I searched and someone did this: var_dump($user); right before $myUser = $_SESSION[“user”]; to see what happens, and this is what it showed:
array(1) { [“userId”]=> string(8) "jsdhsu " }
The jsdhsu is the userid that is logged in.
Here is my login.php code
<?php include("function.php"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login • <?php echo $siteName; ?></title>
<?php include("headscript.php"); ?>
<?php include("logscr.php"); ?>
</head>
<body>
<div id="wrapper">
<div id="header">
<div class="header_top">
<div class="top">
<div class="logo"> <a href="#">Adstar</a> </div>
</div>
<div class="clear"></div>
</div>
<div class="header_bottom">
<?php include("buttons.php"); ?>
<?php include("menu.php"); ?>
</div>
</div>
<div id="body">
<div class="box">
<?php
if(isset($_SESSION["user"])){
echo "<h2>You Are Already Logged In</h2><p>If you are trying to login with a different account, please remember you can not use Proxies when logging in. If you want to sign into another account, close the browser and start again.";
} else {
if(isset($_POST['pass']) && isset($_POST['email'])){
$email = mysqli_real_escape_string($con, $_POST["email"]);
$pass = mysqli_real_escape_string($con, $_POST["pass"]);
$checkPass = mysqli_query($con, "SELECT * FROM users WHERE email = '$email' AND password = '$pass'");
if(mysqli_num_rows($checkPass) != 0){
$confCheck =mysqli_query($con, "SELECT * FROM users WHERE email = '$email' AND confirmed = '1'");
if(mysqli_num_rows($confCheck) != 0){
$userId = mysqli_query($con, "SELECT userId FROM users WHERE email = '$email'");
$uId1 = mysqli_fetch_assoc($userId);
$_SESSION["user"] = $uId1;
mysqli_query($con, "UPDATE users SET lastLogin = NOW() WHERE userId = '$uId1'");
echo "<h2>Login Successful</h2>
} else {
echo "<h2>Login Failed</h2><p>You need to confirm your account! Login to your email and click the link provided.</p>";
}
} else {
$checkEmail = mysqli_query($con, "SELECT * FROM users WHERE email = '$email'");
if(mysqli_num_rows($checkEmail) != 0){
$userId = mysqli_query($con, "SELECT userId FROM users WHERE email = '$email'");
echo "<h2>Login Failed</h2><p>The password you provided for $email is not valid. <a href='login.php?user=$userId'>Request Your Password</a>.";
} else {
echo "<h2>Invalid Login Data</h2><p>The email you entered is not in our database. You can create a new account today and begin earning in minuites.</a>.";
}
}
} else {
echo "<h2>Error: Login Failed </h2> <p>An error occured when passing data to the login page. Restart browser and try again. If the problem happens again, please contact support.";
}
}
?>
</div>
<div class="clear"></div>
</div>
<div id="footer">
<ul>
<?php include("footlinks.php"); ?>
</ul>
</div>
</div>
<?php include("footer.php"); ?>
</body>
</html>