-2

I'm creating a website with sign up/login capabilities and wanting the page to display the user's name after logging in through multiple elements of the site. There are three main sections for getting the client information, the sign in page (just a post method form), the verification page which verifies the password and email on the database, and also sets the session variable, then the welcome back page which should echo the name, but only echo's the value "0".

The verification script is:

<?PHP
//Start a session
session_start();

//Connect to the database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("PhoneBro") or die(mysqli_error());

//Assign varibales to input data
$email = $_POST['email'];
$password = md5($_POST['password']);

//Query database to check information
$query = mysql_query("SELECT * FROM Customers WHERE Email='$email' AND Password='$password'") or die();

//Remember information about user to use later
$_SESSION['name'] = mysql_query("SELECT FirstName FROM Customers WHERE Email='$email'") or die();

//Validate login or redirtect if incorrect
if (mysql_num_rows($query)>0){
    header('location: loginSuccess.php');
    exit();
}else{
    header('location: loginFail.php');
    exit();
};
?>

And the code for the welcome page:

<?PHP 
session_start();
?>
    <!DOCTYPE html>
    <html>

    <head>
        <title>PhoneBro | Welcome Back</title>
    </head>

    <body>

        <div class="center">
            <p>Welcome back,
                <?PHP
                echo $_SESSION['name']; ?>
            </p>
            <a href="signOut.php">
                <button>Sign Out</button>
            </a>
        </div>
    </body>

    </html>

The spelling in the query is correct to the database and as it was successfully able to verify the username and password, I can't imagine why it wouldn't return any values for the FirstName query either. Please ask if more information is needed.

Sebastian
  • 66
  • 2
  • 8
  • 1
    Please dont use [the `mysql_` database extension](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), it is deprecated (gone for ever in PHP7) Specially if you are just learning PHP, spend your energies learning the `PDO` database extensions. [Start here](http://php.net/manual/en/book.pdo.php) its really pretty easy – RiggsFolly Aug 18 '16 at 11:13
  • Please dont __roll your own__ password hashing. PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them, I might want to use your site one day And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) – RiggsFolly Aug 18 '16 at 11:32
  • @RiggsFolly thanks heaps. This is for a school assignment so it doesn't need to be too secure nor use an up to date database extension. But I'm planning to do this professionally in the future, so will certainly keep it in mind. – Sebastian Aug 18 '16 at 11:44
  • The point of school/college is to learn and practice the good tecniques, not leave them till you get a job and then find your expertize is useless – RiggsFolly Aug 18 '16 at 11:46
  • @RiggsFolly fair point. I'll make the adjustments where I can for this project with the time I have. I appreciate the concern. – Sebastian Aug 18 '16 at 11:59

1 Answers1

2

$_SESSION['name'] is "0" because missing some like mysql_fetch_array()

Try change 

$_SESSION['name'] = mysql_query("SELECT FirstName FROM Customers WHERE Email='$email'") or die();

with

$db_result = mysql_query("SELECT FirstName FROM Customers WHERE Email='$email'") or die();
$db_row = mysql_fetch_array($db_result);
$_SESSION['name'] = $db_row["FirstName"];
Dave
  • 2,764
  • 2
  • 15
  • 27