Home » Php » PHP Session. Unable to get to log-in

PHP Session. Unable to get to log-in

Posted by: admin October 26, 2017 Leave a comment

Questions:

Currently trying to show content by logging on. I’m utilizing sessions and hashed passwords. I can’t for the life of me figure out why it’s not displaying that I’m “logged in”. if (isset($_SESSION[‘Id’])) is displaying that I am not logged in, even though I can retrieve my username and password from mysql. I think it may have something to do with sessions on html? Or perhaps the session id is wrong? Idk. If you guys have any ideas I would love to know. I’m kinda new to php so it’s been pretty rough.

Here is my login.php

<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";

$user = $_POST['User'];
$Userpassword = $_POST['Password'];
$password_hash = password_hash($Userpassword, PASSWORD_DEFAULT);

$storedPassword = "";

// Create connection

$conn= mysqli_connect("$servername","$username","$password") or die ("could 
not connect to mysql");
mysqli_select_db($conn, "dpw_recyclopedia") or die ("no database");
$sql = "SELECT Username, Password FROM Users WHERE Username = '".$user."'";
$result = mysqli_query($conn, $sql);


if(! $result ) {
    die('Could not select data: ' . mysqli_error($conn));
}

if (mysqli_num_rows($result) > 0) {
    // output data of each row
    while($row = mysqli_fetch_assoc($result)) {
        //echo "user: " . $row["UserName"]. " " . $row["Password"]. "<br>";
        $storedPassword = $row["Password"];
    }
} else {
    echo "User Not Found";
}

 if (password_verify($Userpassword , $storedPassword)) {
    $_SESSION['Id'] = $row['Username'];
    header ("Location: 'mywebsite');
 }else {
    header ("Location: 'mywebsite');
    exit();

 }

?>

Here is my html page

<?php
include 'DbConfig.php';
session_name('Id');
session_start();
session_regenerate_id();
?>

<!DOCTYPE html>
<html lang="en">

                    <?php

                        if (isset($_SESSION['Id'])){
                                echo "you are logged in";
                            } else {
                                echo "you are not logged in";
                    }

                    echo json_encode($_SESSION);
                    echo json_encode($_COOKIE);
                    ?>
                        <form method = 'POST' action="./ajax/login.php">
                        <input type='text' name='User' placeholder='Email'>
                        <input type='password' name= 'Password' 
placeholder='Password'>
                        <button type='submit'  name='my_form_submit_button'>
                        <span class='glyphicon glyphicon-log-in'></span> 
&nbsp; Sign In
                        </button>
                        </form>

                        <form method = 'POST' action="./ajax/logout.php">
                        <button type='submit'  name='my_form_submit_button'>
                        <span class='glyphicon glyphicon-log-in'></span> 
&nbsp; Sign Out
                        </button>
                        </form>


</html> 
Answers:

Try this code (change if(password_verify) part):

if (password_verify($Userpassword , $storedPassword)) {
    $sql = "SELECT Username, Password FROM Users WHERE Username = '".$user."'";
    if($result = mysqli_query($conn, $sql)) {
        if (mysqli_num_rows($result) > 0) {
            while($row = mysqli_fetch_assoc($result)) {
                $_SESSION['Id'] = $row['Username'];
                header ("Location: 'mywebsite');
                die();
            }
        }
    }
}

Questions:
Answers:

You are effectively using different sessions on your two pages.

In your html page you set your session name to “Id” by using

session_name('Id');

while your login.php page use the default session name since nothing else has been declared.

Ensure that the session name is the same on all pages that need to share the same session, either by declaring the same session name or by using the default.