0

So like the title says, $_SESSION['login_user'] returns undefined yet the login form still works. I use $_SESSION['login_user'] after login to store the persons username to use for headings ect. Here is the code below.

index.php

<?php
include('login.php'); // Includes Login Script
if (isset($_SESSION['login_user'])) {
    header("location: profile.php"); // Redirecting To Profile Page
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <title>Login Form in PHP with Session</title>
    <link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="login">
    <h2>Login Form</h2>
    <form action="login.php" method="post">
        UserName : <input id="name" name="username" placeholder="username" type="text">
        Password : <input id="password" name="password" placeholder="**********" type="password"><br><br>
        <input name="submit" type="submit" value="Login">
        <span><?php echo $error; ?></span>
    </form>
</div>
</body>
</html>

login.php

<?php
session_start(); // Starting Session
$error = ''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else{
// Define $username and $password
$username = $_POST['username'];
$password = $_POST['password'];
// mysqli_connect() function opens a new connection to the MySQL server.
$conn = mysqli_connect("localhost", "root", "", "sports world");
// SQL query to fetch information of registerd users and finds user match.
$query = "SELECT Username, Password from login where Username=? AND Password=? LIMIT 1";
// To protect MySQL injection for Security purpose
$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if($stmt->fetch()) //fetching the contents of the row {
$_SESSION['login_user'] = $username; // Initializing Session
header("location: profile.php"); // Redirecting To Profile Page
}
mysqli_close($conn); // Closing Connection
}

session.php

<?php
// mysqli_connect() function opens a new connection to the MySQL server.
$conn = mysqli_connect("localhost", "root", "", "sports world");
session_start();// Starting Session
// Storing Session
$user_check = $_SESSION['login_user'];
// SQL Query To Fetch Information Of User
$query = "SELECT Username from login where Username = '$user_check'";
$ses_sql = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($ses_sql);
$login_session = $row['Username'];

profile.php

<?php
include('session.php');
if(!isset($_SESSION['login_user'])){
header("location: index.php"); // Redirecting To Home Page
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
    <link href="Main.css" rel="stylesheet" type="text/css">
    <link href="Shop.css" rel="stylesheet" type="text/css">
    <script src="Main.js" type="text/javascript"></script>
    <script>
        sessionStorage.setItem('status','loggedIn');
        sessionStorage.setItem('username','<?php echo $_SESSION['login_user']; ?>');
        sessionStorage.setItem('Fname', 't');
    </script>
</head>
<body onload="myFunctionH(); bttn();">
<section id="header">
    <div class="header">
        <h1>Sports World</h1>

    </div>
    <div class="MainMenu">
        <a href="Home.php" >Home</a>
        <a href="Shop.php" >Shop</a>
        <a href="Contact.php">Contact Us</a>
        <a href="Cart.php" style="float: right">Cart</a>
        <input class="active button button3" id="b1" onclick="dest();" type=button>
    </div>

</section>

<!--
<div id="">
<b id="">Welcome : <i><?php /*echo $_SESSION['login_user']; */?></i></b>
<b id=""><a href="logout.php">Log Out</a></b>
</div>
-->

<section id="row" >
    <div class="column2">
            <div class="column4">
                <div class="card3">

                    <h1>Your Profile</h1>
                    <h4 id="name" style="margin: 0; padding: 0;" class=""> Name: Thomas Shields </h4>
                    <h4 id="user" style="margin-bottom: 7%; margin-top: 0; padding: 0;" ></h4>

                    <button onclick="myFunctionH()" class="p.dashed">Dashboard</button>
                    <button onclick="myFunctionH()" class="p.dashed">Orders</button>
                    <button onclick="myFunctionH()" class="p.dashed">Addresses</button>
                    <button onclick="myFunctionS()" style=" border-style: solid none solid none;" class="p.dashed">Account Details</button>

                    <div id="myDIV">
                    <div class="column6">
                        <div class="">
                            <input type="submit" name="change_details" style="margin-top:0;" class="btn btn-success" value="Change Details"/>
                        </div>
                    </div>
                    </div>

                </div>
            </div>

        <div class="column3">
            <div class="card3">
            </div>
        </div>


</section>
<section id="row">

</section>
</body>
</html>

main.js

function bttn() {
    let elem = document.getElementById("b1");

    if (sessionStorage.getItem('status') === null) {
        elem.value = "Login"
    }
    if (sessionStorage.getItem('status') !== null) {
            elem.value = "View Account";
        }
    }

    if (sessionStorage.getItem('status') === "loggedIn") {
        let us = sessionStorage.getItem('username');
        document.getElementById("user").innerHTML = "Username:  " + us;
    }

function dest() {
    if (sessionStorage.getItem('status') === null) {
        window.location.href='index.php'
    } else if (sessionStorage.getItem('status') !== null){
        window.location.href='profile.php'
    }
}

window.onbeforeunload = function(){
    sessionStorage.setItem('status',' ');
};


function myFunctionH() {
    let x = document.getElementById("myDIV");
        x.style.display = "none";
}

function myFunctionS() {
    let x = document.getElementById("myDIV");
    if (x.style.display === "none") {
        x.style.display = "block";
    }
}

I've being trying different things for ages but i just can't get it to work. Note: it did work in a previous version and when comparing the versions nothing seems different...

Cheers

Thomas Shields
  • 26
  • 8
  • I can see that you include login.php but your form is submiting to what? action is empty. – MadeInDreams Apr 22 '20 at 02:37
  • Because login.php is the only inclusion it automatically chooses that but ill add it just for reference – Thomas Shields Apr 22 '20 at 03:51
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Apr 22 '20 at 12:10
  • Thanks for that, however this is just a project i'm doing for fun to learn which isn't actually going anywhere :) – Thomas Shields Apr 28 '20 at 02:23

1 Answers1

0

So, i simply changed $_SESSION['login_user'] to $_SESSION['login_user2'] for all of them and it fixed the problem ¯_(ツ)_/¯. No idea what was causing it.

Thomas Shields
  • 26
  • 8