How to create session of username in php?

Question

I am using core php with mysql for my project. I am stuck in session part. I cant undestand how to create session for username to display his name after login. i tried so many times but failed. please help me with the same. Below is my code for insertUser.php. where total 3 queries for login. I am working on second query for superadmin. As u noticed in my code i create session for username for superadmin. I include menubar.php , header.php and sidebar.php in home.php. I want to add session in menubar.php and header.php.

insertUser.php

<?php
include 'db.php';
if (isset($_REQUEST['insert'])) 
    {
        $acc_name = $_REQUEST['username'];
        $acc_email = $_REQUEST['email'];
        $acc_pass = $_REQUEST['password'];
        $role_id = $_REQUEST['roleid'];
        $sql = mysqli_query($conn,"INSERT INTO `accountants`(`acc_name`, `acc_email`, `acc_pass`, `roleId`) VALUES ('".$acc_name."','".$acc_email."','".$acc_pass."','2')");
        if ($sql>0) 
            {
                header('Location: home.php');
                echo 'data added successfully';
            }
        $row = mysqli_query('SELECT * FROM `accountants`');     
        $data = mysqli_fetch_array($row);
        $data = mysqli_num_rows($conn,$data);
        $_SESSION['role'] = $data['roleId'];
    }
if (isset($_REQUEST['submit'])) 
{
        $username = $_REQUEST['user'];
        $password = $_REQUEST['pass'];
        $sql = mysqli_query($conn,"SELECT * FROM `accountants` where `acc_email` = '".$username."' AND `acc_pass` = '".$password."'");
        $data = mysqli_fetch_array($sql);        
        $_SESSION['role']=$data['roleId'];
        $_SESSION['username']=$data['acc_name'];
        $sql1 = mysqli_query($conn,"SELECT * FROM `superadmin` where `username` = '".$username."' AND `password` = '".$password."'");
        $data02 = mysqli_fetch_array($sql1);        
        $_SESSION['role']=$data02['roleId'];

        $sql2 = mysqli_query($conn,"SELECT * FROM `member` where `email` = '".$username."' AND `password` = '".$password."'");
        $data01 = mysqli_fetch_array($sql2);        
        $_SESSION['role']=$data01['roleId'];
        $_SESSION['username']=$data01['fname'];
        if ($data01>0) 
        {
            header('Location: DigitalSociety - Member/production/societyList.php');    
        }
        elseif ($data>0) 
            {
                header('Location: societyList.php');
            }
       elseif ($data02>0) {
            $_SESSION['login_user']=$username;
                header('Location: DigitalSociety - Superadmin/production/societyList.php');
       }

       else
            {
                header('Location: index.php');
                echo 'incorrect login';
            }
}
?>

menubar.php

<div class="profile clearfix">
  <div class="profile_pic">
    <img src="images/img.jpg" alt="..." class="img-circle profile_img">
  </div>
  <div class="profile_info">
    <span>Welcome,</span>
    <h2><?php echo $_SESSION['login_user'];?></h2>
  </div>
</div>

I i used above code for displaying username it shows error Undefined variable: _SESSION in

please help me with the same.

start session on the top – Waseem Ahmad Apr 29 '17 at 08:08 — Waseem Ahmad, Apr 29 '17 at 08:08

score 0 · Answer 1 · answered Apr 29 '17 at 08:02

0

You are missing session_start(); on top of your files.

answered Apr 29 '17 at 08:02

shaggy

1,708
2
15
17

score 0 · Answer 2 · answered Apr 29 '17 at 08:02

0

At first you have to use

<?php
 session_start();
 include 'db.php';

at the very first line of your php page you should to use session_start().

answered Apr 29 '17 at 08:02

Obaidul Kader

217
1
7

score 0 · Answer 3 · edited May 23 '17 at 12:18

1st of all, you should never store plain-text passwords ! You'd better use native PHP function such as password_hash and password_verify

please refer to :

-> http://php.net/manual/en/function.password-hash.php

-> http://php.net/manual/en/function.password-verify.php

then, you need to use session_start on top of your page

-> see http://php.net/manual/en/session.examples.basic.php

last but not least, never trust user's data ! you should really consider using PPS : Prepared Parameterized Statements. This will help Preventing SQL injection

PHPdevpro · Answer 4 · 2017-04-29T08:33:39.657

You should insert session_start(); in the very first line after <?php of the file to start using sessions.

EDIT:

As it was mentioned in 'OldPadawan's answer, malicious queries might be executed if you aren't careful enough, for example we have something like "SELECT * FROM USERS WHERE USER = '$USER';" , and we suppose that $USER = "Jac'k"; That makes the query looks like that "SELECT * FROM USERS WHERE USER = 'Jac'k';" and of course there will be an error and maybe a database breach by the exploitation of the SQLi Vulnerability. In this situation you need to use mysqli_real_escape_string($con,$USER); What it really does? it adds a back slash right before the single quote, just like that "Jac\'k".

How to create session of username in php?

4 Answers4

EDIT: