CODEWITHSUNDEEP
phphtmldatabase
Enter Strandman
Enter Strandman

Reputation: 339

PHP Session Var Not Transferring Across Pages

I have a connect file which is included in the header of my files. The header contains a session start, and I have checked that the session ID is the same across pages. I am trying to echo the $_SESSION['userFirstName'] within some HTML to display the users name. I cannot figure out why it it is blank. There are no error messages from Chrome other than the "Notice: Undefined index: userFirstName

Here is my connect.php

<?php
/*Login handled here*/
$servername = "localhost";
$usernameDB = "root";
$passwordDB = "";
$nameDB = "teacheasy";

//set user and password to values from form
if ( isset($_POST['username']) && isset($_POST['password']) ) { 
    $user = $_POST['username'];
    $pass = $_POST['password'];
} else {
    echo "The values weren't sent";
}

//connect to the database
$_SESSION['connection'] = new mysqli($servername, $usernameDB, $passwordDB,$nameDB);

//Check if the connection was successful
if($_SESSION['connection']->connect_error){
    die("Connection to the database failed: " . $_SESSION['connection']->connect_error);
} else{
//once the DB is connected, get information from the DB to check the records against the data entered
    $sqlUser = "SELECT `teacher_username` FROM `teacher` WHERE `teacher_username`='$user'";
    $sqlPass = "SELECT `password` FROM `teacher` WHERE `password`='$pass'";
    $resultUser = mysqli_query($_SESSION['connection'], $sqlUser);
    $resultPass = mysqli_query($_SESSION['connection'], $sqlPass);
    $textUser = $resultUser->fetch_assoc();
    $textPass = $resultPass->fetch_assoc();

    //get first name and last name to populate the user
    $sqlUserFirstName = "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'";
    $sqlUserLastName = "SELECT `last_name` FROM `teacher` WHERE `teacher_username`='$user'";
    $resultUserFirstName = mysqli_query($_SESSION['connection'], $sqlUserFirstName);
    $resultUserLastName = mysqli_query($_SESSION['connection'], $sqlUserLastName);
    $_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
    $_SESSION['userLastName'] = $_POST[$resultUserLastName->fetch_assoc()];

    //check if the user and password match records in the database
    if($user == $textUser['teacher_username'] && $pass == $textPass['password']){
        //open the calendar if they match
        echo "<script> window.location.assign('../calendar.php'); </script>";
    } else{
        //set this up to load a log in failed page rather than a blank page with error message
        echo "The data entered has no match.";
    }

}

Upvotes: 1

Views: 42

Answers (1)

Accountant م
Accountant م

Reputation: 7483

This is what you done

$user = $_POST['username']
// "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'" // SQL injection here
$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];

As @jeroen said in comments $_SESSION['userFirstName'] must be empty because there is no key in the $_POST that is equals $resultUserFirstName->fetch_assoc() which returns an array! . You should be getting an undefined index error.

$_POST is an array that holds the variables that have been posted with the http request to your server. It has nothing to do with the data returned from your database query unless $_POST['username'] === teacher.first_name and teacher.first_name === teacher.teacher_username

try 

$_SESSION['userFirstName'] = $resultUserFirstName->fetch_assoc()['first_name'];

instead of 

$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];

Also you are vulnerable to SQL injection attacks, and you should make it a happit to always use prepared statements. Check this answer on how to switch to prepared statements if you are used to concatenating.

Upvotes: 1

Related Questions