Peter Georges Bou Saada
Reputation: 88
php $_SESSION['id'] is causing errors
index.php :
<?php
session_start();
require 'res/connection.php';
if($_SESSION['id'] !== null){
header("Location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Welcome to the members section, Login or Register</title>
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<script src="js/fadein.js"></script>
<link rel="stylesheet" type="tex/css" href="css/master.css"/>
<link rel="stylesheet" type="tex/css" href="css/form.css"/>
</head>
<body>
<div class="container loginbdy">
<div class="row">
<div class="col-lg-12 loginform">
<form action="" method="post" class="form">
<h2>Log In :</h2>
<label name="username-label">Username :</label>
<input class="form-control" type="text" placeholder="Your username" name="username" id="username" maxlength="120"/>
<label name="password-label">Password :</label>
<input class="form-control" type="password" placeholder="Your password" name="password" id="password" maxlength="35"/></br>
<input type="submit" class="btn btn-default" value="Log In" name="submit" /></br>
<p>Not a member yet ? <a href="register.php" ><i><b>register</b></i></a></p>
</form>
</div>
<div class="col-lg-3 errorlogin">
<?php
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
if(empty($username)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> username is empty.
</div>
';
}elseif(empty($password)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> password is empty.
</div>
';
}else{
$result = mysqli_query($con,"SELECT * FROM `users` WHERE `username` = '$username'");
$row_cnt = mysqli_num_rows($result);
if($row_cnt === 0){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> The username you tried to login with doesn\'t exist, would you like to <a href="register.php">register</a> it ?
</div>
';
}else{
$row = mysqli_fetch_array($result);
$userpassword = $row['password'];
$salt = $row['salt'];
$id = $row['user_id'];
$hashedpassword = crypt($password,$salt);
if($hashedpassword === $userpassword){
$_SESSION['id'] = $id;
echo "
<div class=\"alert alert-success\">
<strong>Session has been set</strong> you are now logged in! your user id is "; echo $_SESSION['id']; echo '
</div>
';
$user_id = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'");
$row = mysqli_fetch_array($user_id);
$id = $row['user_id'];
$firstname = $row['first name'];
$lastname = $row['last name'];
$semail = $row['email'];
$susername = $row['username'];
$spaid = $row['paid'];
$sdate = $row['date_created'];
$sconfirmed = $row['confirmed'];
$_SESSION['id'] = $id;
$_SESSION['fname'] = $firstname;
$_SESSION['lname'] = $lastname;
$_SESSION['email'] = $semail;
$_SESSION['username'] = $susername;
$_SESSION['paid'] = $spaid;
$_SESSION['date'] = $sdate;
$_SESSION['confirmed'] = $sconfirmed;
header('Location: profile.php');
}else{
echo '
<div class="alert alert-danger">
<strong>Error!</strong> The username or password you entered is incorrect!
</div>
';
}
}
}
}
?>
</div>
</div>
</div>
</body>
</html>
register.php :
<?php
session_start();
require 'res/connection.php';
if($_SESSION['id'] !== null){
header("Location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Welcome to the members section, Login or Register</title>
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<link rel="stylesheet" type="tex/css" href="css/master.css"/>
<link rel="stylesheet" type="tex/css" href="css/form.css"/>
</head>
<body background="res/background.jpg">
<div class="container">
<div class="row">
<div class="col-lg-9 registerform">
<?php
?>
<form action="" method="post" class="form">
<h2>Register :</h2>
<label name="lname-label">First Name :</label>
<input class="form-control" type="text" placeholder="Your First Name" name="fname" id="fname" maxlength="100" tabindex="1" autofocus />
<label name="lname-label">Last Name :</label>
<input class="form-control" type="text" placeholder="Your Last Name" name="lname" id="lname" maxlength="100" tabindex="2" />
<label name="username-label">Username :</label>
<input class="form-control" type="text" placeholder="Your desired Username" name="username" id="username" maxlength="24" tabindex="3" />
<label name="email-label">Email :</label>
<input class="form-control" type="email" placeholder="Your Email address" name="email" id="email" maxlength="120" tabindex="4" />
<label name="password-label">Password :</label>
<input class="form-control" type="password" placeholder="Your desired password" name="password" id="password" maxlength="35" tabindex="5" />
<label name="repassword-label">re enter Password :</label>
<input class="form-control" type="password" placeholder="Your password again" name="repassword" id="repassword" maxlength="35" tabindex="6" />
<label name="type-label">i am here to :</label></br>
<select name="type" class="form-control" tabindex="7" >
<option>develop websites</option>
<option>hire a developer</option>
</select>
</br>
<input type="submit" class="btn btn-default" value="Register" name="submit" /></br>
<p>already a member ? <a href="index.php" ><i><b>Log In</b></i></a></p>
</form>
</div>
<div class="col-lg-3 errorlog">
<?php
/* if submit button is clicked start the registration */
if(isset($_POST['submit'])){
/* get all the values from the textboxes */
$fname = mysqli_real_escape_string($con,$_POST['fname']);
$lname = mysqli_real_escape_string($con,$_POST['lname']);
$username = mysqli_real_escape_string($con,$_POST['username']);
$email = mysqli_real_escape_string($con,$_POST['email']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$password_verification = mysqli_real_escape_string($con,$_POST['repassword']);
$type = mysqli_real_escape_string($con,$_POST['type']);
$paid = false;
/* form validation */
if(empty($fname)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> first name is empty.
</div>
';
}else if(empty($lname)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> Last name is empty.
</div>
';
}else if(empty($username)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> Username is empty.
</div>
';
}else if(0 === preg_match("/.+@.+\..+/",$email)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> The email you entered is invalid.
</div>
';
}else if(0 === preg_match("/.{6,}/",$password)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> Passwords has to be atleast 6 characters long.
</div>
';
}else if($password !== $password_verification){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> The passwords you entered do not match.
</div>
';
}else if(empty($type)){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> You can be eithere a developer or a host
</div>
';
}else{
$query = "SELECT * FROM users WHERE username = '$username'";
$equery = "SELECT * FROM users WHERE email = '$email'";
if($result = mysqli_query($con,$query)){
$row_cnt = mysqli_num_rows($result);
if($row_cnt > 0){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> This username is already taken!
</div>
';
}else if ($eresult = mysqli_query($con,$equery)){
$erow_cnt = mysqli_num_rows($eresult);
if($erow_cnt > 0){
echo '
<div class="alert alert-danger">
<strong>Error!</strong> This email is already registered!
</div>
';
}else{
$salt = rand(100 , 999) . rand(100 , 999) . rand(1000 , 9999);
$hashedpassword = crypt($password,$salt);
if($type === "develop websites"){
$type="developer";
}else if($type === "hire a developer"){
$type="owner";
}else{
echo'
<div class="alert alert-danger">
<strong>Error!</strong> you can only be an owner or a developer
</div>
';
}
$date = date("m/d/Y h:i:sa");
$confirm = false;
$confirmation_code = rand(100,999) . "-" . rand(100,999);
$insertion = mysqli_query($con,"INSERT INTO `users` (`first name`, `last name`, `email`, `password`, `username`, `salt`, `type`, `paid`, `date_created`, `confirmed`,`confirmation_code`) VALUES ('$fname','$lname','$email','$hashedpassword','$username','$salt','$type','0','$date','$confirm','$confirmation_code')");
if($insertion){
echo "
<div class=\"alert alert-success\">
<strong>Success</strong> your account has been successfully created!
</div>
";
$user_id = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'");
$row = mysqli_fetch_array($user_id);
$id = $row['user_id'];
$firstname = $row['first name'];
$lastname = $row['last name'];
$semail = $row['email'];
$susername = $row['username'];
$spaid = $row['paid'];
$sdate = $row['date_created'];
$sconfirmed = $row['confirmed'];
$sconfirmation_code = $row['confirmation_code'];
$_SESSION['id'] = $id;
$_SESSION['fname'] = $firstname;
$_SESSION['lname'] = $lastname;
$_SESSION['email'] = $semail;
$_SESSION['username'] = $susername;
$_SESSION['paid'] = $spaid;
$_SESSION['date'] = $sdate;
$_SESSION['confirmed'] = $sconfirmed;
$_SESSION['confirmation_code'] = $sconfirmation_code;
if($user_id){
echo "
<div class=\"alert alert-success\">
<strong>Session has been set</strong> you are now logged in!
</div>
";
echo"<script>
setTimeout(function () {
window.location.href = 'profile.php';},8000);
</script>";
echo "
<div class=\"alert alert-info\">
<strong>Thank you!</strong> in 8 seconds you will be redirected to your new profile
</div>
";
}else{
echo "
<div class=\"alert alert-danger\">
<strong>Failed</strong> your account has been created, but we were unable to log you in, you will have to do this manually <A href=\"index.php\">here</a>
</div>";
}
}else{
echo "
<div class=\"alert alert-danger\">
<strong>Failed</strong> your account has not been created, something went wrong
</div>";
}
}
}
}
}
}
?>
</div>
</div>
</div>
</body>
</html>
now the thing is that once u go to login or register it checks if you have a session ongoing by checking this :
if($_SESSION['id'] !== null){
header("Location: profile.php");
}
but it is returning an error saying :
Notice: Undefined index: id
i understand that the error is because the session is not set so the variable $_SESSION['id'] is not set which is causing this error, what i would like to know is if there is another way around this that does not include the use of cookies, because i am storing user info, and cookies are not safe in that case
i tried using session_id(), but whenever you start a session the session_id() is automatically set. so it will always redirect to profile.php even if your not logged in
ps : i know my php is not very neat and tidy, i am still new at php, so any comments about improving it will be much appreciated
Upvotes: 1
Views: 155
Answers (4)
Umar A.
Reputation: 11
if(isset($_SESSION['id'])){
header("location: profile.php");
}
In php isset() is used to check that id is set or not.
Upvotes: 0
Abhishek Sharma
Reputation: 6661
Try isset :-
if(isset($_SESSION['id'])){
header("Location: profile.php");
}else{
echo 'session is not set';die;
}
Upvotes: 2
Sahith Vibudhi
Reputation: 5205
<?php
Session_start();
if(isset($_SESSION['id'])
Do what you wanna do
?>
You can use isset() to see if id is set or no.
Upvotes: 2
Philipp
Reputation: 15629
Use isset!
if (isset($_SESSION['id'])) {
// ..
}
Isset checks if the var/index is defined, so this would work perfectly for you.
Keep in mind, there's an difference between isset and !empty. isset only checks, if the var is defined, !empty does some more test, like $var !== false, $var !== array(), $var !== '0', $var !== 0, etc..
This probably doesn't matter in your case(except, you have an allowed id=0), but is always good to know.
Upvotes: 2
Related Questions
- How to get started with session id's in PHP and MySQL?
- PHP Session and Cookie error in my Admin login page
- Session not being saved as id
- PHP - why can't I get rid of this session id cookie?
- PHP - session_id does not point the the right session_name
- session_id() error
- session_id() in PHP
- session_id() always returns '' even if a session cookie is set
- PHP Session ID uniqueness (for use in a cookie)