CODEWITHSUNDEEP
php
Ashley Nesh
Ashley Nesh

Reputation: 95

Session is not kept/destroyed when i navigate to other pages

Good day.SO i am having an issue in that, when i create a session via a login and a user is authenticated, once i leave that page to say a different page, i am not whether the session is destroyed or not created in the first place, i require this page to hold the session so i can be able to query the users email from it, and use it to query the database to determine the username.

This is my submit.php, called once the user clicks login on the page.

  <?php
session_start();
require_once('connect.php');

if(isset($_POST) & !empty($_POST)){
    $email = mysqli_real_escape_string($connection, $_POST['email']);
    $password =$_POST['password'];
    $sql = "SELECT * FROM `USERS` WHERE EMAIL='$email' AND ENCRYPTEDPWD='$password'";
    $result = mysqli_query($connection, $sql);
    $count = mysqli_num_rows($result);

    if($count == 1){
        $_SESSION['email'] = $email;
        header("Location: Landing page.php"); 
    exit();
    }
    else{
        header("Location: customerportal.php?login=invalid");   
        exit(); 
        }
    }


?>

it redirects to the next page, the landing page. This page should check email from the session, and then display a username.

<?php
            session_start();
            $_SESSION['email'] = $email;
            $sql = "SELECT * FROM users WHERE EMAIL='$email';";
            $result = mysqli_query($connection,$sql);
            $resultCheck = mysqli_num_rows($result);

            if($resultCheck > 0){
                while($row = mysqli_fetch_assoc($result)){
                    echo $row['username'];                  
                }               
            }

            else{
                echo "No User.";
            }

            ?>

Please help.

Upvotes: 2

Views: 62

Answers (2)

Death-is-the-real-truth
Death-is-the-real-truth

Reputation: 72269

You have an issue with the landing page in below line:-

$_SESSION['email'] = $email;// here you are assigning to SESSION

It needs to be:-

$email = $_SESSION['email'];//assign value from SESSION to variable

So code needs to be like this:-

$email = $_SESSION['email'];
$sql = "SELECT * FROM users WHERE EMAIL='$email'";

Note:- Your code is wide-open for SQL INJECTION. Try to use prepared statements to prevent it.

mysqli::prepare

Upvotes: 1

Rabih Melko
Rabih Melko

Reputation: 68

In your landing page, invert the line after session_start(): You are assigning an empty variable to overwrite your already saved session variable

$email = $_SESSION['email'];

If your query causes you problems after that, try concatenating $email

$sql = "SELECT * FROM users WHERE EMAIL='".$email."';";

Upvotes: 1

Related Questions