0

I am working on my website and, for the life of me, can't seem to get the username to pop up on my index.html page after it redirects a user to the page after they log in.

connectivity.php

function SignIn() 
{ 
    session_start(); //starting the session for user profile page 
    if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text 
    { 
        $query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error()); 
        $row = mysql_fetch_array($query) or die(mysql_error());
        if(!empty($row['userName']) AND !empty($row['pass'])) 
        { 
            $_SESSION['userName'] = $row['pass']; 
            header("location: http://www.gotospectrum.com/index.html");

        } else { 
            echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY..."; 
            } 
        } 
    } 
    if(isset($_POST['submit'])) 
    { 
        SignIn(); 
    } 

?>

index.html

<?php 
    session_start();session_destroy();
    session_start();
 ?>
<!DOCTYPE html>
<html lang="en">



<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
                <ul class="nav navbar-nav">
                    <li>
                        <a href="about.html">About</a>
                    </li>
                    <li>
                        <a href="Services.html">Services</a>
                    </li>
                    <li>
                        <a href="index.php">Contact</a>
                    </li>

                    <li>
                        <a href="Login/Sign-In.html">Login</a>
                    </li>

                    <li>
                        <a href="/Login/logout.php">Logout</a>
                    </li>

                    <li>
                        <?php 
                            echo isset($_SESSION['userName'];

                        ?>
                    </li>

I'm calling the session at the top as you can see and I'm trying to echo the username in the <li> after Logout, I'll move it later, but at this point I'm just trying to get it to work.

I have been at this now for hours and it's really frustrating me.

Zsw
  • 3,920
  • 4
  • 29
  • 43
Charles L.
  • 1,844
  • 2
  • 34
  • 56
  • 1
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Sep 30 '15 at 20:03
  • Extending what @Quentin is saying, you should consider using a well tested PHP framework such as Laravel (my recommendation, but there are lots of options). If you're making an online store you shouldn't be handling security stuff on your own, especially when you don't even know to set the file extension properly – jfadich Sep 30 '15 at 20:11

1 Answers1

1

You have two problems: (1) file types and (2) your code.

The File Type Problem

By default, .html is processed by your server as HTML - it never goes through the PHP engine. Change your file name to index.php.

You can verify this is the problem by viewing the source of index.html when you load it in a browser. You will see your unprocessed PHP code, which obviously is not what you want.

As an alternative, if you are using Apache, you can force your server to process HTML files as PHP by adding this line to a .htaccess file in the root directory of your site: AddType application/x-httpd-php .htm .html. See this answer. This is not the recommended way to fix the problem, however, as it adds a lot of server load for serving up even a basic .html file.

Note: some servers are not setup correctly to treat index.php as the default file. If you get a 404 error after renaming your file and trying to load your homepage, check your settings for default page names.

Your Code Problems

You call session_destroy(); in the first line of your PHP code, which means $_SESSION['userName'] will never be set when you get to that part of the code. Take out session_destroy();.

Also, you are missing the closing ) in echo isset($_SESSION['userName'];:

echo isset($_SESSION['userName']);

With regards to this last error: that is a syntax error that will cause a "white screen of death." You really should use an IDE that will catch these kinds of things. I'm personally partial to PHPStorm, but any decent IDE should catch a syntax error like that.

Community
  • 1
  • 1
elixenide
  • 44,308
  • 16
  • 74
  • 100
  • this makes perfect sense to me however, does that mean i have to change EVERY .html fil to .php so every page will display the username? – Charles L. Sep 30 '15 at 18:56
  • @Charles Yes, files containing PHP code should be named `.php`, not `.html`. That said, if you are using Apache, you can force your server to process HTML files as PHP by adding this line to a `.htaccess` file in the root directory of your site: `AddType application/x-httpd-php .htm .html`. See [this answer](http://stackoverflow.com/a/11312349/2057919). – elixenide Sep 30 '15 at 18:59
  • 1
    @Charles It should also be noted that as it is written now, the username will never be displayed. You need to remove the session_destroy() from the index file – jfadich Sep 30 '15 at 19:11
  • im using godaddy cPanel for my web hosting when i place the AddType application/x-httpd-php .htm .html into my htaccess file, it still seems to comment out my PHP code when i look under chrome developer tools? – Charles L. Sep 30 '15 at 19:22
  • I have been trying to figure out the htacces file for some time now, all variations i use seem to either A.) prompt to download files 3.) show a white screen of death c.) do nothing. – Charles L. Sep 30 '15 at 19:24
  • 1
    @Charles Have you tried changing the extension to .php? I know it's tedious to change all your files but it really is the better solution. – jfadich Sep 30 '15 at 19:25
  • @jfadich i think thats what ill end up having to do, it will really be time consuming, but im creating an online store so in the end i think ill have to regardless. – Charles L. Sep 30 '15 at 19:31
  • @Charles You should definitely change the file names if at all possible. Changing how Apache handles the file type is definitely the second-best option. Also, please see my edits. As jfadich pointed out, you should not call `session_destroy()` and then try to access `$_SESSION['whatever']`. Finally, you have a syntax error in your `echo` statement, which is why you get a white screen of death. – elixenide Sep 30 '15 at 20:03