PHP Session Var Not Transferring Across Pages

Question

I have a connect file which is included in the header of my files. The header contains a session start, and I have checked that the session ID is the same across pages. I am trying to echo the $_SESSION['userFirstName'] within some HTML to display the users name. I cannot figure out why it it is blank. There are no error messages from Chrome other than the "Notice: Undefined index: userFirstName

Here is my connect.php

<?php
/*Login handled here*/
$servername = "localhost";
$usernameDB = "root";
$passwordDB = "";
$nameDB = "teacheasy";

//set user and password to values from form
if ( isset($_POST['username']) && isset($_POST['password']) ) { 
    $user = $_POST['username'];
    $pass = $_POST['password'];
} else {
    echo "The values weren't sent";
}

//connect to the database
$_SESSION['connection'] = new mysqli($servername, $usernameDB, $passwordDB,$nameDB);

//Check if the connection was successful
if($_SESSION['connection']->connect_error){
    die("Connection to the database failed: " . $_SESSION['connection']->connect_error);
} else{
//once the DB is connected, get information from the DB to check the records against the data entered
    $sqlUser = "SELECT `teacher_username` FROM `teacher` WHERE `teacher_username`='$user'";
    $sqlPass = "SELECT `password` FROM `teacher` WHERE `password`='$pass'";
    $resultUser = mysqli_query($_SESSION['connection'], $sqlUser);
    $resultPass = mysqli_query($_SESSION['connection'], $sqlPass);
    $textUser = $resultUser->fetch_assoc();
    $textPass = $resultPass->fetch_assoc();

    //get first name and last name to populate the user
    $sqlUserFirstName = "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'";
    $sqlUserLastName = "SELECT `last_name` FROM `teacher` WHERE `teacher_username`='$user'";
    $resultUserFirstName = mysqli_query($_SESSION['connection'], $sqlUserFirstName);
    $resultUserLastName = mysqli_query($_SESSION['connection'], $sqlUserLastName);
    $_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
    $_SESSION['userLastName'] = $_POST[$resultUserLastName->fetch_assoc()];

    //check if the user and password match records in the database
    if($user == $textUser['teacher_username'] && $pass == $textPass['password']){
        //open the calendar if they match
        echo "<script> window.location.assign('../calendar.php'); </script>";
    } else{
        //set this up to load a log in failed page rather than a blank page with error message
        echo "The data entered has no match.";
    }

}

I don't see any [session_start](http://php.net/session_start) in there. — Jonnix, Nov 01 '18 at 14:33
That's because it's in the header which is used before this connect — Enter Strandman, Nov 01 '18 at 14:34
I don't see any reference to a header either. As an aside, putting a DB connection into the session seems like a bad idea. Another aside, why not use `header` redirects than JS ones? — Jonnix, Nov 01 '18 at 14:35
I am pretty sure you cannot use an array as an array key: `$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];`. What `$_POST` variable do you expect to get using this? — jeroen, Nov 01 '18 at 14:36
Be sure to call a session_start on every page to (re)start the session. — Koen Hollander, Nov 01 '18 at 14:37
Following from @jeroen's point, why are you doing 2 queries instead of one? And please try and use prepared statements. — Jonnix, Nov 01 '18 at 14:37
I do start the session and it has been verified via session ID on all pages — Enter Strandman, Nov 01 '18 at 14:37
I am doing separate queries in order to only obtain a single value rather than 2 results. — Enter Strandman, Nov 01 '18 at 14:38
And both plain-text passwords and selecting users by their password sounds really really really wrong. — jeroen, Nov 01 '18 at 14:41
this is for learning not production, so plain text for a password is okay for now — Enter Strandman, Nov 01 '18 at 14:43
Without trying to be harsh, this code is all over the place and to be honest, it may well be worth rewriting from scratch. A few tutorials may well also help. — Jonnix, Nov 01 '18 at 14:45

score 1 · Accepted Answer · answered Nov 01 '18 at 15:01

This is what you done

$user = $_POST['username']
// "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'" // SQL injection here
$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];

As @jeroen said in comments $_SESSION['userFirstName'] must be empty because there is no key in the $_POST that is equals $resultUserFirstName->fetch_assoc() which returns an array! . You should be getting an undefined index error.

$_POST is an array that holds the variables that have been posted with the http request to your server. It has nothing to do with the data returned from your database query unless $_POST['username'] === teacher.first_name and teacher.first_name === teacher.teacher_username

try

$_SESSION['userFirstName'] = $resultUserFirstName->fetch_assoc()['first_name'];

instead of

$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];

Also you are vulnerable to SQL injection attacks, and you should make it a happit to always use prepared statements. Check this answer on how to switch to prepared statements if you are used to concatenating.

Thanks! I still don't have the desired output, I still have a "Notice: Undefined index: userFirstName" error — Enter Strandman, Nov 01 '18 at 16:03
This fixed the issue once i added a session start in the connect! — Enter Strandman, Nov 01 '18 at 16:29

PHP Session Var Not Transferring Across Pages

1 Answers1