If anyone can make a better title, please edit it.
The issue I am having is being unable to show the users name in their post. Quick snip of code.
if (isset($_SESSION['username']) )
{
$name = $_SESSION['username'];
}
else
{
$name = $_POST['name'];
}
How can I make it when the user posts it check to see if there is a session and then displays their name in their post.
There's nothing particularly wrong with what you've done here. Does $_SESSION['username'] actually have a value?
Also, make sure when you are working with sessions that you call session_start() before saving or pulling session data.
<?php
session_start();
$_SESSION['username'] = 'Greg';
if (isset($_SESSION['username']) )
{
$name = $_SESSION['username'];
}
Please try the following
session_start();
if (isset($_SESSION['username']) )
{
$name = $_SESSION['username'];
}
else
{
$name = $_POST['name'];
$_SESSION['username'] = $name;
}
Then reload the page, $_SESSION['username'] now should contain the user name
Garrett am i right in thinking your route is create $_SESSION['name'] first and regardless unless they have logged in if so the $_SESSION['name'] becomes $_SESSION['username']
If I am right and you are creating $_SESSION['username'] on login all you need to do is check if $_SESSION['name'] = $_SESSION['username'] and if it does unset it example:
// YOUR LOGIN CODE TO CHECK ASSUME SQL QUERY OF SOME DESCRIPTION AND 'true' IS YOUR RESULT and 'false' NOT A USER
if(true) {
$_SESSION['username'] = $result;
if($_SESSION['name'] && $_SESSION['name'] == $_SESSION['username'] ){
unset($_SESSION['name'])
}
// ACTION TO GO TO PAGE
} else {
// YOUR ERROR ACTION
}
Related
so am on way to save user data into session. I have set up first username and memberID which looks like working properly. but once I have added more details to save session won't read them in othter pages. Session starts in database connection. I don't know where is problem and hope for help from you guys. Thanks
if (password_verify($password, $row['password'])) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['memberID'] = $row['memberID'];
$_SESSION['email'] = $row['email'];
$_SESSION['avatar'] = $row['avatar'];
$_SESSION['loggedin_time'] = time();
return true;
}
Code I'am adding in php page:
<?php echo htmlspecialchars($_SESSION['email'], ENT_QUOTES); ?>
FIXED
My statement had only selecting memberID and username!!!
Always remember to use session_start(), to set or use it. Remember to do it in the top of your .PHP file.
First php page
session_start();
if (password_verify($password, $row['password'])) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['memberID'] = $row['memberID'];
$_SESSION['email'] = $row['email'];
$_SESSION['avatar'] = $row['avatar'];
$_SESSION['loggedin_time'] = time();
return true;
}
Another php page
session_start();
...
Note: if this isn't the case, you should try to do a var_dump() on the two variables, and see if there is any information stored in them.
Fixed.
Problem was that I had statement to select only memberID and username in my PDO!!!
I have some code that always is returning $aid=1 within an else/if statement. Can anyone help me figure out why this may be happening within the logic?
<?php
session_start();
require('includes/config.php');
if(!$user->is_logged_in()){ header('Location: login.php'); }
include_once("config.php");
if(isset($_SESSION['account_id'])) {
$aid = $_SESSION['account_id'];
} else if(isset($_POST['aid'])) {
$aid = $_POST['aid'];
} else if(isset($_GET['aid'])) {
$aid = $_GET['aid'];
} else {$aid='1';}
include_once('includes/top.php');?>
Quick background (if it helps)... This is for a login. Once a client signs in I am trying to get only their data within the database to show. I have all of the correct data being pulled, but I cannot get the logged in user to call in the correct account_id. If I were to change the last $aid=1 to $aid=2, then it would correctly pull all of account_id=2 information, but it would do it for every logged in person.
Any advice is greatly appreciated.
Thanks!
Below is the login function
<?php
require_once('includes/config.php');
if( $user->is_logged_in() ){ header('Location: main.php'); }
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: main.php');
exit;
} else {
$error[] = 'Invalid username/password or your account has not been activated.';
}
}
$title = 'Login';
require('layout/header.php');
?>
There is some html below the php that calls in the form. I can load that up if that helps too. Thanks!
Also, the account_id's are managed within the admin section. There is an associated account_id within the clients table of the database that specifies which account each user has.
If else condition page your are not post and get any data's so post and get method will not work. Then u need to make sure session is set or not. After that only u can able to find out the exact value of $aid.
I have session page with these code
session_start();
if (!isset($_SESSION['id'])){
header('location:order.php');
}
$ses_id = $_SESSION['id'];
I included it into my login page (order.php)
<?php include('session.php'); ?>
Here is the login scripts and functions
$username = clean($_POST['username']);
$password = md5($_POST['password']);
$apollos=$username;
$query=Login($username,$password);
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
$phone=$row['Contact_Number'];
DeleteActivation($username);
if ($count > 0) {
$_SESSION['id'] = $row['memberID'];
UserPin($username,$pin,$member);
$From='eFarms';
$Message='Your User Login Pin from St. Apollos eFarms is '.$pin;
die("<script>location.href = 'login_sms.php'</script>");
session_write_close();
} else {
session_write_close();
}
Here is my Pin Validation Page
<?php include('header.php'); ?>
pin = clean($_POST['pin']);
$query=CheckPin($username,$pin,$member);
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query)
if ($count > 0) {
$_SESSION['id'] = $row['memberID'];
die("<script>location.href = 'user_home.php'</script>");
session_write_close();
} else {
session_write_close();
}
Someone should please examine these codes, correct and show me how to receive the session to the USer Home Page as Username.
First, as provided by others, ur using very bad and insecure method !
Try to use PDO which is much easier (when u understand how it work) and it's much more secure !
Second, ur coding is not so clean, I think that's why u can't find the problem urself !
And finally, I think ur missing :
session_start();
in some part of ur code !
Before session start you have to check the session is already started or not like below in each script or in common script file.
if (!isset($_SESSION)) {
session_start();
}
Edited:
the above condition is not needed as it is checking internally as descripe in the documentation - http://php.net/manual/en/function.session-start.php
session_start();
When I try to display the username of a logged-in user I get 'Welcome, 1' where 1 should be the username of the person logged in.
This is my code in the members.php. The commented out line doesn't work either.
<?php
require_once('include.php');
?>
<?php
// echo "welcome, {$_SESSION['username']}";
$user = $_SESSION['username'];
echo "Welcome $user";
?>
The user is logged in, I wonder if I've made a mistake in the check-login page.
The code for the check_login page is:
<?php
require_once('include.php');
$username = trim($_POST['user']);
$password = trim($_POST['pass']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM user WHERE username='$username' and password='$password';";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count !== 0){
$_SESSION['logged-in'] = true;
header("location:members.php?user=$username");
exit;
}
else {
$_SESSION['logged-in'] = false;
header("location:login_again.php");
exit;
}
?>
which redirects to the members.php page upon successful login.
Anybody have any ideas why the username is '1' everytime?
Many thanks
there needs to be a session_start() somewhere at the top of your code
<?php session_start();
require_once('include.php');
?>
<?php
// echo "welcome, {$_SESSION['username']}";
$user = $_SESSION['username'];
echo "Welcome $user";
?>
you also need to set it before accessing it with session_start at the top of this file also
if($count>0){
$_SESSION['username']=$username;
$_SESSION['logged-in'] = true;
header("location:members.php?user=$username");
exit;
}
your code is open for sql injection attacks, Use prepared statements instead
In your check_login page I don't see either session_start and the code for saving username into session so that you can retrieve it on the other page.
In check_login page please add:
session_start();
at the start and then set:
$_SESSION['username'] = $username;
so that you can retrieve and display it on the other page.
Please check following points.
Make sure you set username in the Session variable.
From your code, I do not see any line like following:
$_SESSION['username'] = $username
Without setting, you can get nothing.
If you did session_start() before using $_SESSION variable.
session_start() is required function to be called if you gonna use $_SESSION variable.
I'm not very good at PHP and I have a little problem. I've been playing around with this script.
And I can't for the life of me figure out how to echo the username of a logged in user.
I tried to print all the information of the session like this:
var_dump($_SESSION)
but I just got the hashed password and the userlevel int.
Can someone maybe help me here? I just want to be able to echo the username.
You have to store the username in the session for it to be available on another page load, currently the script only stores these values in the session;
$_SESSION['loggedin'] = $row[$this->pass_column];
$_SESSION['userlevel'] = $row[$this->user_level];
What you have to do is add the $username to the session that is passed into the login function, like below;
$_SESSION['username'] = $username;
The username will now be stored in the session with the key username.
To be able to use it on another page, make sure that before attempting to use it you initiate the session by calling the function session_start().
Basically, just write it inside like
session_start();
echo $_SESSION['username'];
or
echo $_SESSION['password'];
A brief explanation of how sessions work.
first you start the session and assign any value to a session ex:
session_start();
$_SESSION['username'] = 'john';
then echoing works like:
echo $_SESSION['username']; // will echo out 'jonh'
note session_start() must be shared in-between the pages you want to use the session
You have session_start(); on top ?
In the login function you should write the username to the session after a successful login.
//instantiate if needed
include("class.login.php");
$log = new logmein();
$log->encrypt = true; //set encryption
if($_REQUEST['action'] == "login"){
if($log->login("logon", $_REQUEST['username'], $_REQUEST['password']) == true){
//do something on successful login
$_SESSION['username'] = $_REQUEST['username'];
}else{
//do something on FAILED login
}
}
<?php
include('db.php');
session_start();
$name=$_POST['name'];
$password=$_POST['password'];
echo $sql="SELECT * FROM register WHERE (name='$name' OR email='$name') AND password='$password'";
$result=mysqli_query($conn,$sql);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0)
{
$_SESSION['user']=mysqli_fetch_assoc($result);
$row = $_SESSION['user'];
$role = $row['role'];
if($role == 1)
{
header('location:usermanagement.php');
}
else{
header('location:user.php');
}
}
else
{
echo "Wrong Username or Password";
header('location:login.php');
}
$conn->close();
?>