Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -1 down vote favorite

I have a login page which records the username that the user enters and adds it to a variable of $uname. However when the page after the login page loads, I cannot echo the $uname. For example, when i type 

Welcome <?php echo $uname; ?>

it does not insert the username.

below is a copy of my login-validation code. but I am not sure if the $_SESSION variable is working correctly, or how to reference it in my profile.php file.

<?php
session_start();
  $_SESSION['uname'] = $uname;

// Grab User submitted information
$uname = $_POST["uname"];
$pass = $_POST["pass"];

// Connect to the database
$con = mysql_connect("mysql.*********.co.uk","******","************");
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db("onedirectionaffection_members",$con);

$result = mysql_query("SELECT uname, pass FROM users WHERE uname = $uname");

$row = mysql_fetch_array($result);

if($row["uname"]==$uname && $row["pass"]==$pass)
  header("Location: ../../profile/profile.php");
else
    echo"Sorry, your credentials are not valid, Please try again.";


?>

If anyone could help I would be hugely thankful. Also, I am an absolute beginner at all of this so if you need anymore details I'll try my best to answer.

profile.php

<?php
session_start();
echo $_SESSION['uname'];
  ?>
<html>

  <head>
    <title>1D Affection</title>
    <link rel="stylesheet" Type="text/css" href="../css/stylesheet.css" />
    <link rel="stylesheet" Type="text/css" href="../css/font.css" />
    <link rel="stylesheet" Type="text/css" href="../css/profile.css" />
  </head>

  <body bgcolor="white">

    <div id="wrapperhead">
      <div id="headcont">
        <div class="logo">
          <img src="../images/1DA logo ripped.png" height="150px">
        </div>

        <div class="subheading">
          <img src="../images/1d subheading.png" height="150px">
        </div>
      </div>


      </div> <!--END OF HEADER-->
    <div id="nav">




      <div class="navigation">

        <ul>

          <li><a class="nav" href="../index.html">Home</a></li>
          <li><a class="nav" href="#">News</a></li>
          <li><a class="nav" href="#">Fan-fiction</a></li>
          <li><a class="nav" href="#">Gallery</a></li>
          <li><a class="nav" href="#">Testimonials</a></li>
          <li><a class="nav" href="http://www.onedirectionstore.com/" target="_blank">Store</a></li>

        </ul>

      </div> <!-- END OF MENU-->
         <!-- END OF NAVIGATION-->
    </div>

      <div id="wrappercontent">
        <div class="content">
          <div class="maincont">
            <div class="profcust">


          <div class="profpic">

            </div>

            <div class="profinfo">

            </div>
            </div>

        <div class="username">
         Welcome <?php session_start(); echo $uname; ?>
            </div>

        <div class="story">

            </div>



          </div>
      <div class="sidenav">
        Coming Soon

          </div>


        </div><!--end of content-->

    </div>


  </body>

</html>
share|improve this question
3  
session_start(); needs to be inside all the files. –  Fred -ii- yesterday
 
Shouldn't you be grabbing the user information before setting the $_SESSION variable for $uname. –  stewbydoo yesterday
1  
For reference: Your SQL has a gaping security hole in it: sql-injection. Please take note that the code above should be used purely as demo-code and should never be used like this in production. –  berkes yesterday
 
Do you have any advice on how to protect it from an injection attack? thanks –  RJcreatives yesterday
 
You have 2x instances of session_start(); inside profile.php you're creating a new session while overwriting your first. @RJcreatives –  Fred -ii- yesterday
add comment

5 Answers

up vote 2 down vote

Seems like you haven't added session_start(); on top of your profile.php page.

Try like this

//profile.php
<?php
session_start();
echo $_SESSION['uname'];
share|improve this answer
 
I've tried adding your example and still no luck :( am I entering the php correctly in the welcome message? Welcome <?php echo $uname; ?> –  RJcreatives yesterday
 
Try changing your query like $result = mysql_query("SELECT uname, pass FROM users WHERE uname = '$uname'"); –  Shankar Damodaran yesterday
add comment
up vote 2 down vote

This is probably a good part of the issue.

$_SESSION['uname'] = $uname;
$uname = $_POST["uname"];

Your setting your session's uname to blank on every load of that page. Put $_SESSION['uname'] = $uname; at the end of the code when it's validated.

share|improve this answer
 
Still no luck :( I will add my profile.php code into the question so you can have a better look. Thanks –  RJcreatives yesterday
 
$uname is not global - you have to reset it manually on that page again. The part that you say echo $_SESSION['uname'] should be $uname = $_SESSION['uname']; –  Deryck yesterday
add comment
up vote 2 down vote

1) You need to add a value to $uname first, then assign its value to $_SESSION element, so it's better be like this:

$uname = $_POST['uname'];
$_SESSION['uname'] = $uname;

or even like this:

$_SESSION['uname'] = $_POST['uname'];

2) As already mentioned, At profile.php you should also have session_start();

3) Make a clean exit like this:

header("Location: ../../profile/profile.php");
exit();

My bet is that it should be working fine after.

share|improve this answer
add comment
up vote 1 down vote

Some how, this is now working. From what I can figure out, the solution was to call in the $_SESSION variable, and then wrap that inside another variable. so 

<?php
session_start();
$uname = $_SESSION['uname'];
  ?>

Thanks for all the help :D

share|improve this answer
 
I included some added information in my answer at the bottom which will prove to be beneficial, concerning berkes' comment –  Fred -ii- yesterday
add comment
up vote 1 down vote

session_start(); needs to be inside all pages using sessions.

I tested the following:

<?php 
session_start(); // page_2.php
echo "Welcome " . $_SESSION['uname'];
?>

In conjunction with my test page: page_a.php

<?php 
session_start(); 
$uname = "FRED";
$_SESSION['uname'] = $uname; 
?>

<a href="page_2.php">CLICK</a>

Echo'ed Welcome FRED on page 2.

I also noticed you have another instance of session_start(); in your page profile.php, remove it because you will be starting a new session while overwriting your first.

<div class="username">
Welcome <?php session_start(); echo $uname; ?>
</div>

Therefore you should be using:

$uname = $_SESSION['uname'];

in conjunction with:

<div class="username">
<?php echo "Welcome " . $_SESSION['uname']; ?>
</div>

As berkes stated in this comment you have a security issue: 

$uname = $_POST["uname"];
$pass = $_POST["pass"];

Change it to:

$uname = mysql_real_escape_string($_POST['uname']);
$pass = mysql_real_escape_string($_POST['pass']);

MySQL_ functions are deprecated, therefore using MySQLi_ with prepared statements is highly suggested or PDO.

Do read the following articles:

share|improve this answer
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.