Why is PHP Session for my E-commerce website is not working?

Question

I'm building an ecommerce website project and right at the start, I kept on having the same problem. For some reason that I don't know, it feels like session_star() is not working or not displaying. I already done so many approach the last thing I have done is copy a source code online made by packetcode on youtube. but no results is showing in my browsers

I was expecting that the results will show but even though I referenced alot of sourece code it's still doesn't work and I have no any idea.

heres the index.php file:

<?php

    session_start();

    include "db.php";
    include "retrieve.php";
    include "function.php";
    include "logic.php";

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Exquisite</title>
</head>
<body>
    <div class="container" id="main_cntr">
        <div id="intro_cntr">
            <div id="title_cntr">
                <h2>Welcome to </h1>
                <h1>Exquisite</h1>
            </div>
            <div id="paragraph_cntr">
                <p>Here to provide an excellent support for your style!</p>
            </div>
        </div>

        <?php if(empty($_SESSION['username'])){?>
        <div class="container" id="form">
            <div id="login_cntr">
                <form method="POST">
                    <h2>Login</h2>
                    <label for="username">Username</label><br>
                    <input type="text" name="username" placeholder="Enter your Username"><br>
                    <label for="password">Password</label><br>
                    <input type="password" name="pass" placeholder="Enter your Password"><br>
                    <input type="submit" name="login" value="Login">
                </form>
            </div>
        <?php }?>
        
        <div id="signupOption_cntr">
                <a href="signup(user).php">Create an Account</a>
                <h4>or</h4>
                <a href="login(admin).php">Login as Admin</a>
            </div>  
        </div>
        


        <?php if(!empty($_SESSION['username'])){?>
            <div class="container">
                <h1>Hello again<?php echo $_SESSION['username'];?></h1>

                <form method="POST">
                     <button name="logout">Logout</button>
                </form>
            </div>
        <?php }?>
         
    </div>
</body>
</html>

I also devided the codes as seen in packetcode's video.

here the database code:

<?php

$conn = mysqli_connect('localhost', 'root', '', 'exquisite') or die ("Cannot connect to the Database");

?>

heres the account retrieval code:

<?php

    if(isset($_REQUEST['login'])){
        $uname = $_REQUEST['username'];
        $pword = $_REQUEST['pass'];
    }

?>

here's the function to take data from the server:

<?php

    function login($conn, $uname, $pword){
        $sql = "SELECT * FROM `user_acc` WHERE `username` = '$uname'";
        $query = mysqli_query($conn, $sql);
        return $query;
    }

?>

and here's the code for validation:

<?php

    if(isset($_REQUEST['login'])){
        $result = login($conn, $uname, $pword);

        foreach($result as $r){
            $passw_check = password_verify($pword, $r['password']);

            if($passw_check){
                $_SESSION['username'] = $r['username'];

                header("location: home.php");
            }
        }
    }

    if(isset($_REQUEST['logout'])){
        session_destroy();
        header("location: index.php");
        exit();
    }

?>

(1) Make sure your are using parameterized prepared statements which are resilient against SQL injection (2) Make sure you put `session_start();` to the **top** of the PHP scripts (3) Please check the value of `$query;` (return value of login function) , I believe it is **boolean** only. So you are missing something like `fetch_assoc()` . — Ken Lee, Dec 04 '22 at 03:16
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, Dec 04 '22 at 11:16

score -1 · Answer 1 · answered Dec 04 '22 at 04:36

-1

Need more information. if you are using separate file to validation make sure you are include sessio_start(); on that file too. without session_start(); session_destroy(); will not work.

<?php
session_start();
    if(isset($_REQUEST['login'])){
        $result = login($conn, $uname, $pword);

        foreach($result as $r){
            $passw_check = password_verify($pword, $r['password']);

            if($passw_check){
                $_SESSION['username'] = $r['username'];

                header("location: home.php");
            }
        }
    }

    if(isset($_REQUEST['logout'])){
        session_destroy();
        header("location: index.php");
        exit();
    }

?>

answered Dec 04 '22 at 04:36

T.M Sahran

38
1
5

Because I included the validation in the index.php, putting another session_start() only gave me an error. According to the error, the session_start() in the index.php will be ignored because of the session_start() in the validation. The main issue here is whatever I do, I'm always stuck at the index.php. I even put a log out button that will only show once the username and password is validated but it won't show whatever I do – IT-boi Dec 04 '22 at 07:37
Oh sory i dont think about it. – T.M Sahran Dec 04 '22 at 17:24

Why is PHP Session for my E-commerce website is not working?

1 Answers1