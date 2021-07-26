I recently upgraded to PHP 7 and PDO from mysql and I’ve managed to get register/login working with sessions but I’m having a hard time getting the session to work with other things like reviews not being posted with session users username but the main thing I want to fix is fetching the currently logged in users details for Profile.php, for some reason I am only able to view user1’s details even when I’m signed into user2’s account, which obviously I don’t want, Can anyone help? I will add my code in order.

I know it’s a kinda long one so I would be really grateful for some help…I managed to shorten a lot on the profile.html so its easier to read

( Also I dont know why the session is “$_SESSION[‘email’];” I’m assuming it’s due to logging in with email rather than username and for some reason I can’t make it “$_SESSION[‘username’];” without changing the login form to username instead of email…is it possible to sign in with email but have session as username? )

1 - connect.php

<?php $host = 'localhost'; $dbuser = 'mainuser'; $dbpwd = 'pass'; $dbname = 'admin_'; //set DSN// $dsn = 'mysql:host=' . $host .';dbname=' . $dbname; //Create PDO instance// //Attempt MySQL server connection.// $dbh = new PDO($dsn, $dbuser, $dbpwd); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); ?>

2 - Register.php

<?php session_start(); include("/var/www/vhosts/myweb.co.uk/httpdocs/PHP/connect.php"); if (isset($_POST['create'])) { $username = $_POST['username']; $email = $_POST['email']; $psw = $_POST['psw']; $pswrepeat = $_POST['pswrepeat']; $pdo = $dbh->prepare("SELECT count(*) from `users` WHERE `email` = ?"); $pdo->bindParam(1, $email, PDO::PARAM_STR); $pdo->execute(); $count = $pdo->fetchColumn(); if($count > '0'){ die("email already exists!"); }else{ if($psw == $pswrepeat){ $hashPassword = password_hash($psw, PASSWORD_DEFAULT); $sql = $dbh->prepare("INSERT INTO `users` (username, email, psw) VALUES (?, ?, ?)"); $sql->bindParam(1, $username, PDO::PARAM_STR); $sql->bindParam(2, $email, PDO::PARAM_STR); $sql->bindParam(3, $hashPassword, PDO::PARAM_STR); $sql->execute(); header("location:https://www.myweb.co.uk/Account/signupcomplete.php"); exit; } } } ?>

3 - Login

<?php session_start(); $_SESSION['email'] = "<?php echo {['$username']} ?>"; include('/var/www/vhosts/myweb.co.uk/httpdocs/PHP/connect.php'); if (isset($_POST['loginbtn'])) { $email = $_POST['email']; $psw = $_POST['psw']; $sql = $dbh->prepare("SELECT * FROM `users` WHERE `email` = ?"); $sql->bindParam(1, $email, PDO::PARAM_STR); $sql->execute(); $fetch = $sql->fetch(); if ($fetch != null) { $passHash = $fetch['psw']; if(password_verify($psw, $passHash)) { header("location:https://www.myweb.co.uk/Account/loginsuccessful.php"); exit; }else{ echo('Password incorrect !'); } }else{ echo('Email does not exist !'); } } ?>

4 - Profile.html