$_SESSION passing but displays nothing?

Question

I have read the other questions relating to this and it does not answer my question or produced any troubleshooting results. I have a login in page. It functions fine and it is starting the session and displays nothing. even when I put an echo"Hello World"; nothing shows. and it still shows as being in login.php not products.php.

Here is the code: session start (there is not space before the session_start function:

<?php
session_start();
/* connection info */
include("connection.php");
?>

Checks for Blank fields:

if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
  {
    foreach($_POST as $field => $value)         
    {     
        if(empty($value))
          {
             $blank_array[] = $field;
          }
    else                                                    
    {
      $good_data[$field] = strip_tags(trim($value));
    }
  } 

  if(@sizeof($blank_array) > 0) 
  {
    $message = "<p style='color: red; margin-bottom: 0; 
                 font-weight: bold'>
                 You didn't fill in one or more required fields. 
                 You must enter: 
                 <ul style='color: red; margin-top: 0; 
                 list-style: none' >";

 /* display list of missing information */
    foreach($blank_array as $value)
    {
       $message .= "<li>$value</li>";
    }
    $message .= "</ul>"; 

    echo $message;
    extract($good_data);
    include("login.inc");   
    exit();    
  }

Checks for format consistency:

foreach($_POST as $field => $value)
{
  if(!empty($value))
  {
    $user_patt = "/^[A-Za-z0-9]{3,20}$/";
    $pass_patt = "/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{6,12}$/";

    if(preg_match("/user/i",$field))
    {
      if(!preg_match($user_patt,$value))
      {
        $error_array[] = "$value is an invalid $field";
      }
    }

    if (preg_match("/word/i",$field))
    {
        if(!preg_match($pass_patt, $value))
        {   
            $error_array[] = "Invalid $field";  
        }
     }
  } 

  $good_data[$field] = strip_tags(trim($value));

}

if(@sizeof($error_array) > 0) 
{

  $message = "<ul style='color: red; list-style: none' >";
  foreach($error_array as $value)
  {
   $message .= "<li>$value</li>";
  }
  $message .= "</ul>"; 

  echo $message;
  extract($good_data);
  include("login.inc");
  exit();   
}

$_SESSION variable:

else
    {
    foreach($good_data as $field => $value)
        {
            $good_data[$field] = mysqli_real_escape_string($cxn,$value);
        }
        $sql = "SELECT * from UserInfo where user_id = '$good_data[user_id]' and
        password = '$good_data[password]'";
            $result = mysqli_query($cxn,$sql) or die("Couldn't find UserInfo: " . mysqli_error($cxn));

        if ( mysqli_num_rows($result) > 0) 
        {           
        $sql2 = "UPDATE TimeStamp SET user_id = '$good_data[user_id]', time = CURRENT_TIMESTAMP";  
        $result2 = mysqli_query($cxn,$sql2) or die("Couldn't update TimeStamp: " . mysqli_error($cxn)); 

        $_SESSION["variable"] = "condition";
        header("location: products.php");
        }
    } 
}
else
{
  $user_id = "";
  $password = "";   
  include("login.inc");
}
?>

products.php page:

    <?php
    session_start();
    include(connection.php);
    if(!isset($_SESSION['variable']) or $_SESSION['variable'] != "condition")
        {
            header("location: login.php");
            exit(); 
        }
?>

kindly provide complete code of your page, code is incomplete. — captain_a, Jul 24 '15 at 21:07
If I print the $_SESSION it comes back with "array" so nothing is going into the $_SESSION array, but not sure why. — Jason Cameron, Jul 24 '15 at 23:05
there might be issue in the connection.php .. can u show its code. — captain_a, Jul 25 '15 at 07:30
@captain_a That is interesting. It says array [variable] => condition. So if that is what is in the session array. with what my products page is, is that correct? Thanks for the print_r though that helped a lot. — Jason Cameron, Jul 26 '15 at 03:29

score 0 · Answer 1 · edited May 23 '17 at 10:24

0

the problem in the query, did the query return results?

$sql = "SELECT * from UserInfo where user_id = '$good_data[user_id]' and
        password='$good_data[password]'";

change it to:

$sql = "SELECT * from UserInfo where user_id = '{$good_data['user_id']}' and
        password='{$good_data['password']}'";

in addition:

read about SQL Injection and escape the parameters
save your password in some hash like md5 or something more secure

edited May 23 '17 at 10:24

Community

1
1

answered Jul 22 '15 at 09:49

Haim Evgi

123,187
45
217
223

alright, the password_hash function does not seem to function with my version of php eventhough I am using 5.4. so I put the coide as you said like this and I am getting the same result. – Jason Cameron Jul 22 '15 at 10:03
$sql = "SELECT * from UserInfo where user_id = '{$good_data['user_id']}' and password = '{$good_data['password']}'"; crypt($good_data['password']); – Jason Cameron Jul 22 '15 at 10:03
print the sql and the result ($row) and see what you get – Haim Evgi Jul 22 '15 at 10:05
printing the $sql and $row gives the same result, before i added the else statement $SESSION, you could register and login no problem. Its only when I try to make it store a session – Jason Cameron Jul 22 '15 at 10:14
if i understand the code the mistake is if the user success then you need to store the session $_SESSION['variable'] = "condition" not in the else – Haim Evgi Jul 22 '15 at 10:33
sadly, if I remove the else I just get the cannot modify header information error message. – Jason Cameron Jul 22 '15 at 19:37

$_SESSION passing but displays nothing?

1 Answers1