Trouble storing a session variable

Question

I have a log in script that currently stores 2 variables a valid variable and a username variable. I am now trying to add in a name variable so I have altered the MySQL query to get the name from the database and have tried to store the name in a session variable but for some reason its just not storing it. Probably best just to show you the script, I have been studying PHP for only 2 months so I really appreciate your help.

<?php
ob_start(); // Start output buffering

session_start(); //must call session_start before using any $_SESSION variables3
$_SESSION['username'] = $username;

function validateUser($username)
{

    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] = 1;
    $_SESSION['username'] = $username;
    $_SESSION['name'] = $userData['name'];
}

      $username = isset($_POST['username'])?$_POST['username']:'';
     $password = isset($_POST['password'])?$_POST['password']:'';

//connect to the database here

$hostname_Takeaway = "localhost";
$database_Takeaway = "diningtime";
$username_Takeaway = "root";
$password_Takeaway = "root";
$Takeaway = mysql_pconnect($hostname_Takeaway, $username_Takeaway, $password_Takeaway) or trigger_error(mysql_error(),E_USER_ERROR); 
mysql_select_db($database_Takeaway, $Takeaway);

$username = mysql_real_escape_string($username);

$query = "SELECT name, password, salt FROM admin_users WHERE username = '$username';";

$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result) < 1) //no such user exists
{
    header('Location: http://localhost/diningtime/admin-home.php?login=fail');

    die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) //incorrect password


{
    header('Location: http://localhost/diningtime/admin-home.php?login=fail');

    die();
}
else
{

   validateUser($username); //sets the session data for this user
}
//redirect to another page or display "login success" message
header('Location: http://localhost/diningtime/main');
die();




//redirect to another page or display "login success" message


?>

Answer 1

Lots of mistakes here.

<?php
ob_start(); // Start output buffering

session_start(); //must call session_start before using any $_SESSION variables3
$_SESSION['username'] = $username;

from where $username came?

 $username = isset($_POST['username'])?$_POST['username']:'';
 $password = isset($_POST['password'])?$_POST['password']:'';

Now you are checking for its existance.

    $Takeaway = mysql_pconnect($hostname_Takeaway, $username_Takeaway, $password_Takeaway) or trigger_error(mysql_error(),E_USER_ERROR); 
mysql_select_db($database_Takeaway, $Takeaway);

mysql_* deprecation process has started. not related to your problem but worth to mention

then comes validateUser($username); //sets the session data for this user

Now you are calling the function. Let's take a look into the function.

function validateUser($username)
{

    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] = 1;
    $_SESSION['username'] = $username;
    $_SESSION['name'] = $userData['name'];
}

You passed $username as parameter but from where $userData['name'] will come? (For scope, refer to MarcBs solution)

So yuu have lot to figure out.

Answer 2

Your validateUser function doesn't get values from $userData array, you need to have another agument in it, like

function validateUser($username, $name)

and then pass those values from your code, or you could move the mysql authentication inside this function and then it will work. Generally, a function doesn't recognize any variable which you define outside of that function.

P.S. What should the fifth line

$_SESSION['username'] = $username;

do? I'm suspecting it from being utterly useless in that place :-)

Answer 3

Your validateUser() function does not have a $userData variable in scope, so you're assigning NULL to $_SESSION['name'].

Either make $userData be a global so it becomes visible in the function's scope, or pass it as an argument:

function validateUser($user, $userData) {
                             ^^^^^^^^^-- pass as arg
   global $userData;
   ^^^^^^^^^^^^^^^^^--- bring var in-scope
   ...
   $_SESSION['name'] = $GLOBALS['userData']['name'];
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^--- refer to global scope
}

Any one of these 3 options would solve the problem (just don't do all three at the same time)