-1

I have been working is a website I have been dealing with a problem from a while, and now I know why it is happening, but not how to solve it. Please help!!

Page 1: In the first page, login page set the $_SESSION['user_id'] is stored the value that are fetch in database user id. In same page can print session and it work properly(the $_SESSION['user_id'] is print) and also navigate the next page(user home).

page 2: In page 2(user home) the $_SESSION['user_id'] is turned into null value why this happen? most probably see this problem in, forgot to set the session start but I was set session start both page...

page 1

<?php
if (isset($_POST['sub'])) {
    $user = $_POST['user'];
    $pass = $_POST['pass'];
    $con  = mysqli_connect("localhost", "root", "");
    $db   = mysqli_select_db($con, "Database");
    $qry  = "select * from TABLE where username='$user' and password='$pass'";
    $res = mysqli_query($con, $qry) or die("could not connect to mysql");
    $row = mysqli_fetch_array($res);
    $len = mysqli_num_rows($res);
    if ($len <= 0) {
        echo "<script>";
        echo "alert('Oops.Username Or Password Incorrect!');window.location.href='login.php';";
        echo "</script>";
    } else {
        session_start();
        $_SESSION['id']      = $row['id'];
        $_SESSION['message'] = $user;
        $_SESSION['logout']  = "";
        $id                  = $_SESSION['id'];
        echo "<script>";
        echo "alert('log in Success $id ');window.location.href='login.php';"; //$id is print correctly 
        echo "</script>";
    }
}

?>

page 2

<?php
ob_start();
session_start();

if (isset($_SESSION['id'])) {
    $id = $_SESSION['id'];
    echo "$user"; // not printed
}
if (isset($_SESSION['message'])) {
    $msg = $_SESSION['message'];

    $_SESSION['message'] = "";
}
if (isset($_SESSION['logout'])) {
    $msg = $_SESSION['logout'];
    if ($msg == 'logout') {
        header("location:login.php");
        $_SESSION['message'] = "you must login first";
        exit(0);
    }
}
?>

    <?php
echo "welcome"; // only print this string the above session are not work  
?>

I also use this code before some project and it work correctly then why this time the session value not working?

Akshay Ashokan
  • 13
  • 3
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Nov 17 '19 at 18:15
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Nov 17 '19 at 18:15
  • Please read: [Should we ever check for mysqli_connect() errors manually?](https://stackoverflow.com/q/58808332/1839439) – Dharman Nov 17 '19 at 18:15
  • [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) – Dharman Nov 17 '19 at 18:15

1 Answers1

-1

use session in the start in first page, like this. Hopefully this will work

 <?php
session_start(); 
if (isset($_POST['sub'])) 
{
            $user=$_POST['user'];
            $pass=$_POST['pass'];
            $con=mysqli_connect("localhost","root","");
            $db=mysqli_select_db($con,"Database");
            $qry="select * from TABLE where username='$user' and password='$pass'";
            $res=mysqli_query($con,$qry)or die("could not connect to mysql");
            $row=mysqli_fetch_array($res);
            $len=mysqli_num_rows($res);
            if($len<=0)
             {
               echo"<script>";
               echo"alert('Oops.Username Or Password Incorrect!');window.location.href='login.php';";
               echo"</script>";
            }
           else
            {

        $_SESSION['id']=$row['id'];
        $_SESSION['message']=$user;
        $_SESSION['logout']="";
        $id=$_SESSION['id'];
        echo"<script>"; 
        echo"alert('log in Success $id ');window.location.href='login.php';"; //$id is print correctly 
        echo"</script>";
        }
    }

?>
Murtaza Ahmad
  • 267
  • 1
  • 5
  • 16