0

How do I get a user_id for a PHP file from another PHP file. I'm using $_SESSION['user_id'] to do it but it's not working for me. Can anyone show me how to do it and where the $_SESSION['user_id'] should be placed in the PHP files, or if there is a better way of doing it. I think I have it placed in the right place in the login.php file but not sure about fitness.php. I'm using them for my Android app. The two PHP files are below. Any help will be greatly appreciated, thank you.

login.php

<?php
session_start();
$error = NULL;

include_once('connection.php');
if(isset($_POST['txtUsername']) && isset($_POST['txtPassword'])){
    $username = $_POST['txtUsername'];
    $password = $_POST['txtPassword'];

    $query = "SELECT username, password, user_id FROM user WHERE username = '$username' AND password = '$password'";

    $result = mysqli_query($conn, $query);

    if($username == $error || $password == $error) {
        echo "Login Failed <br>";
    }
    elseif($result->num_rows > 0){
        $_SESSION['user_id'] = 'user_id';

        if(isset($_POST['mobile']) && $_POST['mobile'] == "android"){
            echo "success";
            exit;
        }
        echo "Login Successful";
        // header("location: login.php");
    }

    else{
        echo "Login Failed <br>";
    }
}
?>

fitness.php

<?php
session_start();
$error = NULL;
include_once('connection.php');
if(isset($_POST['pulseOne']) && isset($_POST['pulseTwo']) && isset($_POST['pulseThree'])){
    $pulseOne = $_POST['pulseOne'];
    $pulseTwo = $_POST['pulseTwo'];
    $pulseThree = $_POST['pulseThree'];

    $fitnessResult = 100;
    $overall = 30000;
    $fitnessScore = -1;

    $fitnessScore = $pulseOne + $pulseTwo + $pulseThree;

    if($fitnessScore != 0){
        $fitnessResult = $overall/$fitnessScore;
        $fitnessResult = round($fitnessResult, 0);
    }
    else{
        $fitnessResult = NULL;
    }
    // $fitnessResult = mydivide($overall/$fitnessScore);

    $date = date("Y-m-d");
    $time = date("h:i:sa");

    // $user_id = $_POST['user_id'];

    $query = "INSERT INTO `fitness`(`fitnessScore`, `fitnessDate`,`fitnessTime`, `user_id`) VALUES ('$fitnessResult','$date','$time', 42)";
    $result = mysqli_query($conn, $query);


    if($pulseOne == $error || $pulseTwo == $error || $pulseThree == $error){
        echo "Insert Failed";
    }
    elseif($result > 0){
        if(isset($_POST['mobile']) && $_POST['mobile'] == "android"){
            echo "success";
            exit;
        }
        echo "Insert Successfully";
    }
    else{
        if(isset($_POST['mobile']) && $_POST['mobile'] == "android"){
            echo "Registration Failed";
            exit;
        }
        echo "Insert Failed";
    }
}

?>
FreedomPride
  • 1,098
  • 1
  • 7
  • 30
GleneaMan
  • 167
  • 1
  • 2
  • 13

2 Answers2

0

you can do like this First save your session variable in another variable than try to insert in database

 $user_id = $_SESSION['user_id'] ;

Try to echo it thisway

echo $user_id;

once you get it use it or insert it in database

change your code from 

$_SESSION['user_id'] = 'user_id';

this to

  $_SESSION['user_id'] = $row['user_id'];
Mudassar Saiyed
  • 1,146
  • 10
  • 20
0

So many things to note here, first of all restructure your If and else statements if you are using else if use them properly. you are using mysqli no prepared statements plain query, try to learn better way so your code dont stay vulnerable. Last but not the least you are facing this proble because you are trying to use Session variable value with post keyword, try this:

$user_id = $_SESSION['user_id'] ; and it will be solved.

Saquib Lari
  • 190
  • 8