I can login succesfuly and the user can be displayed... But im doing something wrong here, i can't display the name of the user. Here is the form I tried:
<?php
include("dbconfig.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password received from loginform
$name=mysqli_real_escape_string($dbconfig,$_POST['name']);
$username=mysqli_real_escape_string($dbconfig,$_POST['username']);
$password=mysqli_real_escape_string($dbconfig,$_POST['password']);
$sql_query="SELECT id FROM user WHERE username='$username' and password='$password'";
$result=mysqli_query($dbconfig,$sql_query);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$count=mysqli_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
$_SESSION['login_user']=$username;
header("location: home.php");
}
else
{
$error="Useri ose passwordi gabim!";
}
}
?>
and here is the desplay code:
<?php
if(!isset($_SESSION['login_user']))
{
header("Location: login.php");
}
else
{
$name=$_SESSION['login_user'];
?>
Welcome <?php echo $name;?>
<?php
}
?>
What am I missing can anyone help me out? Thanks!
From what I understand, you're trying to display the user's name and not the username in the welcome message.
First of all, please see that you are not even retrieving the user's name. So, you need to fetch that along with the id.
Considering the field is "name" in your database.
You can modify your query:
$sql_query="SELECT id, name FROM user WHERE username='$username' and password='$password'"; // Add name along with id
$result = mysqli_query($dbconfig,$sql_query);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
if($count==1) {
$_SESSION['User']['username'] = $username; // Change this
$_SESSION['User']['name'] = $row['name']; // Add this
header("location: home.php");
} else {
/* Other code */
}
Now, your display code:
<?php
session_start();
if(!isset($_SESSION['User'])) {
header("Location: login.php");
} else {
$name = $_SESSION['User']['name'];
?>
Welcome <?php echo $name;?>
<?php } ?>
Hope this helps.
Related
I have been working is a website I have been dealing with a problem from a while, and now I know why it is happening, but not how to solve it. Please help!!
Page 1:
In the first page, login page set the $_SESSION['user_id'] is stored the value that are fetch in database user id. In same page can print session and it work properly(the $_SESSION['user_id'] is print) and also navigate the next page(user home).
page 2:
In page 2(user home) the $_SESSION['user_id'] is turned into null value why this happen?
most probably see this problem in, forgot to set the session start but I was set session start both page...
page 1
<?php
if (isset($_POST['sub'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$con = mysqli_connect("localhost", "root", "");
$db = mysqli_select_db($con, "Database");
$qry = "select * from TABLE where username='$user' and password='$pass'";
$res = mysqli_query($con, $qry) or die("could not connect to mysql");
$row = mysqli_fetch_array($res);
$len = mysqli_num_rows($res);
if ($len <= 0) {
echo "<script>";
echo "alert('Oops.Username Or Password Incorrect!');window.location.href='login.php';";
echo "</script>";
} else {
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['message'] = $user;
$_SESSION['logout'] = "";
$id = $_SESSION['id'];
echo "<script>";
echo "alert('log in Success $id ');window.location.href='login.php';"; //$id is print correctly
echo "</script>";
}
}
?>
page 2
<?php
ob_start();
session_start();
if (isset($_SESSION['id'])) {
$id = $_SESSION['id'];
echo "$user"; // not printed
}
if (isset($_SESSION['message'])) {
$msg = $_SESSION['message'];
$_SESSION['message'] = "";
}
if (isset($_SESSION['logout'])) {
$msg = $_SESSION['logout'];
if ($msg == 'logout') {
header("location:login.php");
$_SESSION['message'] = "you must login first";
exit(0);
}
}
?>
<?php
echo "welcome"; // only print this string the above session are not work
?>
I also use this code before some project and it work correctly then why this time the session value not working?
use session in the start in first page, like this. Hopefully this will work
<?php
session_start();
if (isset($_POST['sub']))
{
$user=$_POST['user'];
$pass=$_POST['pass'];
$con=mysqli_connect("localhost","root","");
$db=mysqli_select_db($con,"Database");
$qry="select * from TABLE where username='$user' and password='$pass'";
$res=mysqli_query($con,$qry)or die("could not connect to mysql");
$row=mysqli_fetch_array($res);
$len=mysqli_num_rows($res);
if($len<=0)
{
echo"<script>";
echo"alert('Oops.Username Or Password Incorrect!');window.location.href='login.php';";
echo"</script>";
}
else
{
$_SESSION['id']=$row['id'];
$_SESSION['message']=$user;
$_SESSION['logout']="";
$id=$_SESSION['id'];
echo"<script>";
echo"alert('log in Success $id ');window.location.href='login.php';"; //$id is print correctly
echo"</script>";
}
}
?>
This works perfectly well on my localhost but when i hosted online, it does not logon and it echo logged on successful and error free. Pls what can be the cause for this?
<?php
session_start();
$_SESSION['user_logged']=$user;
$_SESSION['user_password']=$password;
$user = $_POST["username"];
$password = $_POST["password"];
include("include/connect.php");
$msg = array();
if(isset($_POST['submit'])){
foreach($_REQUEST as $key=>$val){
$$key=$val;
}
if(count($msg)==0){
$sql="SELECT username, password FROM admin WHERE username='$username' && password='$password'";
$res=mysql_query($sql) OR die(mysql_error());
if(mysql_fetch_array($res)>0){
$_SESSION['user_logged']= $user;
$_SESSION['user_password']=$password;
header("location:dashboard.php");
echo "You looged in Successfully";
} else{
$msg[]='Incorrect username/password';
}
}
}
?>
Below is the dashboard.php which its suppose to redirect to.
<?php
include('include/connect.php');
include('include/function.php');
if(isset($_REQUEST['mode']) )
{
$mode=$_REQUEST['mode'];
if($mode == 1)
{
$id=$_REQUEST['id'];
$sql="DELETE FROM enquiry WHERE id='$id'";
$result=mysql_query($sql);
}
}
$msg=array();
if(isset($_POST['submit'])){
$title=$_POST['news'];
$news_item=$_POST['news'];
if(empty($news_item)){
$msg[]='You must enter news in the column!';
}
if(empty($title)){
$msg[]='News Title must not be empty!';
}
else {
$sql = "SELECT * FROM news_file WHERE title='$title' ";
$res = mysql_query($sql) or die(mysql_error());
$result = mysql_fetch_array($res);
if($result > 0){
$msg[] = 'News with the same title has been added already';
} else {
$sql = "INSERT INTO news_file (title,news,date) VALUES ('$title','$news_item',Now())";
$result = mysql_query($sql);
$msg[]='News was successfully added';
}
}
}
?>
Try this.
<?php
session_start();
/*
These should be the other way round, as you are setting
the session variables with variables which have not been
initialised yet
*/
$user = $_POST["username"];
$password = $_POST["password"];
$_SESSION['user_logged']=$user;
$_SESSION['user_password']=$password;
include("include/connect.php");
$msg = array();
if(isset($_POST['submit'])){
foreach($_REQUEST as $key=>$val){
$key=$val; // Removed Erroneous double $
}
if(count($msg)==0){
$sql="SELECT
username,
password
FROM
admin
WHERE
username='$username'
AND
password='$password'";
// MySql does not accept && as a comparison operator.
$res=mysql_query($sql);
if(!$res)
{
var_dump(mysql_error());
exit;
}
else
{
if(mysql_fetch_array($res)>0)
{
$_SESSION['post'] = $_POST;
while(mysql_fetch_array($res)>0)
{
$_SESSION['user_logged']= $user;
$_SESSION['user_password']=$password;
header("location:dashboard.php");
echo "You logged in Successfully";
}
}
else
{
msg[]='Incorrect username/password';
}
}
?>
Looking at the code you have provided for dashboard.php, you are expecting there to be $_POST data, for a page which you have redirected to. Where you have redirected to the page, there will be no $_POST data for you to retrieve from the server.
I have amended my script above, to store the $_POST data in the session, so using that, you should be able to call your news items by calling $_SESSION['post']['news'], or if this is too long winded, simply re-assign the POST data once inside your dashboard.php script like so.
$post = $_SESSION['post'];
Then you can call it by using $post['news'].
im trying to change the password of the signed in user but when i run the code it always changes the top row of the table and the signed in user is somewhere in the middle.
the code for the user
validation code
<?php
session_start();
include ('dbc.php');
if (!isset($_SESSION['user'])) {
header("Location: login.php");
}
$id = mysql_real_escape_string($_SESSION['id']);
$todo=$_POST['todo'];
$oldpwd=$_POST['oldpwd'];
$newpwd=$_POST['newpwd'];
if ($_POST['Submit']=='Change') {
$result = mysql_query("select * from users where id='$id'")
or die("asdasdsd".mysql_error());
while($row=mysql_fetch_array($result)) {
if ($_POST["oldpwd"] == $row["user_pwd"]) {
mysql_query("UPDATE users set user_pwd='$newpwd' WHERE id='$id'");
header("Location: userpanel.php?msg=Password updated...");
} else {
header("Location: userpanel.php?msg=ERROR: Password does not match...");
}
}
}
?>
I want to carry value stored in session one page to another page where I am using following code which value I want to carry it is not working.
Here is my code
login.php
<?php
include('conn.php');
if (isset($_POST['submit'])) {
$UserName=$_POST['user'];
$PassWord=$_POST['pass'];
$eid=$_POST['eid'];
//echo $UserName;
//echo $PassWord;
$sql = "SELECT role from login WHERE username='$UserName'and password='$PassWord'";
//$sql=mysql_query("select usertype from login where username='$UserType' and password='$Password'")or die (mysql_error());//query sang database
$retval = mysql_query($sql);
if(! $retval ) {
die('Could not get data: ' . mysql_error());
}
while($row = mysql_fetch_array($retval, MYSQL_ASSOC)) {
session_start();
$_SESSION["user"]=$UserName;
$_SESSION["pass"]=$PassWord ;
$_SESSION['role']=$row['role'];
$_SESSION['eid']=$eid;
if ($row['role']==0) {
header("location:admin.php");
}
elseif ($row['role']==1) {
header("location:UserUomePage.php");
}
}
}
echo "Invalid User Name and Password\n";
?>
When I use
echo $_SESSION['eid'];
it is giving user name. How can I get eid value?
Keep session_start() outside the loop.
And check are you getting value from post in $eid or not.
In next page, you can check:
print_r($_SESSION);
and see what values you are getting.
if(isset($_SESSION['eid']))
{
echo $_SESSION['eid'];
}
else
echo 'NO';
I am trying to create two separate sessions- one for if the user is admin and another if the user is author. $type stored type as enum (can be either author or admin). But, I am not getting unique session id's for my sessions. I am new to PHP and MySQL . can somebody tell me where the error is in my code.
Please help
<?php
session_start();
?>
<?php
include("dbconnect.php");
$con= new dbconnect();
$con->connect();
//create and issue the query
$sql = "SELECT type FROM users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";
$result = mysql_query($sql);
//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
$type_num=0;
//if authorized, get the values
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
}
if($type == "admin")
{
$_SESSION['type']=1;
$u = 'welcome.php';
header('Location: '.$u);
}
else
{
$_SESSION['type']=$type_num;
$u = 'welcome.php';
header('Location: '.$u);
}
}
else {
//redirect back to loginfailed.html form if not in the table
header("Location: loginfailed.html");
exit;
}
?>
welcome.php is as follows:
<?php
session_start();
?>
<html>
<body>
<h2>Welcome to SOD73.</h2>
<?
if($_SESSION['type']==1){
echo "You are of the usertype Admin and your session id is ";
echo session_id();
session_destroy();
}
else {
echo "You are of the usertype Author and your session id is ";
echo session_id();
session_destroy();
}
?>
</body>
</html>
You have to use session_regenerate_id() before call session_destroy() in the file welcome.php