I have a working login system, and in places I have been able to get sessions to recognize which user is logged in. I basically just set the session variable as $_SESSION[‘user_name’] to what the user puts in as their username when they log in. That always works fine. The problem seems to be when I try to query all the user’s info from the db. It doesn’t seem to want to accept my variable as the user_name. I’ve tried all types of variables in there. I need to be able to get the user_id of the logged in user so they can make posts. Is there something wrong with my code? I’ve been looking at this for hours.
if(isset($_POST['submit'])){
$username = $_POST['user_name'];
$password = $_POST['user_password'];
if($user->login($username,$password)){
$_SESSION['user_name'] = $username; // set session variable of username to that of logged in user
$data = array();
$sql = "SELECT
user_id
, user_level
, user_type
FROM users
WHERE user_name = '" . $username . "'";
$query = $pdo->prepare($sql);
$query->execute();
while($row = $query->fetch(PDO::FETCH_ASSOC)){
$data[] = $row;
}
$_SESSION['user_id'] = $data[$_SESSION['user_id']];
$_SESSION['user_level'] = $data[$_SESSION['user_level']];
$_SESSION['user_type'] = $data[$_SESSION['user_type']];
I didn’t notice it either. So now I’m still getting an error. The session variable I’m trying to set with that code for the user_id is still coming up as null. I’m testing this out by trying to add a new post to the database with it adding the user_id of the logged in user.
Fatal error: Uncaught exception ‘PDOException’ with message ‘SQLSTATE[23000]: Integrity constraint violation: 1048 Column ‘topic_by’ cannot be null’ in C:\xampp\htdocs\darkerslate\add_topic.php:30 Stack trace: #0 C:\xampp\htdocs\darkerslate\a
You seem to be assigning the value of the array based on the original value of the session variable here, which if they’re just logging in will surely be null? Wouldn’t it be better to read:
I think that’s going to effectively create a two-dimensional array with the set of results in it. Use var_dump() or print_r() to display the contents of $data just before you assign it to the session vars, which I suspect might need to be:
I feel like I’m getting closer to the answer here. I have implemented both solutions, but the var_dump prior to assigning the info to session variables is where the problem is. I get the same type of error if I try $row instead of $data.
Notice: Undefined variable: data in C:\xampp\htdocs\darkerslate\login.php on line 73
NULL
Notice: Undefined variable: data in C:\xampp\htdocs\darkerslate\login.php on line 74
NULL
Notice: Undefined variable: data in C:\xampp\htdocs\darkerslate\login.php on line 75
NULL
So the query is failing. Any idea why? Are you using your original version or the one I posted with bindParam? You still have $data defined as array before query right?
I’m using the code you just posted with bindParam. I have no idea why the query is not working. I clearly have a connection to the db because the login script works and it sets the session variable of user_name to my variable $username.
Okay, so I looked at the db table and my user_name is stored in the db as “admin” (all lowercase). Last time I did the var_dump, it said I was using “Admin”. When I signed out and signed back in all lowercase, I stopped getting the undefined variable notice, but the vardumps are still returning NULL for all the session variables.
Also, to answer your question, this is the only query like that on the page, but I went ahead and changed the variables anyway and it still gives me the error. Here’s the whole page:
<?php
session_start();
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
//include config
require_once('includes/config.php');
//include header template
require('includes/header.php');
//check if already logged in move to home page
if( $user->is_logged_in() ){
echo '<div id="errors">You are already logged in. </div>';
}
//process login form if submitted
if(isset($_POST['submit'])){
$username = $_POST['user_name'];
$password = $_POST['user_password'];
if($user->login($username,$password)){
$_SESSION['user_name'] = $username; // set session variable of username to that of logged in user
$user_data = array();
$get_user_data = "SELECT
user_id
, user_level
, user_type
FROM users
WHERE user_name = :user_name";
$query = $pdo->prepare($get_user_data);
$query->bindParam(":user_name", $username);
$query->execute();
while($row = $query->fetch(PDO::FETCH_ASSOC)){
$user_data[] = $row;
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['user_type'] = $row['user_type'];
}
//header('Location: chapter.php');
//exit;
} else {
$error[] = 'Wrong username or password or your account has not been activated.';
}
}//end if submit
//define page title
$title = 'Login';
?>
<div id = "wrapper">
<div id = "errors">
<?php
var_dump($row['user_id']);
var_dump($row['user_level']);
var_dump($row['user_type']);
var_dump($_SESSION['user_name']);
?></div>
<form role="form" method="post" action="" autocomplete="off">
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p class="bg-danger">'.$error.'</p>';
}
}
if(isset($_GET['action'])){
//check the action
switch ($_GET['action']) {
case 'active':
echo "<h2 class='bg-success'>Your account is now active you may now log in.</h2>";
break;
case 'reset':
echo "<h2 class='bg-success'>Please check your inbox for a reset link.</h2>";
break;
case 'resetAccount':
echo "<h2 class='bg-success'>Password changed, you may now login.</h2>";
break;
}
}
?>
<div id = "form-section">
<div id = "form-header"><img src="img/ds-icon20px.png"> Log in.</div><HR SIZE = "1" WIDTH="100%" NOSHADE>
<small>Username: </small><br />
<input type="text" name="user_name" id="username" placeholder="User Name" value="<?php if(isset($error)){ echo $_POST['user_name']; } ?>" tabindex="1">
<small>Password: </small><br />
<input type="password" name="user_password" id="password" placeholder="Password" tabindex="2">
<br /><br />
<input type="submit" name="submit" value="Login" tabindex="3"> <a href='reset.php'>Forgot your Password?</a>
</div>
</form>
</div>
<?php
//include header template
require('includes/footer.php');
?>
That’s it right there. I moved the var_dumps up just below the other stuff within the brackets and it works great. I’m still trying to wrap my head around these sessions and everything. Basically I’ve been doing PHP for about three weeks. I’m trying to cobble together a website from various tutorials and documentation, trying to decipher how different things work. It’s coming along. I guess my question in response to your WHILE suggestion is do you mean I need to set the WHILE loop so that the variables are set only while the user is logged in? Or is that what session does? I apologize in advance if I ask something trivial, I can understand that new folks might get annoying at times.
If you are just returning a single row of data from a query, you COULD just fetch the array data without using WHILE
$row = $query->fetch(PDO::FETCH_ASSOC);
In this case a variable $row would be available anywhere below where it was set.
If using WHILE, then $row is only available within the WHILE as it loops through records.
As far as whether you use while or not in this case it doesn’t matter that much, just understand that you have to use the $row within WHILE. So unless you need to build a $data array for some other reason on this page, I would remove that. Just set your session KEY to VALUE, keeping in mind of what I said about WHILE, e.g.
$_SESSION['user_id'] = $row['user_id'];
Now like any array with keys and values it’s a good idea to check for the key and if found use the array KEY to get the value. As an example if you were to just use and array KEY for an IF(condition) or to echo directly you would get an error if the key in not set. So say the user has not successfully logged in and you attempt to use this key
So now I’m still getting an error. The session variable I’m trying to set with that code for the user_id is still coming up as null. I’m testing this out by trying to add a new post to the database with it adding the user_id of the logged in user.