I came across the problem that my session vars aren't remembered when you are linked to another page. This might sound a bit strange. To clear it up a bit, I will explain my problem with some code:
This code is a snippet from 'Login.php'. Here I set the SESSION vars for Email and wachtwoord(Password).
$query = "SELECT * FROM user WHERE Email='$email' AND Wachtwoord='$Wachtwoord'";
$result = mysqli_query($connection, $query) or
die(mysqli_error($connection));
$count = mysqli_num_rows($result);
if ($count == 1){
session_start();
$_SESSION['email'] = $email;
$_SESSION['wachtwoord'] = $Wachtwoord;
$sql = "UPDATE user SET Ingelogd = 1 WHERE Email='$email'";
$ressql = mysqli_query($connection, $sql) or
die(mysqli_error($connection));
}else{
echo "Invalid Login Credentials.";
}
Inside this snippet, the email and wachtwoord session are correctly set(I believe, because I can echo these and get the right output)
But when the user gets redirected to chat.php which contains this php code(indirectly, this code is in 'LoginCheck.php'. Linked to as: Include('../Php/LoginCheck.php');):
Include('connect.php');
//IF ((! $_SESSION['email']= NULL)&&(! $_SESSION['wachtwoord']=NULL)){
$email = $_SESSION['email'];
echo $_SESSION['email'];
$Wachtwoord = $_SESSION['wachtwoord'];
echo $_SESSION['wachtwoord'];
echo 'something';
$sql = "SELECT * FROM user WHERE Email='$email' and Wachtwoord='$Wachtwoord' and Ingelogd=1";
$result = mysqli_query($connection,$sql) or die(mysqli_error($connection));
$count = mysqli_num_rows($result);
if (!$count == 1){
//header('Location: Login.php');
}
//}
When php tries to do something with a SESSION var it gives this error:
Undefined variable: _SESSION in F:\xampp\htdocs\Chives-Functional\Php\LoginCheck.php on line 4
The line, in which $email is declared.
What I want to check is whether the user is still logged in or not.
How can I get this to work? What am I doing wrong? And why isn't it remembered?
Thanks in advance, any help is appreciated!
Kind Regards,
Ps. If more information is required, feel free to ask!
Have you made sure to start the session on top of every page?
session_start();
Related
I`m trying to set the login.php page to divert the user after successful login to different landing page. For instace, if type = model, location:model-dashboard.php or if type=photographer, location:photographer-dashboard.php. At the moment, all users goes to dashboard.php
here is my current php code, for which i`m happy to take any suggestions
if(loggedIn()){
header("Location:dashboard.php");
exit();
}
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($db , $_POST['email']);
$password = mysqli_real_escape_string($db , $_POST['password']);
$query = "select * from users where email='$email' and password='$password'";
$result = $db->query($query);
if($row = $result->fetch_assoc()){
if($row['status'] == 1){
$_SESSION['user_email'] = $email;
if(isset($_POST['remember_me'])){
setcookie("user_email" , $email , time()+60*5);
}
header("Location:dashboard.php");
exit();
}else {
header("Location:login.php?err=" . urlencode("Contul nu este activat"));
exit();
}
}else {
header("Location:login.php?err=" . urlencode("E-mail sau parola gresita"));
exit();
}
}
i already tried:
$query = "select * from users where email='$email' and password='$password' and type='$type'";
and then
if($type =='model'){
$link = 'model-dashboard.php';
}
elseif($type =='photographer'){
$link ='photographer-dashboard.php';
}
and use Location:$link bot no joy
Edited: $type = $row['type']; already defined this, just forgot to mention it
the current code is the one that works with single page, so just need to know what should i remove and add instead.
thank you in advance!
You say you tried adding an AND condition to your query. However, you don't want to constrain the users, you want to get the type from the user. Instead of adding an AND, get the type from the row:
$type = $row['type'];
// Determine $link using $type
Also, note that your current approach of redirecting users to login.php with an error is vulnerable to reflective XSS.
Good day.SO i am having an issue in that, when i create a session via a login and a user is authenticated, once i leave that page to say a different page, i am not whether the session is destroyed or not created in the first place, i require this page to hold the session so i can be able to query the users email from it, and use it to query the database to determine the username.
This is my submit.php, called once the user clicks login on the page.
<?php
session_start();
require_once('connect.php');
if(isset($_POST) & !empty($_POST)){
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password =$_POST['password'];
$sql = "SELECT * FROM `USERS` WHERE EMAIL='$email' AND ENCRYPTEDPWD='$password'";
$result = mysqli_query($connection, $sql);
$count = mysqli_num_rows($result);
if($count == 1){
$_SESSION['email'] = $email;
header("Location: Landing page.php");
exit();
}
else{
header("Location: customerportal.php?login=invalid");
exit();
}
}
?>
it redirects to the next page, the landing page.
This page should check email from the session, and then display a username.
<?php
session_start();
$_SESSION['email'] = $email;
$sql = "SELECT * FROM users WHERE EMAIL='$email';";
$result = mysqli_query($connection,$sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0){
while($row = mysqli_fetch_assoc($result)){
echo $row['username'];
}
}
else{
echo "No User.";
}
?>
Please help.
You have an issue with the landing page in below line:-
$_SESSION['email'] = $email;// here you are assigning to SESSION
It needs to be:-
$email = $_SESSION['email'];//assign value from SESSION to variable
So code needs to be like this:-
$email = $_SESSION['email'];
$sql = "SELECT * FROM users WHERE EMAIL='$email'";
Note:- Your code is wide-open for SQL INJECTION. Try to use prepared statements to prevent it.
mysqli::prepare
In your landing page, invert the line after session_start(): You are assigning an empty variable to overwrite your already saved session variable
$email = $_SESSION['email'];
If your query causes you problems after that, try concatenating $email
$sql = "SELECT * FROM users WHERE EMAIL='".$email."';";
hey every one i have on query plse help me
i want if user login with his login detail his id should be pass and should be visible in link bar ?id=000 like this.
i am trying lot but not able to resolve it plse help me guys...
<?php
include('db.php');
session_start();
if (isset($_POST['submit'])){
//$id= $_POST["id"];
$email = $_POST['email'];
$pwd = $_POST['pwd'];
$query = "SELECT * FROM register WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['email'] = $email;
header("Location:Employee/dashboard.php"); //here if user successfully log in his user id should be also visible in url bar
}else{
$query = "SELECT * FROM art WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['email'] = $email;
header("Location:Recruiter/dashboard.php");
}else{
echo "<script>alert('Incorrect user id and password')</script>";
}
}
}
?>
Below is the modification to your code that needs to be done. You will need to fetch id from the table, if the credentials are valid and append that id to the URL:
$query = "SELECT id FROM register WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_fetch_array($result);
if(isset($rows['id']) && $rows['id'] > 0){
$_SESSION['email'] = $email;
header("Location:Employee/dashboard.php?id=" . $rows['id']);
You don't have to send user_id from POST or GET, Set user_id in session at login time. and fetch it from session where you need it..this is the best solution..
OR
You can send it in your form as a hidden input
<input type="hidden" name="id" value="{$id}">
You probably get the answer from previous answers but I am adding this answer as the best practices to use the session to this kind of activity.
begins the session, you need to say this at the top of a page or before you call session code session_start();
put a user id in the session to track who is logged in $_SESSION['user'] = $user_id; . Then for Check if someone is logged in or not.
if (isset($_SESSION['user'])) {
// if logged in
} else {
// if not logged in
}
Find the logged in user ID $_SESSION['user'].
to redirect use this function:
function redirect($url){
if (headers_sent()){
die('<script type="text/javascript">window.location.href=\'' . $url . '\';</script>');
}else{
header('Location: ' . $url);
die();
}
}
save user id in $_SESSION['id'] = $_POST['user_id']; and change your code like this:
if($rows==1){
$_SESSION['email'] = $email;
redirect(SITE_URL.'Employee/dashboard.php?id='.$_SESSION['id']); //here if user successfully log in his user id should be also visible in url bar
}
after user logged in check url everywhere you want like blow and if id not exist redirect again:
if(!isset($_GET['id'])){
$url = CURRENT_URL;
$url .= '?id='.$_SESSION['id']; //or $url .= '&id='.$_SESSION['id']; if some variables set befor
redirect($url);
}
Why did you want to display id in URL ?After login, you can access it from the user session. If you still want then here is the code.
<pre>
$query = "SELECT id FROM art WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$data = mysql_fetch_assoc($result);
$_SESSION['email'] = $email;
header("Location:Recruiter/dashboard.php?id=".$data['id']);
}else{
echo "<script>alert('Incorrect user id and password')</script>";
}
}
}
</pre>
I'm new to PHP and am even more of a beginner when it comes to sessions. I have my index.php page, which is where users can register and login. The forms are posting to submit.php, respectively for registering and logging in.
This is the dashboard.php file where i showed the username of a user and email address from which account he's login.
<?php
session_start();
include "includes/config.php";
include "layouts/header.php";
$s_title = "Superior Results";
if(isset($_SESSION['id'])) {
$username = $_SESSION['username'];
$email = $_SESSION['email'];
$id = $_SESSION['id'];
} else {
header('Location: index.php');
die();
}
$sql = "SELECT email, username FROM members";
$result = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_assoc($result);
?>
And this is how i call these session variables in dashboard.php file
<?php echo $_SESSION['username'];?>
<?php echo $_SESSION['email'];?>
Username works but email didn't work it shows Notice: Undefined index: email
screenshot
The reason for this error is that you're trying to read an array key that doesn't exist. The isset() function is there so you can test for this. There's no need for null checks as you never assign null to an element:
// check that the 'email' key exists
if (isset($_SESSION['email'])) {
// it does; output the message
echo $_SESSION['email'];
// remove the key so we don't keep outputting the message
unset($_SESSION['email']);
}
Well, just for your comments below, I´m not sure if I understand your needs, but you want to do something like this:?
$username = $_POST['username'];
$sql = "SELECT email FROM users WHERE username = '$username'";
if(($result = mysqli_query($conn, $sql) != false){
if(($row = $result->fetch_assoc() !== null)){
$_SESSION['email'] = $row;
} else {
echo 'no rows in database';
}
} else {
echo 'You have an error in you mysql syntax';
}
//.. work with concrete user
after the user logs in you need to set the session variables
$sql = "SELECT email, username FROM members WHERE id = '".$confirmed login id from the login process."' ";
$result = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_assoc($result);
$SESSION['id'] = $row['id'];
$SESSION['email'] = $row['email'];
$SESSION['username'] = $row['username'];
Once those session variables are set after they log in, you can use them on any other page that is part of that session (has session_start() on the first line)
I am trying to do a simple login with PHP and mysql, and using Sessions as well. I have the code, which should work in theory, however it keeps redirecting me to the login page (refreshing it) instead of taking me to the profile.
$username = $_POST['username'];
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1){
$result2 = mysql_query($query);
$row = mysql_fetch_row($result2);
$_SESSION['conf_code'] = $row[0];
$uid = $row[0];
session_register($uid);
header('location:profile.php?conf='.$row[0]);
}
else{
echo 'Wrong username';
}
no it shouldn't work in theory
try this
<?php
$username = mysql_real_escape_string($_POST['username']);
$query = "SELECT `confirmcode` FROM `fb_network`
WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query) or trigger_error(mysql_error().$query);
if ($row = mysql_fetch_row($result)){
session_start();
$_SESSION['conf_code'] = $row[0];
header('Location: profile.php');
exit;
} else {
echo 'Wrong username';
}
but there can be other issues, from code you didn't post here r other reasons.
as a matter of fact, only debugging can tell you what's the problem for sure
I would use a user defined function and make it to check the login credentials and return true or false from the function.
you can use something like this.
function check_login ($username, $password) {
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if( mysql_num_rows($result) == 0) {
return false;
}
if( mysql_num_rows($result) == 1) {
$_SESSION['loggedin'] = "true";
header('location:profile.php?conf='.$row[0]);
return true;
}
}
and then call the function easily and display the appropriate message.
check the following code..
<?php
session_start();
/** If the User is already Logged in then redirect to login.php **/
if(isset($_SESSION['loggedin'])){
header("Location: login.php");
}
else {
if( check_login($_POST['username'], $_POST['password'])) {
header('location:profile.php?conf='.$row[0]);
}
}
althoough the code is not exact but this might be enough to get you going.
I see that your code has only two options - display "wrong code" or redirect to the other page. no place where you are redirecting to the login page?
You need to initiate the session by sessions_start() before the rest of the code.
If you have any sort of 'test' script on the profile page that re-directs you if you're not logged in, it may be that the above code logs you in, but does not carry the session variable correctly to the profile page...and subsequently sends the user back to log in again.
Make sure the session is properly initiated on each page using the variable and make sure they match on both ends.
You have two main problems:
You are not using session_start to tell PHP to start tracking sessions
You are using session_register. session_register requires register_globals to be on, which it hopefully is not in your environment. It also expects its argument to be a string which is the name of the variable you wish to store. You should instead use $_SESSION['uid'] = $row[0];
You should also read about SQL injection, a very serious and common security flaw that your code exhibits.
Here is a corrected version of your code:
<?php
session_start(); //it's fine to just do this by habit at the top of every page
$username = $_POST['username'];
//I added mysql_real_escape_string - please read about "sql injection", as it is a very serious and common problem!
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '".mysql_real_escape_string($username)."' AND `status`='Confirmed' ";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1) {
$result2 = mysql_query($query);
$row = mysql_fetch_row($result2);
$_SESSION['conf_code'] = $row[0];
//not sure if this is what you weree going for or not
$_SESSION['uid'] = $row[0];
header('location:profile.php?conf='.$row[0]);
}
else {
echo 'Wrong username';
}
Then in profile.php, to check if someone is logged in:
<?php
session_start();
if( ! isset($_SESSION['uid']))
//Not logged in!
if( $_SESSION['uid'] != $_GET['conf'])
//trying to access someone else's page!