0

I'm developing a private Ledger system that provides me with a clear overview I have a file named authenticate.php that includes the login system and makes connection with the database.

I have a table named accounts that contains username and password and have updated the table where I have added first_name and display_name to the table.

The idea is that the first_name and display_name is being being proccesed true the authenticate.php where acts as a $_SESSION[''] to use it as <?php echo $_SESSION['first_name']; ?> in other pages to display the users first name that is login in.

I have also tried some other options from topics on Stackoverflow but don't know where what to add to make it work.

The authenticate.php includes the following code:

    <?php
    session_start();
    // Change this to your connection info.
    $DATABASE_HOST = 'xxxx';
    $DATABASE_USER = 'xxxx';
    $DATABASE_PASS = 'xxxx';
    $DATABASE_NAME = 'xxxx';
    // Try and connect using the info above.
    $con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
    if ( mysqli_connect_errno() ) {
        // If there is an error with the connection, stop the script and display the error.
        exit('Failed to connect to MySQL: ' . mysqli_connect_error());
    }
    
    // Now we check if the data from the login form was submitted, isset() will check if the data exists.
    if ( !isset($_POST['username'], $_POST['password']) ) {
        // Could not get the data that should have been sent.
        exit('Please fill both the username and password fields!');
    }
    
    // Prepare our SQL, preparing the SQL statement will prevent SQL injection.
    if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
        // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
        $stmt->bind_param('s', $_POST['username']);
        $stmt->execute();
        // Store the result so we can check if the account exists in the database.
        $stmt->store_result();
        
        if ($stmt->num_rows > 0) {
            $stmt->bind_result($id, $password);
            $stmt->fetch();
            // Account exists, now we verify the password.
            // Note: remember to use password_hash in your registration file to store the hashed passwords.
            if (password_verify($_POST['password'], $password)) {
                // Verification success! User has logged-in!
                // Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
                session_regenerate_id();
                $_SESSION['loggedin'] = TRUE;
                $_SESSION['name'] = $_POST['username'];
                $_SESSION['id'] = $id;
                header('Location: ../../inkomen en uitgaven.php');
            } else {
                // Incorrect password
                header('Location: ../../Iogin.php');
            }
        } else {
            // Incorrect username
            header('Location: ../../Iogin.php');
        }




    $stmt->close();
}
?>

Perhaps something I should have mentioned from the beginning but is a bambie when it comes to php

Sven
  • 13
  • 3
  • `no luck with making it work!` - how? Error(s)? – Can O' Spam Jul 22 '22 at 14:25
  • let me rephrase that part don't know where to add it to make it work. – Sven Jul 22 '22 at 14:28
  • You are using outdated and inconvenient method of fetching data from database. use get_result() instead of store_result() and then just SELECT * and fetch the entire row using fetch_assoc(). Then just get your username or whatever – Your Common Sense Jul 22 '22 at 14:34

0 Answers0