Session if else statement - php

I am trying to display the information A if login as user and information B if login as admin. The problem here is that, I am only able to execute the first if statement and the else statement which means I am able to login. However, it will never get into the else if statement. Can anyone help me, I am not sure what is the problem here.
<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpassword = "";
$dbdatabase = "test";
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
?>
somewhere.php
<?php
if(!isset($_SESSION)){
session_start();
}
include("configuration.php");
?>
<html>
<body>
<?php
if (isset($_SESSION['SESS_EXIST']) == true && isset($_SESSION['SESS_TYPE']) == 'A' ){ ?>
//this is the user html information form
<?php }
else if (isset($_SESSION['SESS_EXIST']) == true && isset($_SESSION['SESS_TYPE1']) == 'B' ){ ?>
//this is the admin html information form
<?php } else { ?>
//ask user/admin to login html form
<form action ="login.php">
<button type="submit" name="login" class="btn-primary">Sign Up</button>
</form>
<?php } ?>
</body>
</html>
login.php
<?php
session_start();
require("configuration.php");
if(isset($_SESSION['SESS_EXIST']) == TRUE) {
header("Location: somewhere.php");
die();
}
$email = $_POST['Email'];
$pass = $_POST['Pass'];
$sql = "SELECT * FROM user WHERE Email='$email' and Pass ='$pass' " ;
$res = mysql_query($sql);
$rows = mysql_num_rows($res);
$sql1 = "SELECT * FROM admin WHERE Email='$email' and Pass ='$pass' " ;
$res1 = mysql_query($sql1);
$rows1 = mysql_num_rows($res1);
if($rows == 1)
{
$row = mysql_fetch_assoc($res);
$_SESSION['SESS_EMAIL'] = $row['Email'];
$_SESSION['SESS_NAME'] = $row['Name'];
$_SESSION['SESS_PASS'] = $row['Pass'];
$_SESSION['SESS_TYPE'] = 'A';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();
}
else if($rows1 == 1)
{
$row1 = mysql_fetch_assoc($res1);
$_SESSION['SESS_EMAIL1'] = $row['Email'];
$_SESSION['SESS_NAME1'] = $row['Name'];
$_SESSION['SESS_PASS1'] = $row['Pass'];
$_SESSION['SESS_TYPE1'] = 'B';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();
}
else {
echo '<script language = "javascript">';
echo 'alert("Fail login")';
echo '</script>';
echo "<script>window.location.assign('somewhere.php')</script>";
die();
}
?>


I think you don't reset your SESSION when you Logout. Try this:
Login.php
<?php
session_start();
require("configuration.php");
if(isset($_SESSION['SESS_EXIST']) == TRUE) {
header("Location: somewhere.php");
die();
}
session_unset();
$email = $_POST['Email'];
$pass = $_POST['Pass'];
$sql = "SELECT * FROM user WHERE Email='$email' and Pass ='$pass' " ;
$res = mysql_query($sql);
$rows = mysql_num_rows($res);
$sql1 = "SELECT * FROM admin WHERE Email='$email' and Pass ='$pass' " ;
$res1 = mysql_query($sql1);
$rows1 = mysql_num_rows($res1);
if($rows == 1)
{
$row = mysql_fetch_assoc($res);
$_SESSION['SESS_EMAIL'] = $row['Email'];
$_SESSION['SESS_NAME'] = $row['Name'];
$_SESSION['SESS_PASS'] = $row['Pass'];
$_SESSION['SESS_TYPE'] = 'A';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();
}
else if($rows1 == 1)
{
$row1 = mysql_fetch_assoc($res1);
$_SESSION['SESS_EMAIL1'] = $row['Email'];
$_SESSION['SESS_NAME1'] = $row['Name'];
$_SESSION['SESS_PASS1'] = $row['Pass'];
$_SESSION['SESS_TYPE1'] = 'B';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();
}
else {
echo '<script language = "javascript">';
echo 'alert("Fail login")';
echo '</script>';
echo "<script>window.location.assign('somewhere.php')</script>";
die();
}
?>
Your If-Statement is also no correct. As mentioned in other answers it should be like this:
somewhere.php Edit
<?php
if(!isset($_SESSION)){
session_start();
}
include("configuration.php");
?>
<html>
<body>
<?php
if(isset($_SESSION['SESS_EXIST'])){
if ($_SESSION['SESS_EXIST'] == true && $_SESSION['SESS_TYPE'] == 'A' ){
?> //this is the user html information form <?php
}
else if ($_SESSION['SESS_EXIST'] == true && $_SESSION['SESS_TYPE1'] == 'B' ){
?> //this is the admin html information form <?php
}
} else { ?> //ask user/admin to login html form
<form action ="login.php">
<button type="submit" name="login" class="btn-primary">Sign Up</button>
</form>
<?php
}
?>
</body>
</html>


Hi your condition never gets true
if (isset($_SESSION['SESS_TYPE']) && $_SESSION['SESS_TYPE'] == 'A') {
// your code here
}
`isset` — Determine if a `variable` is set and is not `NULL`. `Returns` `TRUE` if var exists and has value other than NULL, FALSE otherwise.

Related

How do I print user information once logged in?

I've added a login system to my website but it seems the information isn't properly being stored in the session. When I try to open up the destination page, I am trying to echo the user_id, but I get the error: "Trying to access array offset on value of type null". From what I can see, this shouldn't be null since it is set in my login.php script. For further info, I've included the signup, login and function scripts. Any help would be massively appreciated.
login.php:
<?php
session_start();
require ("connection.php");
require ("functions.php");
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (isset($_POST['email']) || isset($_POST['password']))
{
$email = $_POST['email'];
$password = $_POST['password'];
if (!empty($email) && !empty($password))
{
$query = ("select * from users where email = '$email' and password = '$password' and organiser_yn = 'N' limit 1");
$result = mysqli_query($con, $query);
$query2 = ("select * from users where email = '$email' and password = '$password' and organiser_yn = 'Y' limit 1");
$result2 = mysqli_query($con, $query2);
if ($result)
{
if ($result && mysqli_num_rows($result) > 0)
{
$user_data = mysqli_fetch_assoc($result);
$_SESSION['user_id'] = $user_data['user_id'];
header("Location: EventPlannerSignedIn.php");
die;
} elseif ($result2 && mysqli_fetch_assoc($result2) > 0)
{
$user_data2 = mysqli_fetch_assoc($result2);
$_SESSION['user_id'] = $user_data2['user_id'];
header("Location: EventPlannerOrganiser.php");
die;
}
else
{
echo "Email or password is incorrect.";
}
}
}
}
}
?>
signup.php:
<?php
session_start();
include("connection.php");
include("functions.php");
if($_SERVER['REQUEST_METHOD'] == "POST")
{
if(isset($_POST['name']) || isset($_POST['email']) || isset($_POST['password']) )
{
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
if(!empty($email) && !empty($password))
{
$user_id = random_num(20);
$query = "insert into users (user_id,name,email,password) values ('$user_id','$name','$email','$password')";
mysqli_query($con, $query);
header("Location: login.php");
die;
}
else
{
echo "The information you have entered is invalid.";
}
}
}
?>
destination page
<?php
session_start();
include("connection.php");
include("functions.php");
$user_data2 = check_login($con);
?>
<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>
<?php echo $user_data2['user_id'];?>
</body>
</html>
function:
<?php
function check_login($con)
{
if(isset($_SESSION['user_id']))
{
$id = $_SESSION['user_id'];
$query = "select * from users where user_id = '$id' limit 1";
$result = mysqli_query($con,$query);
if($result && mysqli_num_rows($result) > 0)
{
$user_data = mysqli_fetch_assoc($result);
return $user_data;
}
}
die;
}
?>

try
<body>
<?php echo $_SESSION['user_id']; ?>
</body>
because you are not storing anything in the $userdata2 and not even initializing any data on that variable, nor from sessions, nor from your actual database.

Undefined Index error

It occurs undefined index error for the first time while redirecting to the same page after login, how can I solve this problem?
Here's my code:
code on index-page
<?php
session_start();
$error = $_SESSION['error'];
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("db_food", $conn);
$row = mysql_query("select * from tbl_temp order by id DESC", $conn);
$row = mysql_fetch_array($row);
$user = $row['user'];
$pass = $row['pass'];
?>
code for the page After form submission
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if($username =='' || $password == '') {
$error = "Username or Password cant' be empty......";
header("location: index.php");
} else {
$data = mysql_query("select * from tbl_user where username='$username' && password='$password'", $conn);
$num = mysql_num_rows($data);
if($num==1) {
$row = mysql_fetch_array($data);
$_SESSION['name'] = $row['name'];
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['username'];
exit;
} else {
$error= "Either Username or Password wrong!!!";
header("location: index.php");
}
}
$_SESSION['error'] = $error;
?>
I want to display the error message in the index page.

check first by isset
$error = "";
if(isset($_SESSION['error'])){
$error = $_SESSION['error'];
}

if (isset($_SESSION["uname"]) == ($_COOKIE['admin']))

I am trying to make a sample website that have a different privileges the admin is for admin page and the client is for client page?
and this is my PHP code db_login
<?php
$uname = $_POST["uname"];
$pword = $_POST["pword"];
require_once("../connector/db_open.php");
$sql = "SELECT * FROM tbl_create_acc WHERE uname = '".$uname."' AND pword = '".$pword."'";
$result = $conn->query($sql) or die ($conn->error);
if($result->num_rows >0)
{
if (isset($_SESSION["uname"]) == ($_COOKIE['admin']))
{
$row = mysqli_fetch_array($result);
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['uname'] = $row['uname'];
$_SESSION['pword'] = $row['pword'];
header("Location: ../page/adminpage.php");
}
else
{
header("Location: ../page/clientpage.php");
}
}
else
{
header("Location: ../page/index1.php");
}
require_once("../connector/db_close.php");
?>

Can't fetch data from MySQL (php) (Re-edited)

I have realized why i can't actually access userdata (after i am logged) old way to find the username is $_SESSION['username']; (assuming there is a row as 'username' in MySQL database)
So as i have a test account as "good25" (reason to choose numbers was to see if Alphanumeric inputs works fine.. its just checkup by me.. nevermind)
Problem :
assuming, i have rows in a table as 'username' and all of his information.. such as 'password', 'email', 'joindate', 'type' ...
On net i found out how to snatch out username from Session
<?php session_start(); $_SESSION('username'); ?>
successful!!
i had an idea to check if session is actually registering or no??
after a log on start.php i used this code
if(isset($_SESSION['username'])) { print_r($_SESSION['username']); }
the result was "1" (while i logged in using this username "good25")
any suggestions?
index.php (lets say, index.php just holds registration + Login form + registration script.. in login form, action='condb.php')
<?php
require 'condb.php';
if (isset($_POST['btn-signup']))
{
//FetchInputs
$usern = mysqli_real_escape_string($connection,$_POST['username']);
$email = mysqli_real_escape_string($connection,$_POST['email']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$repassword = mysqli_real_escape_string($connection,$_POST['repassword']);
$usern = trim($usern);
$email = trim($email);
$password = trim($password);
$repassword = trim($repassword);
//SearchUser
$searchusr = "SELECT username FROM $user_table WHERE username='$usern'";
$usersearched = mysqli_query($connection, $searchusr);
$countuser = mysqli_num_rows($usersearched);
//SearchEmail
$searcheml = "SELECT email FROM $user_table WHERE email='$email'";
$emlsearched = mysqli_query($connection, $searcheml);
$counteml = mysqli_num_rows($emlsearched);
//RegisteringUser
if ($countuser == 0)
{
if ($counteml == 0)
{
$ctime = time();
$cday = date("Y-m-d",$ctime);
$aCode = uniqid();
$adduser = "INSERT INTO $user_table(username, email, password, realname, activationcode, verified, joindate, type, points) VALUES ('$usern','$email','$password','$name','$aCode','n','$cday','Free',$signPoints)";
if (mysqli_query($connection, $adduser))
{
?><script>alert('You have been registered');</script><?php
}
else {
?><script>alert('Couldnt Register, please contact Admin<br><?mysqli_error($connection);?>');</script><?php
}
} else {
?><script>alert('Email already exists!');</script><?php
}
} else {
?><script>alert('Username already exists!');</script><?php
}
}
?>
condb.php
$connection = mysqli_connect($db_server, $db_user, $db_pass);
mysqli_select_db($connection, $db_name);
if(!$connection) {
die ("Connection Failed: " . mysqli_connect_error);
}
if (isset($_POST['btn-login']))
{
$uname = mysqli_real_escape_string($connection,$_POST['uname']);
$upass = mysqli_real_escape_string($connection,$_POST['upass']);
//FindUser
$finduser = "SELECT * FROM $user_table WHERE username='$uname' AND password='$upass'";
$findinguser = mysqli_query($connection,$finduser);
$founduser = mysqli_num_rows($findinguser);
//ConfirmPassword
if ($founduser > 0)
{
session_start();
$_SESSION['username'] = $username;
$_SESSION['username'] = true;
if ($findinguser != false)
{
while ($fetchD = mysqli_fetch_array($findinguser, MYSQLI_ASSOC))
{
$fetchD['username'] = $usernn;
$fetchD['email'] = $email;
$fetchD['userid'] = $uid;
$fetchD['realname'] = $rlnm;
$fetchD['points'] = $pts;
$fetchD['type'] = $membertype ;
}
header("Location: start.php");
} else {
echo mysqli_error();
}
} else {
header("Location: index.php");
?><script>alert('Wrong details, please fill in correct password and email');</script><?php
}
}
I am not asking you to build a script.. just little help please? (Thank you so so so so so much, as i am a self-learner, you don't have to say everything.. just a clue is enough for me)

may be you can try this code
<?php
require_once 'require.inc.php';
//session_start();
if (isset($_POST['btn-login']))
{
$uname = mysqli_real_escape_string($_POST['uname']);
$upass = mysqli_real_escape_string($_POST['upass']);
$search = mysqli_query($connection, "SELECT username, userid, password from $user_table WHERE username='$uname' AND password='$upass'");
$match = mysqli_fetch_assoc($search);
if ($match == 1 and $match['password'] == md5($upass))
{
$_SESSION['username'] = $match['userid'];
} else {
?>
<script>alert('Password or E-mail is wrong. If you havent registered, Please Register');</script>
<?php
}
}
if (isset($_SESSION['username']) or isset($match['userid'])){
header("Location:start.php");
}
if (isset($_POST['btn-signup']))
{
$name = mysqli_real_escape_string($_POST['name']);
$usern = mysqli_real_escape_string($_POST['username']);
$email = mysqli_real_escape_string($_POST['email']);
$password = mysqli_real_escape_string($_POST['password']);
$repassword = mysqli_real_escape_string($_POST['repassword']);
$name = trim($name);
$usern = trim($usern);
$email = trim($email);
$password = trim($password);
$repassword = trim($repassword);
$query = "SELECT email FROM $user_table WHERE email='$email'";
$result = mysqli_query($connection, $query);
$count = mysqli_num_rows($result);
$querytwo = "SELECT username FROM $user_table WHERE username='$usern'";
$resulttwo = mysqli_query($connection, $querytwo);
$counttwo = mysqli_num_rows($resulttwo);
if ($count == 0 AND $counttwo == 0)
{
if ($password == $repassword) {
if (mysqli_query($connection, "INSERT INTO $user_table(username, email, password, realname) VALUES ('$usern','$email','$password','$name')"))
{
?>
<script> alert ('Successfully registered'); </script>
<?php
}
}else {
?>
<script> alert ('The Password you entered, doesnt match.. Please fill in the same password'); </script>
<?php
}
}
else {
?>
<script> alert('Username or E-mail already exist'); </script>
<?php
}
}
?>
and this is for require.inc.php
<?php
global $username;
//require 'dconn.php';
session_start();
$_SESSION["username"] = $username;
$connection = mysqli_connect("localhost","root","", "test") or die(mysqli_error());
// Check Login
if (isset($_SESSION['username']) and isset ($match['userid']))
{
$Selection = "SELECT * FROM $user_table WHERE username='$username'";
$selectQuery = mysqli_query($connection, $Selection);
if ($selectQuery != false)
{
while ($fetchD = mysqli_fetch_assoc($selectQuery))
{
$usernn = $fetchD['username'];
$email = $fetchD['email'];
$uid = $fetchD['userid'];
}
} else {
echo mysqli_error();
}
}
?>

#suggestion, create session after user login and authorized then for each page start session and take session which you created and perform SQL queries using that session variable.
for example :
$_SESSION['user_name']=$row['username'];
for each page:
session_start();
$user_name=$_SESSION['user_name'];
SQL query
mysqli_query($con,"SELECT * FROM users where column_name='$user_name'");

I think you need to include dconn.php file in all files where you want to perform the mysql operation. If you have included it only in require.inc.php then you you it in all your other files.

Php Function Restricted area

Hey i have this function :
<?php
if(isset($_POST['login']) && $_POST['login'] == 'LOGARE') {
include('./inc/configurare.php');
mysql_select_db('account');
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$check = "SELECT * from account where login = '" . $user . "' and password = PASSWORD('$pass')";
$query = mysql_query($check);
$num = mysql_num_rows($query);
if($num > 0) {
$array = mysql_fetch_array($query);
// SESSION variable start //
$_SESSION['id'] = $array['login'];
$_SESSION['coins'] = $array['coins'];
$_SESSION['isadmin'] = $array['isadmin'];
$_SESSION['pscadmin'] = $array['pscadmin'];
$_SESSION['email'] = $array['email'];
$_SESSION['real_name'] = $array['real_name'];
$_SESSION['social_id'] = $array['social_id'];
$_SESSION['user_admin'] = $array['web_admin'];
$_SESSION['user_id'] = $array['id'];
$_SESSION['user_name'] = $array['login'];
$_SESSION['user_coins'] = $array['coins'];
$_SESSION['user_email'] = $array['email'];
echo "<meta http-equiv='refresh' content='0; URL=index.php?s=home'>";
} else {
echo "<meta http-equiv='refresh' content='0; URL=index.php?s=login_error'>";
}
}
?>
And i wanna restrict acces on some page , you must login to intro in that page somting like this:
<?php
if(isset($_SESSION['user']) && isset($_SESSION['pass']))
{
auto_unban();
$username = $_SESSION['user'];
$sql = mysql_query("Select * from account.account where login='".$_SESSION['user']."'") or die(mysql_error());
$accc=mysql_fetch_object($sql);
$charss = mysql_query("Select * from player.player where account_id='".$accc->id."'") or die(mysql_error());
$chars = mysql_num_rows($charss);
?>
<script type='text/javascript'>
function myFunction()
{
var jmsg = "<? echo "Blocked : ".$acc->unban_date." pentru ".$acc->motiv_ban.".mlock."; ?>";
if(jmsg){
alert(jmsg);
}
window.onload=myFunction;
}
</script>
Script , script
<?php } else { echo "Please login!";} ?>
That script when i don't login show me this echo : Please login!
and when i'm login also show me that echo : Plase login!
I don't know how to create and read function in php can anyone show me how to make function like this :
if(isset($_SESSION['user']) && isset($_SESSION['pass']))

Your variable $_SESSION['login'] is empty because you forgot to call session_start(); at the beginning of your php script.
Place session_start(); before printing any chars on your page.
ex:
<?php session_start();
$_SESSION['login'] = 'login';
...

Categories