How do I print user information once logged in?

Question

I've added a login system to my website but it seems the information isn't properly being stored in the session. When I try to open up the destination page, I am trying to echo the user_id, but I get the error: "Trying to access array offset on value of type null". From what I can see, this shouldn't be null since it is set in my login.php script. For further info, I've included the signup, login and function scripts. Any help would be massively appreciated.

login.php:

    <?php

session_start();

require ("connection.php");
require ("functions.php");

if ($_SERVER['REQUEST_METHOD'] == "POST")
{

    if (isset($_POST['email']) || isset($_POST['password']))
    {
        $email = $_POST['email'];
        $password = $_POST['password'];

        if (!empty($email) && !empty($password))
        {

            $query = ("select * from users where email = '$email' and password = '$password' and organiser_yn = 'N' limit 1");
            $result = mysqli_query($con, $query);

            $query2 = ("select * from users where email = '$email' and password = '$password' and organiser_yn = 'Y' limit 1");
            $result2 = mysqli_query($con, $query2);

            if ($result)
            {
                if ($result && mysqli_num_rows($result) > 0)
                {
                    $user_data = mysqli_fetch_assoc($result);

                        $_SESSION['user_id'] = $user_data['user_id'];
                        header("Location: EventPlannerSignedIn.php");
                        die;
                    
                    
                } elseif ($result2 && mysqli_fetch_assoc($result2) > 0)
                {
                    $user_data2 = mysqli_fetch_assoc($result2);
                    $_SESSION['user_id'] = $user_data2['user_id'];
                    header("Location: EventPlannerOrganiser.php");
                    die;
                }
                
                
                else
                {
                    echo "Email or password is incorrect.";
                }
            }
        }
    }
}

?>

signup.php:

  <?php 
session_start();

    include("connection.php");
    include("functions.php");


    if($_SERVER['REQUEST_METHOD'] == "POST")
    {
        if(isset($_POST['name']) || isset($_POST['email']) || isset($_POST['password']) ) 
        {
        $name = $_POST['name'];
        $email = $_POST['email'];
        $password = $_POST['password'];

        if(!empty($email) && !empty($password))
        {

            $user_id = random_num(20);
            $query = "insert into users (user_id,name,email,password) values ('$user_id','$name','$email','$password')";

            mysqli_query($con, $query);

            header("Location: login.php");
            die;
        }
        else
        {
            echo "The information you have entered is invalid.";
        }
    }
}
?>

destination page

<?php

session_start();

include("connection.php");
include("functions.php");

$user_data2 = check_login($con);
?>

<!DOCTYPE html>
<html lang="en">
   <head>
      
   </head>
   <body>
      <?php echo $user_data2['user_id'];?>
   </body>
   </html>

function:

<?php

function check_login($con)
{

    if(isset($_SESSION['user_id']))
    {

        $id = $_SESSION['user_id'];
        $query = "select * from users where user_id = '$id' limit 1";

        $result = mysqli_query($con,$query);
        if($result && mysqli_num_rows($result) > 0)
        {

            $user_data = mysqli_fetch_assoc($result);
            return $user_data;
        }
    }
    die;

}
?>

Why is `$user_id` a random number on signup? What does `check_login($con)` do? Did you `var_dump($user_data2)` to see what it contains? — brombeer, Jul 27 '21 at 14:10
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Jul 27 '21 at 14:10
Please note that login system is absolutely useless and does not protect anything. It allows anyone to log in even without an account — Dharman, Jul 27 '21 at 14:11
User ID is just a random reference to an account, echoing that just to test functionality. I have added check_login above. I need only a very basic login system for now, so complexity isn't an issue for me. I will use password_hash to store passwords, but I have not yet got around to security regarding SQL injections. var_dump is NULL, but I thought it should contain the result of the query? — Jamie.G099, Jul 27 '21 at 14:24

score -1 · Answer 1 · answered Jul 27 '21 at 14:11

-1

try

<body>
<?php echo $_SESSION['user_id']; ?>
</body>

because you are not storing anything in the $userdata2 and not even initializing any data on that variable, nor from sessions, nor from your actual database.

answered Jul 27 '21 at 14:11

Leo Ramadani

223
1
11

1

What if `check_login($con)` in `$user_data2 = check_login($con);` gets some session variables? – brombeer Jul 27 '21 at 14:12
I don't see this answer supported by any evidence. You have no idea if the variable is populated with some values or not. – Dharman Jul 27 '21 at 14:14
Well, I did not totally got what his code and neither this *check_login($con)*, if he can get any type of data from sessions then he can filter the queries and get any type of data he wants to show. – Leo Ramadani Jul 27 '21 at 14:16
Hi @dharman, it's supported by experience. thanks for the -1. – Leo Ramadani Jul 27 '21 at 14:16
Your welcome. If you have evidence that `$user_data2` doesn't contain any data then please explain it. – Dharman Jul 27 '21 at 14:17
Based on his code here, he only called this function once, so I don't really know what is there behind it. I supposed he wanted to get the data from the Sessions but indeed he might have forgotten to actually call the sessions and used other extra variables. I mean, what's the purpose of using Sessions then anyway? – Leo Ramadani Jul 27 '21 at 14:21
Tried this, and did a var_dump on the $_SESSION variable and it's returned null, so it seems nothings actually being passed into it, though I'm unsure as to why. – Jamie.G099 Jul 27 '21 at 14:36
I would recommend this *https://stackoverflow.com/a/19692734/15685403*. I know some of them may seem dumb but it happens all the time :) – Leo Ramadani Jul 27 '21 at 14:44

How do I print user information once logged in?

1 Answers1