Abhrapratim Nag Abhrapratim Nag - 2 months ago 7
MySQL Question

Data not displaying correctly after user logs in through login form in PHP

The code below is of my user login form. But, after the username and password matches and the page is being redirected, it shows error 'Undefined index in username in [path]'.

<?php
session_start();

require_once "dbreg.php";
$errormsg = array();
$errorcount = 0;
if (!empty($_POST)) {
if (empty($_POST['username'])) {
$errormsg[] = "Enter valid username";
$errorcount++;
}
if(empty($_POST['password'])) {
$errormsg[] = "Please enter password";
$errorcount++;
}
if(!empty($_POST['username'])) {
$userquery = mysql_query("SELECT * FROM regform WHERE username='".$_POST['username']."'");
$useroutput = mysql_fetch_assoc($userquery);

if (empty($useroutput)) {
$errormsg[] = "Invalid username or password";
$errorcount++;
}
else {
$queryoutput = mysql_query("SELECT * FROM regform WHERE username = '".$_POST['username']."' AND userpass = '".$_POST['password']."'");
$newoutput = mysql_fetch_assoc($queryoutput);
if (empty($newoutput)) {
$errormsg[] = "Please enter valid login and password";
$errorcount++;
}
else {
$_SESSION['uid'] = $newoutput['id'];
header("Location: http://localhost/classwork2/userprofile.php");
}
}
}
}

?>
<!DOCTYPE html>
<html>

<head>
<meta charset="utf-8">
<title>Login form</title>
</head>

<body>
<h1>Login</h1>
<?php
if (!empty($errormsg)) {
for ($i=0; $i < count($errormsg) ; $i++) {
# code...
?>
<div style="color:red"><?php echo $errormsg[$i]; ?></div>
<?php
}
}
?>
<table border="1">
<form name="lognow" id="lognow" action="reglogin.php" method="post" enctype="multipart/form-data">
<tr>
<td>
<label>Username</label>
</td>
<td>
<input type="text" name="username" id="username">
</td>
</tr>
<tr>
<td>
<label>Password</label>
</td>
<td>
<input type="text" name="password" id="password">
</td>
</tr>
<tr>
<td>
<input type="submit" value="Login">
</td>
</tr>
</form>
</table>
<h3>Or</h3>
<h2>
<a href="reg1.php">Click Here</a> to Register.
</h2>
</body>

</html>


And below is the code to the userprofile.php page

<?php
session_start();
require_once "dbreg.php";

$sql = "SELECT firstname, lastname FROM regform WHERE username = '" . $_SESSION['username'] . "'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);

echo "Hello, " . $row['firstname'] . $row['lastname'] ;

?>


Will be kind if anyone can guide me what am i doing wrong. Also if i keep the above code inside an
if(!empty($_POST['username']))
the page displays blank.

Answer

The problem is, you never did/set $_SESSION['username'] = "YOUR_USERNAME" after successful login, you just did $_SESSION['uid'] = $newoutput['id']; and redirected the user to userprofile.php page.

So the solution is, construct your query based on user's id, rather than user's username. In userprofile.php page, change the query like this:

$sql = "SELECT firstname, lastname FROM regform WHERE id = '" . $_SESSION['uid'] . "'";

// your code

Sidenote: mysql_* functions are deprecated as of PHP 5.5 and are removed altogether in PHP 7.0. Use mysqli or pdo instead. And this is why you shouldn't use mysql_* functions.

Comments