0

Im trying to get the username of the logged in user from session. I can alert roomnumber and id of the user, but not the username.

Code for storing:

session_start();
$con = DbConnect();
if (isset($_POST)) {
$username = $_POST['username'];
$pwd = $_POST['password'];                        
$sql = 'select id, username, password, roomNr from room where username = "' .$username. '"';
$result = mysqli_query($con, $sql);
$count = mysqli_num_rows($result);
$userData = mysqli_fetch_array($result, MYSQLI_ASSOC);

if ($count == 1) {
    session_regenerate_id();
    $_SESSION["sess_id"] = $userData['id'];
    $_SESSION["sess_username"] = $userData['username'];
    $_SESSION["sess_room"] = $userData['roomNr'];
    session_write_close();
    header("location: ../main_page.php");
} else {
    header('index.php');
}

Code for retrieving:

echo $_SESSION['sess_username'];

NOTE: This is just a quick test to see if i can get the spesific problem working. I am not going to use the above code in the final product.

Solution: The problem wasn't with the php, it had to do with how i used the variable in the script tag.

The working solution: 

var user = '<?php echo $_SESSION['sess_username']; ?>';
sinsuren
  • 1,745
  • 2
  • 23
  • 26
Simen_257
  • 47
  • 1
  • 1
  • 6
  • 3
    Make sure you have `session_start();` at the beginning of both your pages and check if `$userData['username']` does contain a value. – AyB May 05 '14 at 13:04
  • Where do you get the variable `$username`? That's probably the most important thing, and is not represented here. – Michael Berkowski May 05 '14 at 13:04
  • @ICanHasCheezburger I do have session_start(); on both. And as pointed out, i can alert both id and room the same way. – Simen_257 May 05 '14 at 13:07
  • @MichaelBerkowski, i have edited my question to include what you were asking about – Simen_257 May 05 '14 at 13:09
  • You need to see if `$userData['username']` has any data in it when you save it to the `$_SESSION["sess_username"]` object. – user1477388 May 05 '14 at 13:10
  • ??? I thought you're looking for the logged in user. What is coming through `$_POST`? Your code as it is now will set any user to whatever username is passed in the POST (unless you're hiding the part about hashing the input password and passing it into the query) – Michael Berkowski May 05 '14 at 13:10
  • Now is the time to learn how to use [`prepare()/execute()`](http://www.php.net/manual/en/mysqli.prepare.php) in MySQLi to protect yourself from SQL injection (which will allow any user to login to this script with ease) [Many good examples are here](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Michael Berkowski May 05 '14 at 13:12
  • @MichaelBerkowski This is just a quick test, i haden't intended to use this code as it is now:) – Simen_257 May 05 '14 at 13:18
  • Can you not do a combination of the above with maybe into a control of some sorts: – Anthony Horne May 05 '14 at 13:21
  • @AnthonyHorne Tried, unfortunately it didn't work either – Simen_257 May 05 '14 at 13:28
  • If you cannot, then why not just store the username with the session on login and thereafter just refer to the username (via the session in the db). If the session expires, then they must log in again. – Anthony Horne May 05 '14 at 13:30
  • @AnthonyHorne Haven't got much experience with php, but i'll try look it up. Thanks – Simen_257 May 05 '14 at 13:37
  • 1
    If your problem is solved, please accept one of the answers, instead of adding 'SOLVED' to the question's title. – Nic Wortel May 05 '14 at 14:21

2 Answers2

0

What my suggestion is, assign your user data to a session array and retrieve. that would not loose your data

     session_start();
     session_regenerate_id();
     $_SESSION["user_data"] = $userData;
     session_write_close();

And also make sure you are including session_start() in all your include files.

TED
  • 1,829
  • 5
  • 18
  • 36
0

try this to alert with javascript

echo "<script type='text/javascript'>alert('{$_SESSION['sess_id']} - {$_SESSION['sess_room']}');</script>";

or only to show with php

echo "{$_SESSION['sess_id']} - {$_SESSION['sess_room']}";
Thiago França
  • 1,817
  • 1
  • 15
  • 20