-2

I'm having problem with starting a session in PHP. By looking around I wrote some code that should work but it doesnt. Can you please help me out because I don't know what's wrong here. This is my loging.php page

    <?php

$host = "localhost";
$user = "usern";
$password = "gtest123";
$db = "test";
$errore = "Login info are wrong!`enter code here`";

mysql_connect($host,$user,$password);
mysql_select_db($db);

if(isset($_POST['username'])){

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql = "select * from utenti where username = '".$username."' AND Password = '".$password."' limit 1";

    $result = mysql_query($sql);

        if(mysql_num_rows($result)==1){
            $_SESSION['username'] = $username;
            header("location:index.php");
        }

        else{
            echo "" .$errore;
        }`enter code here`
}

    ?>

I than have my db with users on phpmyamin and the login it's working. The problem is when I load the index.php page.

<?php
    session_start();
    echo "Welcome" .$_SESSION[''];
?>
<html>
all the html code

I start this session because I want to be able to see which user do certian function in the website. However I get this error message: Notice: Undefined index: I know what the error means but I don't know how to fix it, any help?

TheNoobUser
  • 406
  • 1
  • 5
  • 17
  • 1
    `echo "Welcome" .$_SESSION['username'];` – Zain Farooq Oct 15 '18 at 08:32
  • 4
    You need to call `session_start` on _every_ page. Right now, inside your login.php, you are trying to stuff items into a session you have not even started at this point. – misorude Oct 15 '18 at 08:33
  • You should define what Session you want to show. Try `$_SESSION['username']` – ibnɘꟻ Oct 15 '18 at 08:34
  • 4
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** it is deprecated and has been for years and is gone for ever in PHP7.0+. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Oct 15 '18 at 08:35
  • _Small Point_ `phpMyAdmin is a tool written in PHP to make fiddling with you **MYSQL** database easier then having to use the command line. So MYSQL is a database and `phpMyAdmin` is just a tool – RiggsFolly Oct 15 '18 at 08:37

2 Answers2

0

Use session_start() in every page where you want to work with sessions and as you are setting $_SESSION['username'] in loging.php page so you need to change

echo "Welcome" .$_SESSION[''];

with

echo "Welcome" .$_SESSION['username'];

In this way, you will be able to get the session of username in index.php which you have set in loging.php page

Zain Farooq
  • 2,956
  • 3
  • 20
  • 42
0

So, firstly, I see you're using mysql_connect, which is a deprecated function because it's not secure at all, and it's replaced by mysqli_connect http://php.net/manual/en/book.mysqli.php for documentation. For even better security, and to protect against sql injection, you should use PDO, or prepared statements. In this example though, I have stuck to using mysqli because it's less of a learning curve.

Secondly, $_SESSION will only work if you first initialise the session using session_start(). This will have to be done on every page that you wish to read or write session data from.

<?php

    //Since this page writes to a session, initialise it here
    session_start();

    //The values to connect to the database with
    $host = "localhost";
    $user = "usern";
    $password = "gtest123";
    $db = "test";

    //Create a new mysqli connection to the database
    $conn = mysqli_connect($host, $user, $password, $db);


    //This is the error message that's displayed on unsuccessful login
    $error = "Login info are wrong!`enter code here`";

    //This is the error message if the username is not specified
    $errorNoUsername = "You have not specified a username";

    /**
    *  Now that we're using mysqli_connect(), we don't need this code.
    *  mysql_connect($host,$user,$password);
    *  mysql_select_db($db);
    **/

    //See if the user has submitted the form with the username parameter
    if(isset($_POST['username'])){
        //If they have, shortname the variable for username and password
        $userUsername = $_POST['username'];
        $userPassword = $_POST['password'];

        //Build your select query. In production, you should use PDO or Prepared Statements to protect against injection
        //I've removed your LIMIT 1 from the query, because I see you're checking for a distinct match later on with mysqli_num_rows==1
        $sql = "SELECT * FROM utenti WHERE username='".$userUsername."' AND Password = '".$userPassword."'";

        //run the query on the connection created earlier
        $result = mysqli_query($conn, $sql);

        //Check if there's a distinct match
        if(mysqli_num_rows($result)==1){
            //There is, good, initialise session with the user data
            $_SESSION['username'] = $userUsername;

            //Reload to your index.php page
            header("location:index.php");
        } else {
            //Display the error message
            echo $error;
        }
    } else {
        echo $errorNoUsername;
    }
?>

So now that we've done that, assuming a successful login, we have redirected the user back to index.php, since we are reading from session data, we need to initialise the session again, using session_start();, which you've already done, but your key $_SESSION[''] doesn't exist, so there is an error. Here, I have corrected.

<?php
    session_start();
    echo "Welcome, " . $_SESSION['username']; //Added keyname
?>
<html>
    all the html code
</html>
Harvey Fletcher
  • 1,167
  • 1
  • 9
  • 22