0

I have one class file with login function

I create session in login function when user is already registered but when i fetch that session in another page it display empty session

operation.php

session_start();
class Operation
{
    private $_conn;

    public function __construct()
    {
        // code of connection with DB
        $this->_conn = $con;
        // connection succcessfully done
    }
    function login() {
      $login_sql = $this->_conn->prepare("SELECT * FROM tbl_user WHERE (email=:email OR mobile=:mobile) AND password=:password");
      $login = $login_sql->execute(array('email' => $email,'mobile' => $mobile,'password' => $password));
      $res_login = mysqli_num_rows($login);
      if ($res_login == 1) {
          $res_login = mysqli_fetch_assoc($login);
          $login_arr  = array('user_id' =>$res_login['id'],'first_name' =>$res_login['first_name'],'last_name' =>$res_login['last_name'],'email' =>$res_login['email'],'mobile' =>$res_login['mobile'],'point'=>($res_login['accumulated_points']-$res_login['used_points']));
          $_SESSION["login_data"] = $login_arr;
          print_r($_SESSION); // Here session print successfully
          echo "User successfully login";
       } else {
           echo "invalid user";
       }
    }
}
op = new Operation();
$op->login();

get_data.php

session_start();
print_r($_SESSION);

First of all, I run operation.php in on browser tab it displays session data but after that i run get_data.php in another tab it displays empty array.

Please help me where i am wrong...

Nidhi
  • 1,529
  • 18
  • 28
  • 1
    Off topic but can I please suggest you read this thread on preventing PHP SQL Injection, as your code is vulnerable to it at the moment: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – mattjegan Jul 21 '17 at 05:48
  • 1
    You're missing a semicolon after each `session_start ()`. Check to make sure `session_start ()` is at the top of the file. – JJJ Jul 21 '17 at 05:51
  • 1
    don't to get parsing error for : `session_start() ; // missed` – Jigar Shah Jul 21 '17 at 05:52
  • i correct my errors still not get data in get_data.php@JosanIracheta – Nidhi Jul 21 '17 at 05:57

1 Answers1

0

It's normally not practical to hard-code such values into a class code so I'd go for the constructor approach:

<?php

class pardEngine{
    private $hostname;
    private $database;
    private $database_user;
    private $database_user_pass;

    public function __construct($hostname, $database, $database_user, $database_user_pass){
        $this->hostname = $hostname;
        $this->database = $database;
        $this->database_user = $database_user;
        $this->database_user_pass = $database_user_pass;
    }
}


session_start();
$engine = new pardEngine($_SESSION['HOSTNAME'], $_SESSION['DATABASE'], $_SESSION['USER']);
always-a-learner
  • 3,671
  • 10
  • 41
  • 81
  • i have no issue with connection. if I have multiple functions in this same file...then what to do?? sorry but i can't understand what you trying to say... – Nidhi Jul 21 '17 at 05:49
  • are you suggesting to store password in session?? – Jigar Shah Jul 21 '17 at 05:51