $stmt->fetch(PDO::FETCH_ASSOC);
//echo "<br>Password HASHED - ".$hashed['senha'];
$hashed_pass = $hashed['senha'];
}
}
if (!empty($email) && !empty($senha) && filter_var($email,FILTER_VALIDATE_EMAIL) && password_verify($senha,$hashed_pass) && !$Error) {
$sql = "SELECT email, senha FROM admin WHERE email ='$email' AND senha = '$hashed_pass'";
$query = $conn->prepare($sql);
$query->execute();
$count = $query->rowCount();
if($count == 1){
session_start();
$_SESSION['email'] = $email;
$_SESSION['senha'] = $crypt;
header("Location: home.php");
exit;
}
else {
$error = "Erro: password ou email errados";
}
}
}
?>
Heres my Editor login:
<?php
/*EDITOR*/
if( isset($_POST['btn-login2']) ) {
$email = $_POST['email'];
$senha = $_POST['senha'];
if (empty($email)) {
echo "Preencha o email";
}
if (empty($senha)) {
echo "Preencha a senha";
}
if($email) {
$sql = "SELECT email FROM editor WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
//echo "Email - ".$cout;
}
if($senha) {
$sql = "SELECT senha FROM editor WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
if($cout == 1) {
//echo "<br>Password - ".$cout;
$hashed = $stmt->fetch(PDO::FETCH_ASSOC);
//echo "<br>Password HASHED - ".$hashed['senha'];
$hashed_pass = $hashed['senha'];
}
}
if (!empty($email) && !empty($senha) && filter_var($email,FILTER_VALIDATE_EMAIL) && password_verify($senha,$hashed_pass)) {
$sql = "SELECT email, senha FROM editor WHERE email ='$email' AND senha = '$hashed_pass'";
$query = $conn->prepare($sql);
$query->execute();
$count = $query->rowCount();
if($count == 1){
session_start();
// criar sessão com o email recebido por post e mandar o utilizador para a página home
$_SESSION['email_e'] = $email;
$_SESSION['senha_e'] = $senha;
header("Location: home.php");
exit;
}
else {
echo "Erro: password ou email errados";
}
}
}
?>
And here is the Sessions file:
<?php
ob_start();
session_start();
// if session is not set this will redirect to login page
if( !isset($_SESSION['email']) && !isset($_SESSION['senha'])) {
header("Location: admin.php");
exit;
}
// ADMIN SESSIONS
if(isset($_SESSION['email'])){
//echo "entrei";
// select loggedin users detail
$res = "SELECT * FROM admin WHERE email='".$_SESSION['email']."'";
$stmt = $conn->prepare($res);
//echo "<br>SQL - > ".$res;
$stmt ->execute();
$count = $stmt ->rowCount();
if ( $count == 1 ) {
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
}
}
//EDITOR SESSIONS
if(isset($_SESSION['email_e'])) {
//echo "<br>Entrei2";
$sql = "SELECT * FROM editor WHERE email = '".$_SESSION['email_e']."'";
//echo "<br>SQL - > ".$sql;
$stmt = $conn->prepare($sql);
$stmt->execute();
$count = $stmt->rowCount();
if($count == 1) {
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
}
//echo "<br>Contagem - ".$count;
} else {
echo "<br>Sem Sucesso";
}
?>
And when i was trying to fix this problem i though it might be because i didn't destroy the sessions, but still no fix with that, i'm probably doing something wrong here i believe.
Logout file:
<?php
session_start();
ob_start();
if (!isset($_SESSION['email']) || !isset($_SESSION['email_e'])) {
header("Location: index.php");
exit();
} else if(isset($_SESSION['email'])!="") {
header("Location: index.php");
exit();
}
//ADMIN LOGOUT
if (isset($_GET['logout'])) {
unset($_SESSION['email']);
unset($_SESSION['email_e']);
session_unset();
session_destroy();
header("Location: error.php");
exit;
}
ob_end_flush();
?>
Thanks in advance to anyone who anwsers.
It seems weird to me that you are handling the 2 types of users by creating 2 different session variables. What I believe that is happening is that somehow one of the variables does not get unset, and thus resulting in your problem.
It would be much more simple and elegant to use the same variable ( $_SESSION['email'] ) and then display whatever content you want based on the user type.
Think that you want, at some point, to add a new user type: you would have to edit all the code that handles the login and logout, which is not normal.
Try to only create one login page, for both admins and editors, and get their user type from the database based on their email.
Related
Please, help me look at this code for login, I want to verify if input password matches stored harsh password. This does not work. If i comment out If (password_verify..., i will be able to login otherwise, it wont login. i dont know where i got the code wrong and it doesnt want to verify password before login
if (isset($_POST['agentlogin-btn'])) {
$username= $_POST['username'];
$password = $_POST['password'];
function Is_email($user)
{
//If the username input string is an e-mail, return true
if (filter_var($user, FILTER_VALIDATE_EMAIL)) {
return true;
} else {
return false;
}
}
//validation
if (strlen($_POST['username']) < 1) {
$_SESSION['error'] = 'email or phone number required';
header("Location:register.php");
return;
}
if (strlen($_POST['password']) < 1) {
$_SESSION['error'] = 'password required';
header("Location:register.php");
return;
}
if (!isset($_SESSION['error'])) {
$check_email = Is_email($username);
if ($check_email) {
$sql = "SELECT * FROM agent WHERE Email= :email LIMIT 1";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
':email' => $_POST['username'],
));
} else {
$sql = "SELECT * FROM agent WHERE Phone_number= :phonenumber LIMIT 1";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
':phonenumber' => $_POST['username'],
));
}
if ($stmt->execute()) {
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$user = $result;
if (password_verify($password], $user['Password'])) {
//login success
$stmt->close();
$_SESSION['id'] = $user['User_id'];
$_SESSION['agentid'] = $user['agent_id'];
$_SESSION['firstname'] = $user['First_name'];
$_SESSION['Surname'] = $user['Surname'];
$_SESSION['phonenumber'] = $user['Phone_number'];
$_SESSION['email'] = $user['Email'];
$_SESSION['verified'] = $user['verified'];
// set flash message
$_SESSION['success'] = "You are now logged in! Continue with your upload";
header('location: profilepage.php');
return;
} else {
$_SESSION['errors'] = "Wrong username/password";
header('Location: register.php');
return;
}
}
}
}
instead of writing $stmt->execute() two times, store the result in a variable, and at second place use that variable.
I made a login form. The form works and after the user inputs the right email and password, access is granted. There is an issue.
I use a foreach loop to test all results (should be one account).
foreach ($result as $outp) {
$role = $outp->role;
$name= $outp->name;
$surname= $outp->surname;
$_SESSION["name"] = $name;
$_SESSION["surname"] = $surname;
$_SESSION["role"] = $role;
if($_SESSION["role"] == 'Admin') {
header("location:index.php");
} else
if($_SESSION["role"] == 'User') {
header("location:../index.php");
} else {
header("location:login.php");
}
}
This code is supposed to check for the account role, and determine which page it can go to.
The issue is that everything inside of the foreach loop does not get executed.
Here you see the full code including the foreach loop (only php):
if(isset($_POST["login"]))
{
if(empty($_POST["email"]) || empty($_POST["password"]))
{
$message = '<label>Some fields are still empty</label>';
}
else
{
$query = "SELECT * FROM account WHERE email = :email AND password= :password";
$statement = $con->prepare($query);
$statement->execute(
array(
'email' => htmlspecialchars($_POST["email"]),
'password' => htmlspecialchars($_POST["password"])
)
);
$count = $statement->rowCount();
if($count > 0)
{
$_SESSION["email"] = $_POST["password"];
$username = $_SESSION["email"];
$query = "SELECT role, name, surname FROM account WHERE email = :email";
$stm = $con->prepare($query);
$stm->bindParam(':email', $email, PDO::PARAM_STR, 20);
$stm->execute();
$result = $stm->fetchAll(PDO::FETCH_OBJ);
foreach ($result as $pers) {
$rol = $pers->rol;
$voornaam = $pers->voornaam;
$achternaam = $pers->achternaam;
$_SESSION["voornaam"] = $voornaam;
$_SESSION["achternaam"] = $achternaam;
$_SESSION["rol"] = $rol;
if($_SESSION["rol"] == 'Admin') {
header("location:index.php");
} else
if($_SESSION["rol"] == 'Gebruiker') {
header("location:../index.php");
} else {
header("location:login.php");
}
}
}
else
{
$message = '<label>Wrong input</label>';
}
}
}
$email is used in SQL but no where declared or assigned.
if($count > 0)
{
$_SESSION["email"] = $_POST["email"];
$email = $_SESSION["email"];
$query = "SELECT role, name, surname FROM account WHERE email = :email";
$stm = $con->prepare($query);
$stm->bindParam(':email', $email, PDO::PARAM_STR, 20);
$stm->execute();
$result = $stm->fetchAll(PDO::FETCH_OBJ);
foreach ($result as $pers) {
$rol = $pers->rol;
$voornaam = $pers->voornaam;
$achternaam = $pers->achternaam;
$_SESSION["voornaam"] = $voornaam;
$_SESSION["achternaam"] = $achternaam;
$_SESSION["rol"] = $rol;
if($_SESSION["rol"] == 'Admin') {
header("location:index.php");
} else
if($_SESSION["rol"] == 'Gebruiker') {
header("location:../index.php");
} else {
header("location:login.php");
}
}
}
else
{
$message = '<label>Wrong input</label>';
}
}
Something wrong here in your code.. why assign posted password value to email?
$_SESSION["email"] = $_POST["password"];
$username = $_SESSION["email"];
I'm creating a project for a contest at my school.I've done the register part correctly.When it comes to the login part,I can't get it right.I tried looking the problem up on many other sites but can't find it.The functions returns false even when I type the password into the function.
I tried hashing ,with password_BCRYPT,the password that I get from $_POST['password'] and then comparing to the password in the database with hash_equals() but it didn't work
This is the login.php
EDIT: I forgot to add the register.php and the file_db.php.Sorry!
<?php
require "file_db.php";
$email= $mysqli->escape_string($_POST['email']);
echo $_POST['email'];
$result= $mysqli->query("SELECT *FROM users WHERE email='$email'");
if($result->num_rows == 0) {
$SESSION['message']="Nu exista niciun utilizator cu acel email";
header("location:error.php");
} else {
$user=$result->fetch_assoc();
$hash=substr($user['password'],0,60);
if(password_verify($_POST['password'],$hash)) {
$_SESSION['email']=$user['email'];
$_SESSION['firstname']=$user['firstname'];
$_SESSION['lastname']=$user['lastname'];
$_SESSION['active']=$user['active'];
$_SESSION['loggedin']=true;
echo $_SESSION['loggedin'];
echo 1;
} else{
$_SESSION['message']="Ai introdus o parola gresita!";
}
}
?>
<?php
require "file_db.php";
$firstname = $mysqli->escape_string($_POST['firstname']);
$lastname = $mysqli->escape_string($_POST['lastname']);
$email = $mysqli->escape_string($_POST['email']);
$password =$mysqli->escape_string(password_hash($_POST['password'],PASSWORD_BCRYPT));
$hash = $mysqli->escape_string(md5(rand(0,1000) ) );
$_SESSION['email']=$_POST['email'];
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$result = $mysqli->query("SELECT * FROM users WHERE email ='$email' ") or die($mysqli->error());
if($result->num_rows > 0)
{
$_SESSION['message']='Exista un utilizator cu acest email deja!';
header("location:error.php");
}
else{
$sql="INSERT INTO users (firstname,lastname,email,password,hash)".
"VALUES('$firstname','$lastname','$email','$password','$hash')";
if( $mysqli->query($sql) )
{
$_SESSION['active']=0;
$_SESSION['message']="Link de confirmare a fost trimis la $email, te rugam sa iti verifici contul accesand link-ul trimis in email!";
$to = $email;
$subject='Account Verification';
$messageb='
Salut'.$firstname.',
Multumim pentru ca te-ai inscris!
Apasa pe acest link pentru a-ti activa contul:
https://localhost/aWEBDEVFII/verify.php?email='.$email.'&hash'.$hash;
mail($to, $subject, $messageb);
header("location:success.php");
}
else{
$_SESSION['message']='Inregistrarea a intampinat o eroare!';
header("location: error.php");
}
}
?>
``````
<?php
session_start();
$host='localhost';
$user='root';
$pass='';
$db='filesdb';
$mysqli= new mysqli($host,$user,$pass,$db) or die($mysqli->error);
?>
First why are you applying substr() function to hashed password
The substr() function is used to cut a part of a string from a string, starting at a specified position etc.
If you want to check the length of password entered, you should use strlen()
and then return a message to user if password length execeeds 60
if (strlen($password)<60) {
echo "less than 60";
}
else
if (strlen($password)>40) {
echo "more than 60";
}
else {
echo "exactly 60";
}
To be able to use password_verify() you should be able to first hashed the users password during signup
via password_hash() function. Eg.
$password ='nancymore12344444';
$options = array("cost"=>4);
$hashPassword = password_hash($password,PASSWORD_BCRYPT,$options);
Again they will be an issue in your login script because I did not see were you initialize session via session_start()
Try code below while ensuring that database credentials and all table column are put in place. you will be fine
so your signup php will look something like
<?php
//require "file_db.php";
$conn = mysqli_connect("localhost","root","","demo");
if(!$conn){
die("Connection error: " . mysqli_connect_error());
}
if(isset($_POST['submit'])){
$firstName = mysqli_real_escape_string($conn,$_POST['first_name']);
$surName = mysqli_real_escape_string($conn,$_POST['surname']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
$options = array("cost"=>4);
$hashPassword = password_hash($password,PASSWORD_BCRYPT,$options);
$sql = "insert into users (first_name, last_name,email, password) value('".$firstName."', '".$surName."', '".$email."','".$hashPassword."')";
$result = mysqli_query($conn, $sql);
if($result)
{
echo "Registration successfully";
}
}
?>
your login
<?php
//require "file_db.php";
$conn = mysqli_connect("localhost","root","","demo");
if(!$conn){
die("Connection error: " . mysqli_connect_error());
}
if(isset($_POST['submit'])){
$email = mysqli_real_escape_string($conn,$_POST['email']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
$sql = "select * from users where email = '".$email."'";
$rs = mysqli_query($conn,$sql);
$numRows = mysqli_num_rows($rs);
if($numRows == 1){
$row = mysqli_fetch_assoc($rs);
if(password_verify($password,$row['password'])){
echo "Password verified and ok";
// initialize session if things where ok.
session_start();
session_regenerate_id();
$_SESSION['surname'] = $row['surname'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['email'] = $row['email'];
// take me to welcome.php page
header('Location: welcome.php');
}
else{
echo "Wrong Password details";
}
}
else{
echo "User does not exist";
}
}
?>
So I am trying to create a simple login structure, and im not sure why it does not work, I appreciate there are many examples on here, and please do not mark this for duplication, I just really need some help I have tried and tried but I can not see what I have done wrong.
<?php
session_start();
include 'databaseconnection.php';
$email = strip_tags($_POST['email']);
$pwd = strip_tags($_POST['pwd']);
$sql = "SELECT * FROM user WHERE email='$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd'];
$hash = password_verify($pwd, $hash_pwd);
if ($hash == 0) {
header("Location: error.php")
exit();
} else {
$sql = "SELECT * FROM user WHERE email='$uid' AND pwd ='$hash_pwd'";
$result = mysqli_query($conn, $sql);
if (!row = mysqli_fetch_assoc($result)); {
echo "your email address or password is incorrect!";
} else {
$_SESSION['id'] = $row['id'];
}
header("Location: profile.php")
If someone could simply suggest what changes I should make, I would really appreciate it.
There you go simple code
<?php
session_start();
include 'databaseconnection.php';
$email = $_POST['email'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE email = '$email'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd']; // password from database
// if password is valid start session and redirect to profile.php
if (password_verify($pwd, $hash_pwd))
{
$_SESSION['id'] = $row['id'];
header('Location: profile.php');
}
else
{
header("Location: error.php")
exit();
}
?>
You have not closed the "} else {"... section.
First check request second filter input third use pdo
<?php
session_start();
include 'databaseconnection.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$email = filter_input(INPUT_POST, 'email',FILTER_VALIDATE_EMAILL); //filter input
$pwd = filter_input(INPUT_POST, 'pwd',FILTER_SANITIZE_STRING,FILTER_FLAG_STRIP_HIGH); //filter input
$hashed = sha1($pwd);
$sql= $conn->prepare( "SELECT * FROM user WHERE email ? AND password = ?"); //use pdo here
$sql->execute(array($email, $pwd));
$row = $sql->fetch();
if($row['email'] !== $email || $row['password'] !== $hashed){
header("Location: error.php");
exit();
} else {
$_SESSION['id'] = $row['id'];
header("Location: profile.php");
}
}else {
echo 'error';
}
?>
I have realized why i can't actually access userdata (after i am logged) old way to find the username is $_SESSION['username']; (assuming there is a row as 'username' in MySQL database)
So as i have a test account as "good25" (reason to choose numbers was to see if Alphanumeric inputs works fine.. its just checkup by me.. nevermind)
Problem :
assuming, i have rows in a table as 'username' and all of his information.. such as 'password', 'email', 'joindate', 'type' ...
On net i found out how to snatch out username from Session
<?php session_start(); $_SESSION('username'); ?>
successful!!
i had an idea to check if session is actually registering or no??
after a log on start.php i used this code
if(isset($_SESSION['username'])) { print_r($_SESSION['username']); }
the result was "1" (while i logged in using this username "good25")
any suggestions?
index.php (lets say, index.php just holds registration + Login form + registration script.. in login form, action='condb.php')
<?php
require 'condb.php';
if (isset($_POST['btn-signup']))
{
//FetchInputs
$usern = mysqli_real_escape_string($connection,$_POST['username']);
$email = mysqli_real_escape_string($connection,$_POST['email']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$repassword = mysqli_real_escape_string($connection,$_POST['repassword']);
$usern = trim($usern);
$email = trim($email);
$password = trim($password);
$repassword = trim($repassword);
//SearchUser
$searchusr = "SELECT username FROM $user_table WHERE username='$usern'";
$usersearched = mysqli_query($connection, $searchusr);
$countuser = mysqli_num_rows($usersearched);
//SearchEmail
$searcheml = "SELECT email FROM $user_table WHERE email='$email'";
$emlsearched = mysqli_query($connection, $searcheml);
$counteml = mysqli_num_rows($emlsearched);
//RegisteringUser
if ($countuser == 0)
{
if ($counteml == 0)
{
$ctime = time();
$cday = date("Y-m-d",$ctime);
$aCode = uniqid();
$adduser = "INSERT INTO $user_table(username, email, password, realname, activationcode, verified, joindate, type, points) VALUES ('$usern','$email','$password','$name','$aCode','n','$cday','Free',$signPoints)";
if (mysqli_query($connection, $adduser))
{
?><script>alert('You have been registered');</script><?php
}
else {
?><script>alert('Couldnt Register, please contact Admin<br><?mysqli_error($connection);?>');</script><?php
}
} else {
?><script>alert('Email already exists!');</script><?php
}
} else {
?><script>alert('Username already exists!');</script><?php
}
}
?>
condb.php
$connection = mysqli_connect($db_server, $db_user, $db_pass);
mysqli_select_db($connection, $db_name);
if(!$connection) {
die ("Connection Failed: " . mysqli_connect_error);
}
if (isset($_POST['btn-login']))
{
$uname = mysqli_real_escape_string($connection,$_POST['uname']);
$upass = mysqli_real_escape_string($connection,$_POST['upass']);
//FindUser
$finduser = "SELECT * FROM $user_table WHERE username='$uname' AND password='$upass'";
$findinguser = mysqli_query($connection,$finduser);
$founduser = mysqli_num_rows($findinguser);
//ConfirmPassword
if ($founduser > 0)
{
session_start();
$_SESSION['username'] = $username;
$_SESSION['username'] = true;
if ($findinguser != false)
{
while ($fetchD = mysqli_fetch_array($findinguser, MYSQLI_ASSOC))
{
$fetchD['username'] = $usernn;
$fetchD['email'] = $email;
$fetchD['userid'] = $uid;
$fetchD['realname'] = $rlnm;
$fetchD['points'] = $pts;
$fetchD['type'] = $membertype ;
}
header("Location: start.php");
} else {
echo mysqli_error();
}
} else {
header("Location: index.php");
?><script>alert('Wrong details, please fill in correct password and email');</script><?php
}
}
I am not asking you to build a script.. just little help please? (Thank you so so so so so much, as i am a self-learner, you don't have to say everything.. just a clue is enough for me)
may be you can try this code
<?php
require_once 'require.inc.php';
//session_start();
if (isset($_POST['btn-login']))
{
$uname = mysqli_real_escape_string($_POST['uname']);
$upass = mysqli_real_escape_string($_POST['upass']);
$search = mysqli_query($connection, "SELECT username, userid, password from $user_table WHERE username='$uname' AND password='$upass'");
$match = mysqli_fetch_assoc($search);
if ($match == 1 and $match['password'] == md5($upass))
{
$_SESSION['username'] = $match['userid'];
} else {
?>
<script>alert('Password or E-mail is wrong. If you havent registered, Please Register');</script>
<?php
}
}
if (isset($_SESSION['username']) or isset($match['userid'])){
header("Location:start.php");
}
if (isset($_POST['btn-signup']))
{
$name = mysqli_real_escape_string($_POST['name']);
$usern = mysqli_real_escape_string($_POST['username']);
$email = mysqli_real_escape_string($_POST['email']);
$password = mysqli_real_escape_string($_POST['password']);
$repassword = mysqli_real_escape_string($_POST['repassword']);
$name = trim($name);
$usern = trim($usern);
$email = trim($email);
$password = trim($password);
$repassword = trim($repassword);
$query = "SELECT email FROM $user_table WHERE email='$email'";
$result = mysqli_query($connection, $query);
$count = mysqli_num_rows($result);
$querytwo = "SELECT username FROM $user_table WHERE username='$usern'";
$resulttwo = mysqli_query($connection, $querytwo);
$counttwo = mysqli_num_rows($resulttwo);
if ($count == 0 AND $counttwo == 0)
{
if ($password == $repassword) {
if (mysqli_query($connection, "INSERT INTO $user_table(username, email, password, realname) VALUES ('$usern','$email','$password','$name')"))
{
?>
<script> alert ('Successfully registered'); </script>
<?php
}
}else {
?>
<script> alert ('The Password you entered, doesnt match.. Please fill in the same password'); </script>
<?php
}
}
else {
?>
<script> alert('Username or E-mail already exist'); </script>
<?php
}
}
?>
and this is for require.inc.php
<?php
global $username;
//require 'dconn.php';
session_start();
$_SESSION["username"] = $username;
$connection = mysqli_connect("localhost","root","", "test") or die(mysqli_error());
// Check Login
if (isset($_SESSION['username']) and isset ($match['userid']))
{
$Selection = "SELECT * FROM $user_table WHERE username='$username'";
$selectQuery = mysqli_query($connection, $Selection);
if ($selectQuery != false)
{
while ($fetchD = mysqli_fetch_assoc($selectQuery))
{
$usernn = $fetchD['username'];
$email = $fetchD['email'];
$uid = $fetchD['userid'];
}
} else {
echo mysqli_error();
}
}
?>
#suggestion, create session after user login and authorized then for each page start session and take session which you created and perform SQL queries using that session variable.
for example :
$_SESSION['user_name']=$row['username'];
for each page:
session_start();
$user_name=$_SESSION['user_name'];
SQL query
mysqli_query($con,"SELECT * FROM users where column_name='$user_name'");
I think you need to include dconn.php file in all files where you want to perform the mysql operation. If you have included it only in require.inc.php then you you it in all your other files.