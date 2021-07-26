I recently upgraded to PHP 7 and PDO from mysql and I’ve managed to get register/login working with sessions but I’m having a hard time getting the session to work with other things like reviews not being posted with session users username but the main thing I want to fix is fetching the currently logged in users details for Profile.php, for some reason I am only able to view user1’s details even when I’m signed into user2’s account, which obviously I don’t want, Can anyone help? I will add my code in order.
I know it’s a kinda long one so I would be really grateful for some help…I managed to shorten a lot on the profile.html so its easier to read
( Also I dont know why the session is “$_SESSION[‘email’];” I’m assuming it’s due to logging in with email rather than username and for some reason I can’t make it “$_SESSION[‘username’];” without changing the login form to username instead of email…is it possible to sign in with email but have session as username? )
1 - connect.php
<?php
$host = 'localhost';
$dbuser = 'mainuser';
$dbpwd = 'pass';
$dbname = 'admin_';
//set DSN//
$dsn = 'mysql:host=' . $host .';dbname=' . $dbname;
//Create PDO instance//
//Attempt MySQL server connection.//
$dbh = new PDO($dsn, $dbuser, $dbpwd);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
2 - Register.php
<?php
session_start();
include("/var/www/vhosts/myweb.co.uk/httpdocs/PHP/connect.php");
if (isset($_POST['create'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$psw = $_POST['psw'];
$pswrepeat = $_POST['pswrepeat'];
$pdo = $dbh->prepare("SELECT count(*) from `users` WHERE `email` = ?");
$pdo->bindParam(1, $email, PDO::PARAM_STR);
$pdo->execute();
$count = $pdo->fetchColumn();
if($count > '0'){
die("email already exists!");
}else{
if($psw == $pswrepeat){
$hashPassword = password_hash($psw, PASSWORD_DEFAULT);
$sql = $dbh->prepare("INSERT INTO `users` (username, email, psw) VALUES (?, ?, ?)");
$sql->bindParam(1, $username, PDO::PARAM_STR);
$sql->bindParam(2, $email, PDO::PARAM_STR);
$sql->bindParam(3, $hashPassword, PDO::PARAM_STR);
$sql->execute();
header("location:https://www.myweb.co.uk/Account/signupcomplete.php");
exit;
}
}
}
?>
3 - Login
<?php
session_start();
$_SESSION['email'] = "<?php echo {['$username']} ?>";
include('/var/www/vhosts/myweb.co.uk/httpdocs/PHP/connect.php');
if (isset($_POST['loginbtn']))
{
$email = $_POST['email'];
$psw = $_POST['psw'];
$sql = $dbh->prepare("SELECT * FROM `users` WHERE `email` = ?");
$sql->bindParam(1, $email, PDO::PARAM_STR);
$sql->execute();
$fetch = $sql->fetch();
if ($fetch != null) {
$passHash = $fetch['psw'];
if(password_verify($psw, $passHash)) {
header("location:https://www.myweb.co.uk/Account/loginsuccessful.php");
exit;
}else{
echo('Password incorrect !');
}
}else{
echo('Email does not exist !');
}
}
?>
4 - Profile.html
<?php
session_start();
if(!isset($_SESSION['email'])){
header("Location:../Account/login.php");
}
?>
<?php
date_default_timezone_set('Europe/London');
include('../PHP/connect.php');
?>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>User Profile</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
</head>
<body>
<?php require '../include/navbar.php';?>
<br><br>
<?php
include("/var/www/vhosts/myweb.co.uk/httpdocs/PHP/connect.php");
//PDO QUERY//
$stmt = $dbh->prepare('SELECT * FROM `users` WHERE `email` = '. $_SESSION['email'] .'');
$stmt->execute();
$fetch = $stmt->fetch();{
?>
<div class="mt-3">
<h4><?php echo $fetch['username']; ?></h4>
<p><?php echo $fetch['bio']; ?></p>
<p><?php echo $fetch['country']; ?></p>
</div>
</body>
</html>