CODEWITHSUNDEEP
phphtmlsessionauthentication
Dark Rain
Dark Rain

Reputation: 5

PHP Session. Unable to get to log-in

--EDIT--

Found the issue. Thanks to Conyc. I think I found the issue. mysqli_fetch_assoc($result) returns null when there are no more rows left to read. This means that $row will be null when you are trying to put the username into the session at $_SESSION['Id'] = $row['Username']; Try to store the username in a variable like you do with the password. – Conyc 12 mins ago

Currently trying to show content by logging on. I'm utilizing sessions and hashed passwords. I can't for the life of me figure out why it's not displaying that I'm "logged in". if (isset($_SESSION['Id'])) is displaying that I am not logged in, even though I can retrieve my username and password from mysql. I think it may have something to do with sessions on html? Or perhaps the session id is wrong? Idk. If you guys have any ideas I would love to know. I'm kinda new to php so it's been pretty rough.

Here is my login.php

<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";

$user = $_POST['User'];
$Userpassword = $_POST['Password'];
$password_hash = password_hash($Userpassword, PASSWORD_DEFAULT);

$storedPassword = "";

// Create connection

$conn= mysqli_connect("$servername","$username","$password") or die ("could 
not connect to mysql");
mysqli_select_db($conn, "dpw_recyclopedia") or die ("no database");
$sql = "SELECT Username, Password FROM Users WHERE Username = '".$user."'";
$result = mysqli_query($conn, $sql);


if(! $result ) {
    die('Could not select data: ' . mysqli_error($conn));
}

if (mysqli_num_rows($result) > 0) {
    // output data of each row
    while($row = mysqli_fetch_assoc($result)) {
        //echo "user: " . $row["UserName"]. " " . $row["Password"]. "<br>";
        $storedPassword = $row["Password"];
    }
} else {
    echo "User Not Found";
}

 if (password_verify($Userpassword , $storedPassword)) {
    $_SESSION['Id'] = $row['Username'];
    header ("Location: 'mywebsite');
 }else {
    header ("Location: 'mywebsite');
    exit();

 }

?>

Here is my html page

<?php
include 'DbConfig.php';
session_name('Id');
session_start();
session_regenerate_id();
?>

<!DOCTYPE html>
<html lang="en">

                    <?php

                        if (isset($_SESSION['Id'])){
                                echo "you are logged in";
                            } else {
                                echo "you are not logged in";
                    }

                    echo json_encode($_SESSION);
                    echo json_encode($_COOKIE);
                    ?>
                        <form method = 'POST' action="./ajax/login.php">
                        <input type='text' name='User' placeholder='Email'>
                        <input type='password' name= 'Password' 
placeholder='Password'>
                        <button type='submit'  name='my_form_submit_button'>
                        <span class='glyphicon glyphicon-log-in'></span> 
&nbsp; Sign In
                        </button>
                        </form>

                        <form method = 'POST' action="./ajax/logout.php">
                        <button type='submit'  name='my_form_submit_button'>
                        <span class='glyphicon glyphicon-log-in'></span> 
&nbsp; Sign Out
                        </button>
                        </form>


</html>

Upvotes: 0

Views: 502

Answers (2)

Conyc
Conyc

Reputation: 460

You are effectively using different sessions on your two pages.

In your html page you set your session name to "Id" by using

session_name('Id');

while your login.php page use the default session name since nothing else has been declared.

Ensure that the session name is the same on all pages that need to share the same session, either by declaring the same session name or by using the default.

You are also putting yourself into a new session on every pageload of your html page by using

session_regenerate_id();

You must remove that too.

Additionally, you must store the username from the database in a temporary variable before adding it to the session, since $row will be null by the time you try to add it to the session (mysqli_fetch_assoc() returns null when there are no more rows to fetch).

Upvotes: 0

Robin Rai
Robin Rai

Reputation: 392

Try this code (change if(password_verify) part):

if (password_verify($Userpassword , $storedPassword)) {
    $sql = "SELECT Username, Password FROM Users WHERE Username = '".$user."'";
    if($result = mysqli_query($conn, $sql)) {
        if (mysqli_num_rows($result) > 0) {
            while($row = mysqli_fetch_assoc($result)) {
                $_SESSION['Id'] = $row['Username'];
                header ("Location: 'mywebsite');
                die();
            }
        }
    }
}

Upvotes: 0

Related Questions