0

It is not inserting the session variables like name, id ,email, number like which is stored in $a,$b,$c,$d in pseller.php

This is my login page where i am checking username and password

login.php

  <?php


     error_reporting(E_ALL); // to see if there is error in code


     include "connect_to_mysql.php";
     if(isset($_POST['log']))
     {

      $user= $_POST['user'];
      $pass= md5($_POST['pass']);

      $sql=mysql_query( "select * from reg where username= '$user' AND password='$pass' AND category='product seller' LIMIT 1 ") or die( mysql_error());
      $data=mysql_num_rows($sql);
      if ($data == 1) {
         $_SESSION['name']=$name;
            $_SESSION['id']=$id;
            $_SESSION['phone_no']=$number;
            $_SESSION['email_id']=$email;

        header("location:pseller.php");

       }


    else {
    header("location:login.php?error");

         }
    }
    ?>



         <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
         <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
              <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                 <title> Log In </title>
                     <link rel="stylesheet" href="style.css" type="text/css" media="screen" />
                      </head>

                   <body>



        <div id="mainWrapper">

     <div id="pageContent"><br /><br /><br />
      <div align="right" style="margin-right:24px; color:#FF0000">

  <br /><br />
  <form id="form" name="form" method="post" action="login.php">
    <h2 style="padding-right:200px;">User Name:</h2>
      <input name="user" type="text" id="user" size="40" style="height:30px;" required placeholder="Enter Email"/>
   <br /><br />
    <h2 style="padding-right:210px;">Password:</h2>
   <input name="pass" type="password" id="pass" size="40" style="height:30px;" required/>
   <br />
   <br />
   <br />

   <img style="padding-right:190px;" src="generate.php"><br /><br />
   <input type="text" name="secure" size="10" required placeholder="Enter The Value" style="padding-right:210px; height:30px;">
       <br />
   <br />
   <br />
     <input type="submit" name="log" id="log" value="Log In"  style="padding-right:40px;" />





  </form>
  <p>&nbsp; </p>
   </div>
    <br />
     <br />
    <br />
   </div>

       </div>
        </body>
         </html>

This is pseller page where I am trying to store session values in variables then inserting in database. but session variables are not inserting data in database and showing the value of v_id v_number as 0.

pseller.php

    <?php 
    // Parse the form data and add inventory item to the system

    include_once('connect_to_mysql.php');
    session_start();

   if (isset($_POST['p_name'])) {


       $target_dir = "pics/";
       $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
       $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
       move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file) ;
       $img_name = $_FILES["fileToUpload"]["name"];


        $a=$_SESSION['name'];
        $b=$_SESSION['id'];
        $c=$_SESSION['phone_no'];
        $d=$_SESSION['email_id'];

     $product_name = mysql_real_escape_string( $_POST['p_name']);
    $price = mysql_real_escape_string($_POST['price']);
    $category = mysql_real_escape_string($_POST['category']);
   $subcategory = mysql_real_escape_string($_POST['subcategory']);
   $category2 = mysql_real_escape_string($_POST['category2']);
    $details = mysql_real_escape_string($_POST['details']);
    // See if that product name is an identical match to another product in the system

  // Add this product into the database now
    $sql = mysql_query("INSERT INTO product (p_name, price, details, category, sub_category, category2, img_name, v_id, v_name, v_number, v_email, date) VALUES('$product_name','$price','$details','$category','$subcategory','$category2','$img_name','$b','$a','$c','$d',now())") or die (mysql_error());



   }
   ?>

Please help me to come out from here.

komal deep singh chahal
  • 1,229
  • 3
  • 13
  • 28

3 Answers3

2
$_SESSION['id']=$id;
$_SESSION['phone_no']=$number;

only get updated if select with username and password has rowcount 1

Those become variables $b and $c in pseller.php

So if $user and $pass do not get you a row on select from db, you get junk in SESSION.

mysql_num_rows returns number of rows. You are doing LIMIT 3. So if you are 0, 2, or 3, session is in trouble. Why, because your if statement says =1.

Also, you are using a deprecated mysql_* function library and acting directly upon user-supplied values that can render sql injection attacks. Use mysqli or pdo, and see this.

Community
  • 1
  • 1
Drew
  • 24,851
  • 10
  • 43
  • 78
  • can you explain me what i have to do here.. to to get those variable. – komal deep singh chahal Aug 15 '15 at 22:21
  • so what changes i have to do in my login.php code.. tell me that stuff bro...then may be i will get you.. how i am not giving those parameter – komal deep singh chahal Aug 15 '15 at 22:26
  • I would start with echoing out some variable values. Perhaps an echo also inside the if statement that sets those two SESSION variables, so that you know you even got the user/pass combo successfully – Drew Aug 15 '15 at 22:47
  • play with it. I don't see what you have done. I was suggesting why they are equal to 0 – Drew Aug 15 '15 at 23:16
2

Include session_start(); in yourlogin.php

$sql=mysql_query("select * from reg where username= '$user' 
AND password='$pass' AND category='product seller'") or die( mysql_error());

Inside the above query, Please make the changes.

Avoid making column names with spaces category='product seller'
Now echo the values under the SELECT * FROM query and the $a, $b, $c, $d to know if you REALLY are taking the values through to the next page. I am pretty much sure that you were not and also @Drew suggested, shift to msqli/PDO.

EDIT:

In your second page pseller.php try to echo and see what you're getting.

 echo   $_SESSION['name'];
 echo   $_SESSION['id'];
 echo   $_SESSION['phone_no'];
 echo   $_SESSION['email_id'];

No luck? Okay let's just try it this way and see what happens;

 $sql=mysql_query("select * from reg where username= '$user' AND password='$pass'") or die( mysql_error());

      if ($sql) {
while($row=mysql_fetch_array($sql))
{
           echo     $row['name'];
           echo     $row['id'];
           echo     $row['phone_no'];
           echo     $row['email_id'];
 }   
    //        header("location:pseller.php");
           }

Now put the correct username and password (present in the database) and if you can see the echoed values, use sessions to store and use them later on also uncomment the header(); line and you are good to go.

DirtyBit
  • 16,613
  • 4
  • 34
  • 55
  • man.. its not changing the view.. facing same problem.. i tried this. – komal deep singh chahal Aug 15 '15 at 23:02
  • where i should echo $a, $b and all?? in pseller.php page – komal deep singh chahal Aug 15 '15 at 23:02
  • i tried this edited version too.. but still not working.. and it is not showing any values of echo session statements. – komal deep singh chahal Aug 15 '15 at 23:17
  • v_id,v_number are 0 while other two v_email, v_user are blank in the databse it is showing this. – komal deep singh chahal Aug 15 '15 at 23:19
  • @komaldeepsinghchahal please try with this updated edit and remember it won't work if the query fails. – DirtyBit Aug 15 '15 at 23:23
  • Notice: Undefined variable: name in C:\xampp\htdocs\venders\login.php on line 45 Notice: Undefined variable: id in C:\xampp\htdocs\venders\login.php on line 46 Notice: Undefined variable: number in C:\xampp\htdocs\venders\login.php on line 47 Notice: Undefined variable: email in C:\xampp\htdocs\venders\login.php on line 48 – komal deep singh chahal Aug 15 '15 at 23:25
  • Where exactly are you defining the variables you're trying to store in the sessions variables in login.php ($name, $id, $number, $email)? – harris Aug 15 '15 at 23:28
  • even if i remove error.. it is again not showing values on thsi page too – komal deep singh chahal Aug 15 '15 at 23:29
  • no i am trying to store the session variables of login .php in seller.php page...thats why i used session – komal deep singh chahal Aug 15 '15 at 23:30
  • do you like coming on my pc through teamviewer..?? – komal deep singh chahal Aug 15 '15 at 23:31
  • @komaldeepsinghchahal if you can get the echo values now then you can easily store them using using sessions – DirtyBit Aug 15 '15 at 23:31
  • but these are not echoing the values bro. – komal deep singh chahal Aug 15 '15 at 23:32
  • give me ur email id ... so i will send you id and password. – komal deep singh chahal Aug 15 '15 at 23:33
  • I meant, where are you pulling those values, that you are trying to save to the session, from? Your code example doesn't show you defining the $name, $id, $number and $email variables and that bit of the error log you posted also insinuated that they are not defined. – harris Aug 15 '15 at 23:35
  • @harris i am trying these values to pseller.php after getting from login .php. so what should i do man. – komal deep singh chahal Aug 15 '15 at 23:39
  • 1
    @komal deep singh chahal But WHERE are you getting those values from? I take it you get them from the MySQL query? Your code doesn't show you handling the MySQL resultset and defining the said values. – harris Aug 15 '15 at 23:42
  • exactly.. i think i am missing this part.... like tell me how to these values writting mysql querry... tell me how to hndle myswl resultset and defining thses values. – komal deep singh chahal Aug 15 '15 at 23:47
  • Well, first off you shouldn't use PHP's mysql library as it's deprecated, but instead use mysqli (http://php.net/manual/en/book.mysqli.php) or PDO (http://php.net/manual/en/book.pdo.php). For mysqli you should look into fetch_assoc for hints on handling the data (http://php.net/manual/en/mysqli-result.fetch-assoc.php). Also for your queries you should look into prepared statements for security reasons (http://php.net/manual/en/mysqli.prepare.php). – harris Aug 15 '15 at 23:56
2

Ok so judging from the question and discussion in the comments, you're lacking proper handling of the user data in login.php.

There are also a couple of other points that are a bit off in your code:

  1. You should not the mysql library as it's deprecated. You should either use mysqli, which is a rather easy switch if you're already used to mysql, or use PDO
  2. Your code is vulnerable to SQL injection. You should use prepared statements when using user input in SQL queries. More info here for example
  3. MD5 is not a very secure option for passwords. You can read more here

Below is a simple example of the PHP part for login.php I threw together based on what information I could gather from your question. It isn't complete for your specific database structure and needs, but should help you forward with your problem:

<?php

  // Define database connection using mysqli
  $mysqli = new mysqli("localhost", "username", "password", "dbname");

  if(isset($_POST['log']))
  {
    $user= $_POST['user'];
    $pass= md5($_POST['pass']); // Should be replaced by secure alternatives

    // Define the SQL query string
    $sql = "SELECT id, name, phone_no, email FROM reg WHERE email = ? AND password = ? LIMIT 1";

    $stmt = $mysqli->prepare($sql); // Prepare the query string
    $stmt->bind_param("ss", $user, $pass); // Define prepared statement parameters

    // Execute the prepared stament
    if ($stmt->execute())
    {
        $result = $stmt->get_result(); // Get the result

        $data = $result->num_rows; // Get number of rows

        if ($data == 1)
        {
          $userdata = $result->fetch_array(MYSQLI_ASSOC); // Get an associative array from the result

          $_SESSION['name'] = $userdata['name'];
          $_SESSION['id'] = $userdata['id'];
          $_SESSION['phone_no'] = $userdata['phone_no'];
          $_SESSION['email_id'] = $userdata['email'];

          header("location:pseller.php");
        }
      }
      else
      {
        header("location:login.php?error");
      }
    }
?>
Community
  • 1
  • 1
harris
  • 251
  • 3
  • 12