1

I recently learned how to make login systems with PHP and MYSQL. I decided to make one for my site. The user signs up with email, password, first name, and last name. I wanted to make a greeting say "My greetings, " and then their name. I could save the names in a session, but I am wondering why my method doesn't completely work. It works every time EXCEPT right after registration. This is the complete signup code:

$error = "";

include("loginsession.php");


    if(array_key_exists("id", $_SESSION)){

        header("Location: index.php");

    }

if(array_key_exists("submit", $_POST)){

    include("connection.php");//database connection



    $email = $_POST['email'];

    $password = $_POST['password'];

    $firstName = $_POST['firstname'];

    $lastName = $_POST['lastname'];

    $query = "SELECT * FROM users WHERE email='".mysqli_real_escape_string($link, $email)."'";

    $result = mysqli_query($link, $query);

    if(mysqli_num_rows($result) > 0){

        $error =  "<div class='alert alert-danger' role='alert'><strong>Error:<br><br></strong>This email already exists.<hr></div>";

    }else{

        $query = "INSERT INTO users(firstname, lastname, email, password) VALUES('".mysqli_real_escape_string($link, $firstName)."', '".mysqli_real_escape_string($link, $lastName)."', '".mysqli_real_escape_string($link, $email)."', '".mysqli_real_escape_string($link, $password)."')";

        mysqli_query($link, $query);

        $query = "UPDATE users SET password = '".md5(md5(mysqli_insert_id($link)).$password)."' WHERE id=".mysqli_insert_id($link)."";

        mysqli_query($link, $query);


    $_SESSION['id'] = mysqli_insert_id($link);//where the issue originates
    if(isset($_POST['check']) && $_POST['check']=='true'){

        setcookie("id", mysqli_insert_id($link), time() + 60*60*24*365);

    }
    header("Location: index.php");

    }        

}

On the index page, this is what I do:

    session_start();
    if(array_key_exists('id', $_COOKIE)){

        $_SESSION['id'] = $_COOKIE['id'];   

    }


    $greeting = "";

        if(array_key_exists('id', $_SESSION)){

            include("connection.php");//just the login to the database

            $query = "SELECT * FROM users WHERE id = ".$_SESSION['id'];

            $results = mysqli_query($link, $query);

            $row = mysqli_fetch_array($results);

        $greeting = "My greetings, ".$row['firstname']." ".$row['lastname'];//add name to greeting variable

        }

Later in the code:

<p id="greeting">
    <?php echo $greeting; ?>
</p>

The right name shows up after logging in, but never after signing up, even if I reload the page. What shows up instead of "My greetings, firstname lastname" is "My greetings, ". It is like the database found no name for that particular id.

How can I have the correct result right after registering. If you need any other code from the signup or login process, please tell me and I will post it. If anyone wants to try this for themselves, my website is here.

shurup
  • 751
  • 10
  • 33
  • @chris85 Doesn't mysqli_insert_id do it? Correct me if I am wrong - It stores the ID of the most recently added user. I save the most recent ID to the session. I might do sessions for the name as well if what I am doing now doesn't work. – shurup Aug 01 '16 at 00:48
  • 1
    Yea, missed the way this code was structured on the first read. Still not sure I get it all though. This is open to SQL injections though. Anything in cookies can be changed by the user. – chris85 Aug 01 '16 at 00:57
  • what's the value that was inserted in db and compared with what you have in your first body of code that you posted, then what the value is for the session array for the other one? post the var_dump for both, check for errors via error reporting and possibly MySQL also. – Funk Forty Niner Aug 01 '16 at 02:10

1 Answers1

1

I didn't test your code but I think it's because the session is not started yet when after the signs up. Try adding session_start(); in the first line of your first code.

someone
  • 425
  • 8
  • 16
  • 1
    well, I think the problem is the value returned by `mysqli_insert_id`. As per the PHP manual states, _it returns the auto generated id used in the last query_. Please check other queries executed after inserting the data in the database. – someone Aug 01 '16 at 01:01
  • 1
    Plese read [this one](http://stackoverflow.com/questions/15332250/why-is-mysqli-insert-id-always-returning-0) also. – someone Aug 01 '16 at 01:03
  • I posted the full registration code. It seems like I set the id to the session right after I hash the password of the user in an update statement. I have no problems with the first insert_id, but the second one doesn't work. – shurup Aug 01 '16 at 14:17
  • What fixed my problem is after the INSERT query, save the mysqli_insert_id to a variable. That way, it never goes away. – shurup Aug 01 '16 at 14:21
  • @NickSolonko What you said in comments here that solved the question, goes against what you posted and said the session was started everywhere and the answer doesn't reflect that; it doesn't "solve" the question. You're sending the wrong signal here. – Funk Forty Niner Aug 01 '16 at 19:21