Session, Cookies, Remember me working fine but

Question

May be there are already solutions of my problem but I don't know what the exact name of my problem. So I can't search them now and I need post my problem here.

When I log in manually(mean putting username & password with my hand), my profile page shows all data correctly from my database. See the below picture.... Correct image

Now I am logging out and again log in. This time I checked "Remember me box". Then I closed my browser without logging out. So next time I got access to my home page directly as cookies worked. All are fine till now. But the disaster come when I checked my profile page. See the below picture.... :( Incorrect image

I have used "Username" column to detect the row of table of my database. Because my code doesn't allow same username from another user. Here is the code of the profile page:

session_start();
$name = $_SESSION['username'];
$result = mysql_query("SELECT * FROM store WHERE Username='$name'");
while ($row = mysql_fetch_array($result)) {
    $first = $row['Firstname'];
    $last = $row['Lastname'];
    $use = $row['Username'];
    $pas = $row['Password'];
}

Then I just echo them (that four variables $first, $last, $use and $pas) in profile page. So what should I do now?

hey remove all the codes from below and test only by echoing $name! whether it is null or not! — Muhammad Talha Akbar, Dec 15 '12 at 13:36
i gave you answer below there i mentioned how to check whether session is set or not! obviously if session is set then it will set null to $name :) — Muhammad Talha Akbar, Dec 15 '12 at 13:45

score 1 · Answer 1 · edited May 23 '17 at 10:24

1

first make sure that session is set and not empty for that you cam use empty() it will explicit check isset()

session_start();
if (!empty($_SESSION['username'])) {
    $name = $_SESSION['username'];
    $result = mysql_query("SELECT * FROM store WHERE Username='$name'");
    while ($row = mysql_fetch_array($result)) {
        $first = $row['Firstname'];
        $last = $row['Lastname'];
        $use = $row['Username'];
        $pas = $row['Password'];
    }
}

NOTE 1 : your session is not secure you need to secure session for that there are some good read

NOTE 2 : Use of mysql_* function are deprecated even it will generate E_DEPRECATED warning in php5.5 so use PDO or MySQLi instead

edited May 23 '17 at 10:24

Community

1
1

answered Dec 15 '12 at 13:52

NullPoiиteя

56,591
22
125
143

you copied my answer? because you forget to remove //here is the problem – Muhammad Talha Akbar Dec 15 '12 at 13:55
woah man you removed that hahahha :P thats ok man i am not going to do anything! – Muhammad Talha Akbar Dec 15 '12 at 13:57
@AspiringAqib just because code in post is not well formatted – NullPoiиteя Dec 15 '12 at 13:57
Thanks NullPointer. I am really new. At this I time I just make me introducing with php basic syntax. I will check security issue later. Thanks again. – Shahriar Kabir Dec 15 '12 at 15:04

score -2 · Accepted Answer · edited Dec 15 '12 at 14:33

-2

session_start();
$name = $_SESSION['username']; // here is the problem
$result = mysql_query("SELECT * FROM store WHERE Username='$name'");
while ($row = mysql_fetch_array($result)) {
    $first = $row['Firstname'];
    $last = $row['Lastname'];
    $use = $row['Username'];
    $pas = $row['Password'];
}

you can see by checking that session is set or not by this statement

if (isset($_SESSION['username'])) {
    echo "Session is Set";
} else {
    echo "Session is not Set";
}

i think error is due to session because it will not be set!

edited Dec 15 '12 at 14:33

NullPoiиteя

56,591
22
125
143

answered Dec 15 '12 at 13:42

Muhammad Talha Akbar

9,952
6
38
62

first check whether session is set or not! – Muhammad Talha Akbar Dec 15 '12 at 13:43
Yea session is not set, you got the point. So what the solution then? – Shahriar Kabir Dec 15 '12 at 13:50
hey man first check your browser remembers history or not! because if it does not then when you exit the browser the session and cookie stored will be removed! – Muhammad Talha Akbar Dec 15 '12 at 13:52
hey your cookie works and redirects you to home page. so, instead of setting session you can set a cookie of username and then retrieve data from database ;) – Muhammad Talha Akbar Dec 15 '12 at 13:54
Oh yeah, I can do that. Thanks a lot Aspiring Aqib. – Shahriar Kabir Dec 15 '12 at 14:09
1

@user1902462 your code is vulnerable and please dont use mysql_* function – NullPoiиteя Dec 15 '12 at 14:13
3

@AspiringAqib I see I'm not the only one who told you about `mysql_*` functions and SQLI vulnerabilities. And you still haven't learned... O dear god... – OneMore Dec 31 '12 at 20:21

Session, Cookies, Remember me working fine but

2 Answers2