PHP session not working after upgrading php version to 7.2

Question

simple website works perfectly on php 5.3 but after upgrading my php version error is happening on sessions . But to login to my website admin page i have been using the following code.

login.php

<?php
session_start();
$msg = "";
include 'connection/conn.php';
if(isset($_POST['submit']))
{
    $email = $conn-> real_escape_string($_POST['email']);
    $password = $conn-> real_escape_string($_POST['password']);
    $error="Check Your Inputs";

    $sql = $conn-> query("SELECT id ,passwor FROM users WHERE email='$email'");
    if ($sql->num_rows > 0) {
        $data = $sql ->fetch_array();
        if (password_verify($password, $data['passwor'])) 
        {
            $_SESSION['logedinemail'] = $email;
             header("Location: Dash"); 
                        exit();

        }
        else
    {
      $msg ="Please Check Your Inputs";

    }

    
    
    }

}
    
    

?>

and my dashboard

<?php 
session_start();
if ($_SESSION['logedinemail']==true) {
   
  }
 else
 {
        
   header("Location: index.php"); 
 }
       

?>

But recently i upgraded my php version to 7.2 and the following error shows up PHP Notice: Undefined index: logedinemail in /home/xx/yy/zz/Dash.php on line 3 thanks

You should look into using parameterized [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of manually escaping and injecting the user data into the queries like that. Also, you shouldn't escape the passwords since it might change them and you're still just storing the hash, not the original string. When you then move to use prepared statements (which you really should), you will still need to escape the passwords before matching. — M. Eriksson, Dec 02 '20 at 09:00
The website probably works exactly as it did before. A not too uncommon scenario would be that your previous version had an higher error-reporting level (like E_ERROR) which hides warnings and notices. The new version probably have a lower reporting level, including warnings and notices. The underlying issue was probably always there though. — M. Eriksson, Dec 02 '20 at 09:03
Does this answer your question? ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) — Dharman, Dec 02 '20 at 10:43

score 2 · Answer 1 · edited Dec 02 '20 at 08:59

If you aren't logged in or your user was not found in your DB or the password is incorrect you have not created the index 'logedinemail' in the session array.

When you do $_SESSION['logedinemail'] == true, PHP tries to compare the value but the index in $_SESSION wasn't created and you get the error you are looking at.

Either initiate this superglobal with $_SESSION['logedinemail'] = false globally in your login.php (before doing if(isset($_POST['submit']))) or check if it's set with (in dashboard):

if (isset($_SESSION['logedinemail']) && $_SESSION['logedinemail'] === true) { ... }

Also, it is better to always compare type secure with === instead of ==.

thanks error disappears but still session is not running i don't now why — Mohammed Yahya, Dec 02 '20 at 09:10

PHP session not working after upgrading php version to 7.2

1 Answers1