-1
  1. I just finished my login script on my website and I'm using sessions. I've set the variables but only the id and not the name and email is set in the cookie. I've tried multiple things but I'm learning and I can't get it fixed
<?php

if (isset($_POST['login'])) {

  require 'db.inc.php';

  $email = $_POST['email'];
  $password = $_POST['password'];

  if (empty($email) || empty($password)) {
    header("Location: ../index.php?error=emptyfields&mailuid=".$email);
    exit();
  }
  else {

    $sql = "SELECT * FROM users WHERE name=? OR email=?;";
    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {

      header("Location: ../index.php?error=sqlerror");
      exit();
    }
    else {

      mysqli_stmt_bind_param($stmt, "ss", $email, $email);

      mysqli_stmt_execute($stmt);
      $result = mysqli_stmt_get_result($stmt);
      if ($row = mysqli_fetch_assoc($result)) {

        $hash = password_verify($password, $row['password']);
        if ($hash == false) {

          header("Location: ../index.php?error=wrongpwd");
          exit();
        }

        else if ($hash == true) {

          session_start();

          $_SESSION['id'] = $row['id'];
          $_SESSION['username'] = $row['name'];
          $_SESSION['email'] = $row['email'];

          header("Location: ../index.php?login=success");
          exit();
        }
      }
      else {
        header("Location: ../index.php?login=wrongpassoremail");
        exit();
      }
    }
  }

  mysqli_stmt_close($stmt);
  mysqli_close($conn);
}
else {

  header("Location: ../diajsdians.php");
  exit();
}
  1. After this script I am logged in and theres a cookie there but no valuable info (session name is set to PHPSESSID with a value of c4ujtetrrn7k8d6b9ui2a7b2o7
Jeremy Stam
  • 17
  • 5
  • 1
    You're confusing cookies and sessions. The session data is stored on the server and only the name of the session is stored in a cookie. The values you placed in the session are available if you retrieve them. – Dave Sep 09 '19 at 18:15
  • How do i retrieve te data so I can check if the sessions are set as they should be? – Jeremy Stam Sep 09 '19 at 18:51
  • `print_r($_SESSION);` – Dave Sep 09 '19 at 18:53
  • I've done that and only email appears, no id or username – Jeremy Stam Sep 09 '19 at 19:00
  • Then do a `var_dump($row);` right after your `session_start` and make sure it contains what you think it does/should. Also, your `session_start` should be the very first thing in the program before anything else (right after the opening ` – Dave Sep 09 '19 at 19:03
  • Fixed it, had to change the variables to ``` $_SESSION['id'] = $row['id']; $_SESSION['user'] = $row['name']; $_SESSION['email'] = $row['email']; – Jeremy Stam Sep 09 '19 at 19:03

1 Answers1

0

I had to make the following changes:

  1. was

    $_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['name'];
$_SESSION['email'] = $row['email'];

  2. fix

    $_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['name'];
$_SESSION['email'] = $row['email'];
Jeremy Stam
  • 17
  • 5