I have a login function on my website (using MySQL & PHP).
The problem I am having is that I am getting an error where I shouldn't be.
When the user logs in, I would like their username to be shown In the navbar using a variable I have called user_data, however, when I try to run the code, I get the error:
Notice: Undefined variable: user_data in C:\xampp\htdocs\exampledirectory\includes\prefs\header.php on line 31.
Now, I have checked all my code, and It all seems to be correct... It just doesn't want to work!
I have the header.php or navbar included into my index.php like this:
INDEX.php:
<?php
require_once 'core/init.php'; <!-- notice the init file !-->
?>
<html>
<?php
include 'includes/prefs/header.php';
?>
<!-- body of html !-->
</html>
and this is my HEADER.php:
<li style="cursor:pointer;">
<?php
if(!logged_in()){
?>
<a>USER</a>
<ul>
<li>SIGN IN</li>
<li>REGISTER</li>
</ul>
<?php
}else{
?>
<a><?php echo $user_data['username']; ?></a> <!-- this is line 31 !-->
<ul>
<li>PROFILE</li>
<li>SETTINGS</li>
</ul>
<?php
}
?>
</li>
now, the user_data variable comes into play once the user has logged in from a form on my login page which redirects all the data to another login page in a redirection folder
LOGIN.php:
<form action="./redir/login" method="post">
<input type="text" class="input-style" placeholder="Username" name="username"><br><br>
<input type="password" class="input-style" placeholder="Password" name="password"><br><br>
<input type="submit" value="Login"><br>
</form>
REDIR/LOGIN.php:
<?php
include 'core/init.php';
if (empty($_POST) === false){
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true) {
$errors[] = 'That user does not exist.';
} else if (user_exists($username) === false) {
$errors[] = 'That user does not exist.';
} else if (user_active($username) === false) {
$errors[] = 'This user is currently inactive. If you would like to know more, please click <a href="./help/9141320">here.';
} else {
$login = login($username, $password);
if ($login === false) {
$errors[] = 'The username or password you entered are incorrect.';
} else {
// query if credentials = true return (home)
$_SESSION['user_id'] = $login;
header('Location: ../index');
exit();
}
}
} else {
header('Location: index.php');
}
if (empty($errors) === false) {
?>
<!-- error html !-->
all the login data goes to my login function on my users.php
USERS.php:
function user_data($user_id) {
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
return $data;
}
}
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
/* exists */
function user_exists($username){
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function email_exists($email){
$email = sanitize($email);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'");
return (mysql_result($query, 0) == 1) ? true : false;
}
/* active */
function user_active($username){
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1");
return (mysql_result($query, 0) == 1) ? true : false;
}
/* misc login */
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT (`user_id`) FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
function user_id_from_email($email) {
$email = sanitize($email);
return mysql_result(mysql_query("SELECT (`user_id`) FROM `users` WHERE `email` = '$email'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>
and if the login details are correct it returns the user_id or if not it returns false.
and finally this is my INIT.php file:
<?php
session_start();
//error_reporting(0);
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$current_file = explode('/', $_SERVER['SCRIPT_NAME']);
$current_file = end($current_file);
if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'username', 'password', 'email', 'first_name', 'last_name', 'CCNo', 'desc', 'avatar', 'type', 'group', 'active');
$errors = array();
?>
the INIT.php is what creates the user_data variable from the user_data function (if that makes sense).
I hope I have explained it well enough for people to understand and help me with.
The basic outline is: I want my user_data variable function to work (so I can use it to echo out information).
Cheers
It seems user_data variable is not initialized. So you need to run sql query in "header.php" file and initialize the user_data variable.
In your init.php, You're only initializing user_data if the user is logged in.
Based on the logic in your header.php, it should be like that:
if(!logged_in()){
?>
<a>USER</a>
<ul>
<li>SIGN IN</li>
<li>REGISTER</li>
</ul>
<?php
}else{
?>
<a><?php echo $user_data['username']; ?></a> <!-- this is line 31 !-->
If the user is NOT logged in, you'd want to display the Sign in/Register buttons not the other way around correct?
Related
I am uploading my website in a web server and my login is not working.On localhost everything was fine.Now when i put the correct username and password it gives me That username/password combination is incorrect.When i put the incorrect password it give this again.The other validations work fine and my code :
log in.php
<?php
include 'core/init.php';
if(empty($_POST) === false) {
$username= $_POST['username'];
$password = $_POST['password'];
if(empty($username)=== true || empty($password) === true ) {
$errors[] = 'You need to enter a username & password';
}else if (user_exists($username) === false) {
$errors[]='We cant find that username.Have you registered?';
}else if (user_active($username) === false) {
$errors[]='You havent activated your account!';
}else {
if(strlen($password) > 32) {
$errors[] = 'Password too long';
}
$login = login($username, $password);
if($login === false) {
$errors[] = 'That username/password combination is incorrect';
}else{
$_SESSION['user_id'] = $login;
header('Location: index2.php');
exit();
}
}
}else {
$errors[] = 'No data received';
}
include 'overall/headerr.php';
if (empty($errors)=== false) {
?>
<h2>We tried to log you in, but...</h2>
<?php
echo output_errors($errors);
}
?>
users.php
function login($username, $password){
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username`='$username' AND `password`='$password'"), 0)==1) ? $user_id : false;
}
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username) {
$username = sanitize($username);
return (mysql_result( mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` ='$username' "), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return(mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` =1"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
general.php
<?php
function sanitize($data) {
return mysql_real_escape_string($data);
}
function output_errors($errors) {
$output = array();
foreach($errors as $error) {
$output[] = '<li>'. $error .'</li>';
}
return '<ul>' . implode ('', $output) . '</ul>';
}
?>
init.php
<?php
session_start();
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$errors = array() ;
?>
Why are you making your code long & complicated?
I use this simple and nice code:
<?php
session_start(); /* Start a session on browser */
require('connect.php'); /* Get database-connection script */
$username = $_POST['username']; /* Define variable ' $username ' */
$password = $_POST['password']; /* Define variable ' $password ' */
/* Check if username or password is empty */
if(empty($username) || empty($password)) {
/* If one of the fields are empty, send user back. */
echo 'afar'; // All fields are required
} else {
/* Select usernames & passwords from our database */
$check_accpass = $dbh->query('SELECT username,password FROM `users` WHERE `username`='.$dbh->quote($username).' AND `password`='.$dbh->quote($password).'')->fetchAll();
/* Check if username & password has any matches in our database */
if($check_accpass) {
echo 'success';
/* IF they do, set $username to $_SESSION['USERNAME'] and same with password */
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
// Set cookies
// name, value, expire, path, domain, secure, httponly
setcookie("username", $username, time() + (172800 * 30), "/", NULL, TRUE, TRUE); /* 2 days = 48 hours */
setcookie("password", $password, time() + (172800 * 30), "/", NULL, TRUE, TRUE); /* 2 days = 48 hours */
// Send user to root
header('location:/');
} else {
/* if no matches are found, print the text below */
echo 'wuop'; // wrong username or password
}
}
?>
I'm trying to make Login system to my project, but I don't know how can I check if the password that the user typed is correct.
Login.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once("guest.php");
require_once("db.php");
$error = "";
global $tf_handle;
$gb = new guest();
if(isset($_POST['login']))
{
$u_email = mysqli_real_escape_string($tf_handle, $_POST['email']);
$u_password = mysqli_real_escape_string($tf_handle, $_POST['password']);
$check = $gb->email_exist($tf_handle,$u_email); // check if email exist in database
if($check) // if true
{
//check if the password is right
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
if($chpassword)
{
$error = "Thanks for loggin , you will be redirected...";
header( "refresh:3;url=index.php" );
}
else
{
$error = "Email Doesn't Exist";
}
}
else
{
$error = "Wrong information";
}
}
?>
<!doctype html>
<html>
<head>
<title>Login Page</title>
<link rel="stylesheet" href="css/styles.css" />
</head>
<body>
<div id="error" style="<?php if ($error !=""){?> display:block;<?php }?>"><?php echo $error;?></div>
<div id="wrapper">
<div id="menu">
Sign Up
Login
</div>
<div id="formDiv">
<form method="POST" action="Login.php">
<label>Email:</label><br/>
<input type="text" name="email" class="inputFields" required /><br/><br/>
<label>Password:</label><br/>
<input type="password" name="password" class="inputFields" required /><br/><br/>
<input type="checkbox" name="keep" />
<label>Keep me logged in</label><br/><br/>
<input type="submit" name="login" class="theButtons" value="Login!" />
</form>
</div>
</div>
</body>
</html>
guest.php
<?php
require_once('db.php');
class guest
{
function email_exist($email,$con)
{
$result = mysqli_query($con,"SELECT * FROM `users` WHERE `email` = '$email'");
if(mysqli_num_rows($result) == 1)
{
return true;
}
else
{
return false;
}
}
}
The problem is in the line below:
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
or the email_exist() function
It makes me log in, even if the password is wrong.
You used an if() statement. You're just declaring the variable $chpassword and thereby calling the SQL Query. This succeeds, so the condition is true. It doesn't really check if it's the same with the password from the database.
Take a look here
You would want something like this:
$query = mysql_query("select * from login where password='$password'
AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
...
}
According to the man page, mysqli_query will return a result even if there are no rows, you need to do something like the following:
$chpassword = mysqli_query($tf_handle,"SELECT * FROM `users` WHERE `email` = '$u_email' AND `password` = '$u_password'");
if($chpassword->num_rows > 0) {
/* do your login stuff */
} else {
/* do not logged in stuff */
}
Also as a side note, I would not store passwords in plain text, I would use something like hash_pbkdf2 to store the passwords in an encrypted fashion.
Create a class that will handle that for you. You're writting too much code.
class users
{
private $mysqli;
public function __construct()
{
$this->mysqli = new mysqli('localhost', 'root', '', 'yourDatabase');
$this->mysqli->set_charset("utf8");
}
public function isLoginValid($email, $password)
{
$query = $this->mysqli->prepare("SELECT email
FROM users
WHERE email = ? AND password = ?");
$query->bind_param("ss", $email, $password);
$query->execute();
$query->store_result();
return ($query->num_rows >= 1 ? TRUE : FALSE);
}
}
Now the only thing you need to do is call the class and the function.
If (and I hope so) you use files to separate the classes do the following:
require_once('users.php');
$user = new users();
if($user->isLoginValid('stack#stackoverflow.com', '123456') == FALSE)
{
echo 'Hold on, there was a problem..';
return;
}
/*
* 1. Set the session
* 2. Set the cookie
* 3. Redirect the user
*/
I set session variables on a login page, and then it redirects to the home page, where a function called isLoggedIn() decides whether it include()s signed-in.php or membership-container.php in the header. signed-in.php is what shows if the person is logged in, and membership-container.php is shown if the client is not logged in. After I login it shows signed-in.php as would be expected, but when I reload the page, it shows membership-container.php.
Login page:
<!DOCTYPE html>
<?php
session_start();
/*error_reporting(0);*/
require 'users/database/connect-database.php';
require 'users/database/database-functions.php';
if ($_POST) {
$email = sanitize($connection, strip_tags($_POST['login_email']));
$password = sanitize($connection, strip_tags($_POST['login_password']));
$encrypted_password = sha1($password);
if (!empty($email) && !empty($password)) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Your email is not valid.';
} else if(exists($connection, 'email', 'members', 'email', $email) == false) {
$error = "We didn't find anyone with that email and password. Have you joined SamHalesJr.com yet?";
} else if (exists($connection, 'email', 'members', 'password', $encrypted_password) == false) {
$error = "Please enter the correct password.";
} else if (detail($connection, 'active', 'members', 'email', $email) != 1) {
$error = "You haven't activated your account!";
} else {
$query = login($connection, $email, $encrypted_password);
if ($query == true) {
ini_set('session.gc_maxlifetime', $inactive_session);
$_SESSION['session'] = time();
$_SESSION['logged_in'] = detail($connection, 'user_id', 'members', 'email', $email);
if (isLoggedIn()) {header('Location: /home');}
}
}
} else {
$error = 'Please enter an email and password.';
}
}
require 'users/database/disconnect-database.php';
?>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<form action="/login" method="POST">
<input placeholder="Email" value="<?php echo $email; ?>" type="text" name="login_email"><br>
<input placeholder="Password" value="<?php echo $password; ?>" type="password" name="login_password"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
I know connect-database.php and disconnect-database.php work, and here are the contents of database-functions.php:
<?php
$inactive_session = 7200;
function sanitize($connection, $data) {
return mysqli_real_escape_string($connection, $data);
}
function exists($connection, $detail, $table, $row, $value) {
$query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'");
$count = mysqli_num_rows($query);
return ($count >= 1) ? true : false;
}
function generate($password) {
$password = hash('sha512', $password);
return $password;
}
function isLoggedIn() {
if (isset($_SESSION['logged_in'])) {
return true;
} else {
return false;
}
}
function detail($connection, $detail, $table, $row, $value) {
$query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'");
$associate = mysqli_fetch_assoc($query);
return $associate[$detail];
}
function login($connection, $email, $password) {
$query = mysqli_query($connection, "SELECT `email`, `password` FROM `members` WHERE `email` = '$email' AND `password` = '$password'");
$count = mysqli_num_rows($query);
if ($count >= 1) {
return true;
} else {
return false;
}
}
function logout() {
unset($_SESSION['logged_in']);
session_unset();
session_destroy();
}
?>
Am I correct that the session_start() and any other $_SESSION[''] variables need to go before the <html> tag? Here is the code that I put before the <html> tag in each page:
<?php
include 'users/database/database-functions.php';
ini_set('session.gc_maxlifetime', $inactive_session);
session_start();
if (isset($_SESSION['session']) && (time() - $_SESSION['session'] > $inactive_session)) {
logout();
}
$_SESSION['session'] = time(); // Update session
?>
Leave a comment if there is any other info that you need and thanks so much for anyone's help. I've been working on this for a long time and am still new to session handling and functions.
Just to make it clear, my problem is that when I enter the ___correct___info to /login and click the login button, it redirects to the /home page as it should do and it shows signed-in.php in the header, but when I reload /home it shows membership-container.php.
If it helps at all, after I have reloaded the home page (after logging in), it still shows the PHPSESSID cookie, just as it does when it shows signed-in.php. It also says that the cookie expires "when the browsing session ends." I don't know if that means anything, but that fact that it still shows the PHPSESSID cookie could mean that the session is still alive and that the error is in my isLoggedIn() function.
Also it might help to see what exactly is inside the header:
<?php if (isLoggedIn()) {
include 'signed-in.php';
} else {
include 'membership-container.php';
} ?>
Thank you anyone who helps me out with this.
I know this problem is very common, and the usual answer is to place session_start; at the beginning of every page and script. I've done that and still to no prevail. I've spent literally a whole 6 hours trying to find the mistake, but came to no avail, any pointers would be appreciated.
The relevant codes are below, but just to break it down. There is an init.php file that contains all the functions, connections and session_start(); and this is included into the top of every page, before any other code.
init.php (included in header.php, before any HTML) [EDITED to include error reporting]
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
require 'database/connect.php'; //code for connecting to database
require 'functions/general.php'; //contains one sanitize function
require 'functions/users.php'; //user-specific functions (see below)
$errors = array();
?>
//rest of the head and opening body tag
index.php (session_start(); is at the beginning of the code from init.php)
<?php include 'includes/overall/header.php'; ?>
<?php include 'assets/nivo/nivo.php'; ?>
<p>plain text
</p>
<?php
echo ($_SESSION['user_id']);
?>
<?php include 'includes/overall/footer.php'; ?>
<?php include 'includes/overall/scripts.php'; ?>
</body>
</html>
core/functions/users.php (within init.php which contains session_start();)
<?php
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exist($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false;
};
function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `user` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false;
};
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `user` WHERE `username` = '$username'"), 0, 'user_id');
};
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `user` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
};
?>
The login form is included into index.php and sends data to login_pro.php
login_pro.php
<?php
include 'core/init.php';
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Please enter a username and password';
} else if (user_exist($username) === false) {
$errors[] = 'User does not exist';
} else if (user_active($username) === false) {
$errors[] = 'Please activate your account';
} else {
$login = login($username, $password);
if ($login === false) {
$errors[] = 'This username/password combination is incorrect';
} else {
$_SESSION['user_id'] = $login;
header("Location: index.php");
exit();
};
};
print_r($errors);
}
?>
If I place a die function to output SESSION['user_id']; into login_pro.php, like so:
} else {
$_SESSION['user_id'] = $login;
die($_SESSION['user_id']);
header("Location: index.php");
exit();
};
I do get the desired user_id. But this is not carried forward after the header redirected me back to index.php - as indicated by the lack of output in the echo function at index.php
How do I fix this?
I have now resolved this problem. It has to do with my hosting provider. I have posted a full explanation to help others here. If someone deem this question should be deleted, please feel free, I am not very familiar with Stackoverflow traditions.
When a user logs in they are redirected to member.php, below is the log in code followed by member.php code.
login.php
<?php
session_start ();
include 'core/init.php';
$username = '';
$password = '';
$dbusername = '';
$dbpassword = '';
if (isset($_POST['Email']) && isset($_POST['Password']))
{
$username = $_POST['Email'];
$password = md5($_POST['Password']);
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
$numrow = mysql_num_rows ($query);
// user login
if ($numrow!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header("Location: member.php");
}
}
else
{
// admin login
$query2 = mysql_query("SELECT * FROM admin WHERE Email ='$username' AND Password ='$password'");
$numrow2 = mysql_num_rows ($query2);
if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header("Location: admin.php");
}
else{
echo "Incorrect password";
}
}
else{
if ($username!=$dbusername&&$password!=$dbpassword)
{die("That user does not exist!");
}
}
}
}
/*if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
if ($username!=$dbusername)
{die("That user does not exist!");
}
}
}
else
die("Please enter your email address and password");
*/
?>
member.php code (I know this is messy. Sorry, just need to get it working for now)
<div id="header">
<div id= "logout">
<?php
if(isset($_GET['username']) === true & empty ($_GET['username']) === false)
$username = $_GET ['username'];
if (user_exists($username) === true) {
echo "<p>Welcome, ".$_SESSION['Email']. "!<br><a href='logout.php'>Logout</a>\n<a href='index.php'>Back to homepage</a></p>";
?></div>
</div>
<div id="main-content">
<?php
//get username from user id
$MemberID = user_id_from_username($username);
$profile_data =user_data($MemberID, 'Name','Email');//Need to pull out stuff from oddjob table
?>
<h1><?php echo $profile_data['Name']; ?>'s profile</h1>
<p><?php echo $profile_data['Email'];?></p>
<?php
} else {
echo '<p>Sorry, cannot find that user on system.</p>';
}
?>
At the moment I have set member.php so that if I type a username (which is the users email address) into the URL it displays some profile data specific to that user.
However, when I log in as a user, and get redirected to member.php I just see a blank page and the username doesn't show up in the URL, just an error message saying ' Undefined variable: username' for that user and I don't know how to edit this so that it works and the member is sent to their own profile page.
Relevant functions below:
functions.php
function logged_in() {
return (isset($_SESSION['MemberID'])) ? true : false; //Email
}
function user_data($MemberID){
$data = array();
$MemberID =(int)$MemberID;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args >1) {
unset($func_get_args[0]);
$fields = '`' . implode('`,`', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `member` WHERE `MemberID` = $MemberID"));//expects parameter 1 to be resourse
return $data;
}
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `MemberID` FROM `member` WHERE `Email` = '$username'"),0, 'MemberID');
Init.php:
if (logged_in() ===true) {
$session_MemberID = $_SESSION['MemberID'];//undefined?
$user_data= user_data($session_MemberID,'MemberID','Name','Address','Postcode','DOB','Mobile','Email','Password','RepeatPassword');
exit();
}
To be honest Ive been looking at this code for so long now, I'm completely blind/lost as to how to fix this. Please help if you can.
Index.php
<div id= "login">
<form action="login.php" method="post">
<?php
if (logged_in() === true) {
echo "<p>Welcome, ".$_SESSION['Email']. "!<br><a href='logout.php'>Logout</a>";
}else
echo"<h4>Username: <input type='text' name='Email'><br>
Password: <input type='Password' name='Password'>
<input type='submit' value='Log In'><br>
<a href='register2.php'>Register?</a>
</form>"
?>
On your member.php page you try to get the username from $_GET but you don't pass any parameter when you redirect the user in login.php.
Either rely only on the $_SESSION which you set or change your redirect:
header('Location: member.php?username='.$username);
This header command:
header("Location: member.php");
Must be above the head. it can only be called if no other html code has been sent to the user. E.g.:
<?php
header("Location: member.php");
?>
<html>
<head>
</head>
<body>
</body>
</html>