Setting session variables

PHP
1

Im trying to create a login script using PDO

<?php
php include 'inc/functions.php'; 
if(isset($_POST['UserName'],$_POST['Password']))  
{ 

$UserName = $_POST['UserName']; 
$Password = $_POST['Password']; 

    try { 
	$sql =  "SELECT `employeeNumber`, `password`,`userName` FROM `usernames-passwords` WHERE `userName` = :UserName AND `password` = md5(:Password)";


	$stmt = $conn->prepare($sql);
	
		$stmt->execute(array(
			":UserName" => $UserName,
			":Password" => $Password
		));
	$count = $stmt->rowCount();
	
	$row  = $stmt -> fetch();
	
	  
	  if($count==1)
	  {
		  $_SESSION['employeeNumber'] = $row['employeeNumber'];
		  $_SESSION['UserName'] = $UserName;
		  $_SESSION['Password'] = $Password;
	
		  header( "location: welcome.php");
		  exit();
	  }
    } catch (PDOException $e) {     
        echo "Database error: ".$e->getMessage(); 
    }  
$conn = null;
}
?>
...
...
HTML
...
...
         <?php echo '<pre>' . print_r($_POST, TRUE) . '</pre>'; 
         echo $sql;
        echo '<pre>' . print_r($_SESSION, TRUE) . '</pre>'; ?>

the result…

1920×1080 298 KB

The query works (correct username/password) so why arent the SESSION vars being set?

2

Did you start your session at the top of the page? ie session_start();

2 Likes
3

md5 is no good for hashing passwords as it has been rainbow tabled to death. PHP has got functions for dealing with passwords:

http://php.net/manual/en/book.password.php

2 Likes
4

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.