Login Using Session in php and mysql

Question

I have just finished creating an entire login and register systsem in PHP, but my problem is I haven't used any sessions yet. I'm kind of a newbie in PHP and I've never used sessions before. Want to log in with session and some if errors in code cannot go to the dashboard page help me to solve this problem.

<?php
session_start();
error_reporting(0);
include('config.php');
if(isset($_POST['submit']))
{
$result = mysqli_query($dbh,"SELECT * FROM users WHERE email='" . $_POST["email"] . "' and password = '". $_POST["password"]."'");
$row  = mysqli_fetch_array($result);
if(is_array($row)) {
$_SESSION["id"] = $row[id];
$_SESSION["username"] = $row[username];
} else {
$message = "Invalid Email or Password!";
}
}
if(isset($_SESSION["id"])) {
header("Location:dashboard.php");
}
?>

Want to log in with session and some if errors in code cannot go to the dashboard page help me to solve this problem.

It seems like you have saved your php file in [BOM](https://www.hesk.com/knowledgebase/index.php?article=87) — Zain Farooq, May 24 '19 at 10:17
Follow instructions [here](https://www.hesk.com/knowledgebase/index.php?article=87) — Zain Farooq, May 24 '19 at 10:22
BTW you have missed single quotes here `$row[id];` and here `$row[username];` — Zain Farooq, May 24 '19 at 10:24
They should look like as `$row['id'];` and `$row['username'];` — Zain Farooq, May 24 '19 at 10:24
**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, May 24 '19 at 11:24
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, May 24 '19 at 11:25

Pradeep Singh · Answer 1 · 2019-09-28T13:37:16.530

1

 <input type="password" name="pass" class="form-control" placeholder="Password">

pass should be password. I mean your frontend html doesn't confirm with php . Use this instead

 <input type="password" name="password" class="form-control" placeholder="Password">

edited Sep 28 '19 at 13:37

answered May 24 '19 at 10:26

Pradeep Singh

432
5
11

No both are different – Krishnan R May 24 '19 at 11:38
Can this solve your problem...https://www.w3schools.com/php/func_mysqli_fetch_array.asp – Pradeep Singh May 25 '19 at 23:23
Instead of using "Select * ...." please use "Select id,username, email, password from ...". This confirms the ordering of the fields, incase you use index. Further if you have access to phpMyAdmin in your localhost try a sample query like this there. "Select * from users;". Because it is difficult to guess what you know and what you don't, it's difficult to find where the exact problem is. – Pradeep Singh May 26 '19 at 00:38

score 1 · Answer 2 · answered May 24 '19 at 10:29

1

You are passing constants in the indexes of the array $row. Change your code from this

$_SESSION["id"] = $row[id];
$_SESSION["username"] = $row[username];

To this

$_SESSION["id"] = $row['id'];
$_SESSION["username"] = $row['username'];

Your code is wide open to sql injection. I recommend you to use prepared statements as you are a newbie so its better for you to spend your energies in the right direction

answered May 24 '19 at 10:29

Zain Farooq

2,956
3
20
42

Ok.. See error logs and tell us what error you are getting – Zain Farooq May 24 '19 at 10:33
After `$row = mysqli_fetch_array($result);` put this code `print_r($row);die();` and show the results here – Zain Farooq May 24 '19 at 10:34

Login Using Session in php and mysql

2 Answers2