Login form not working after changing session variable storage from all to individual

Question

Beginner here. I changed my login form from

$q = "SELECT id, fname, lname FROM users WHERE (username='$username' AND password=SHA1('$password'))";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc));

if (@mysqli_num_rows($r) == 1) {
    $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
    mysqli_free_result($r);
    mysqli_close($dbc);

    $url = BASE_URL . (isset($_SESSION['redirect']) ? $_SESSION['redirect'] : 'index.php');
    unset($_SESSION['redirect']);
    ob_end_clean();
    header("Location: $url");
    exit();
} else {
    echo 'Message';
}

to this

$q = "SELECT id, fname, lname FROM users WHERE (username='$username' AND password=SHA1('$password'))";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($dbc));

if (@mysqli_num_rows($r) == 1) {
    $row = mysql_fetch_assoc($r);
    $_SESSION['id'] = $row['id'];
    $_SESSION['fname'] = $row['fname'];
    $_SESSION['lname'] = $row['lname'];
    mysqli_free_result($r);
    mysqli_close($dbc);

    $url = BASE_URL . (isset($_SESSION['redirect']) ? $_SESSION['redirect'] : 'index.php');
    unset($_SESSION['redirect']);
    ob_end_clean();
    header("Location: $url");
    exit();
} else {
    echo 'Message<p>';
}

And the login form is no longer working. So, I basically changed my form from setting all rows as session variables to individually setting rows as session variables. I needed to do this so the redirect would work. Not sure if I've incorrectly set the session variables or what the problem is but I can no longer log in using the form (on submit the page just refreshes without logging the user in).

EDIT: Solution to this problem is posted below. It was to replace

$row = mysql_fetch_assoc($r);

with

$row = mysqli_fetch_array ($r, MYSQLI_ASSOC);

According to this post, mysql_fetch_array( $result, MYSQL_ASSOC ) = mysql_fetch_assoc( $result ). However, login didn't work when the switch was made when it should have.

If `$_SESSION['redirect']` is supposed to come from the database, too, then you neglected to set that individually as well. Apart from that - where is the part where you actually decide whether a user is logged in or not? — CBroe, Oct 11 '17 at 03:08
@CBroe the $_SESSION['redirect'] is set on a different page so the user is redirected to that page after logging in (the user goes to the page and is redirected to log in page, and after logging in is redirected back to the page he was on before). I don't understand by what you mean by 'where you actually decide whether a user is logged in or not'.. — Qwerty, Oct 11 '17 at 03:10
Possible duplicate of [What is the difference between MySQL, MySQLi and PDO?](https://stackoverflow.com/questions/2190737/what-is-the-difference-between-mysql-mysqli-and-pdo) — CBroe, Oct 11 '17 at 15:32

score 0 · Answer 1 · answered Oct 11 '17 at 03:30

0

Not sure why this worked, but the solution was to replace

$row = mysql_fetch_assoc($r);

with

$row = mysqli_fetch_array ($r, MYSQLI_ASSOC);

Anyone with an explanation would be appreciated!

answered Oct 11 '17 at 03:30

Qwerty

75
8

Login form not working after changing session variable storage from all to individual

1 Answers1