treehouse : what would you like to learn today?
Web Design Web Development iOS Development

Forums

Illustration by Nick Sirotich

Problem with setting a variable $_POST

  • robbinj
    Permalink to comment #
    Hi!
    I'm trying to use the variable $username in my index.php (I want to echo out Logged in as '$username').
    I set the variable $username and register a session in my checklogin.php, but I cant seem to use it when I'm in my index.php.

    I am probably doing something wrong here, but I can't see what, I need your help finding a solution to this problem :)

    Code from index.php
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
    <html xmlns="http://www.w3.org/1999/xhtml&quot; >
    <head>
    <title>Webb B</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="keywords" content="" />
    <meta name="description" content="" />
    <link href="style.css" rel="stylesheet" type="text/css" media="all" />
    </head>
    <body>

    <div id="header">
    <div class="wrap">

    <div id="login_area">

    <?php

    session_start();

    $username = $_SESSION['username'];

    if (!session_is_registered(username)) {
    	echo '<form name="log_form" id="log_form" action="checklogin.php" method="post">
    <input type="text" id="username" name="username" method="post" value="Användarnamn">
    <input type="password" id="password" name="password" method="post" value="Lösenord">
    <input type="submit" name="log_submit" id="log_submit" value="Logga in"><div class="clearer"></div>
    <a href="#">Inte medlem?</a>
    </form>';
    }
    else {
    	echo '<p class="logged_in">Inloggad som ' . $username . '!</p><div class="clearer"></div>';
    	echo '<p class="log_out"><a href="logout.php">Logga ut</a></p>';
    }

    ?>

    </div>

    <div class="clearer"></div>

    </div>
    </div>


    <div id="main">
    <div class="wrap">
    <form name="search" id="search" action="search.php" method="get" enctype="multipart/form-data">
    <div id="search_form_wrap">
    <input type="text" id="search_form" name="search_form" value="Sök..." onclick="this.value='';"><input type="submit" name="submit" id="search_submit" value="">
    </div>
    </form>

    <div class="clearer"></div>

    <div id="main_start">

    </div>

    </div>
    </div>



    <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.js"></script&gt;
    <script type="text/javascript" src="js.js"></script>
    </body>
    </html>


    and checklogin.php
    <? ob_start(); ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
    <html xmlns="http://www.w3.org/1999/xhtml&quot; >
    <head>
    <title>Webb B</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="keywords" content="" />
    <meta name="description" content="" />
    <link href="style.css" rel="stylesheet" type="text/css" media="all" />
    </head>
    <body>

    <?php

    require_once "scripts/login.php";

    // error_reporting(E_ALL); ini_set('display_errors', 'On');

    $username = $_POST['username'];
    $password = $_POST['password'];

    // $username = stripslashes($username);
    // $password = stripslashes($password);
    // $username = mysql_real_escape_string($username);
    // $password = mysql_real_escape_string($password);

    $sqlCommand = "SELECT * FROM members WHERE membername='$username' AND memberpassword='$password'";
    $query = mysqli_query($myConnection, $sqlCommand) or die (mysqli_error());
    $num_rows = mysqli_num_rows($query);
    if ($num_rows == 1) {
    	session_register("username");
    	session_register("password");
    	header("location: index.php");
    }
    else {
    	echo 'Fel! Försök igen!';
    }

    ?>

    <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.js"></script&gt;
    <script type="text/javascript" src="js.js"></script>
    </body>
    </html>

    <? ob_flush(); ?>


    Can anyone explain to me why I can't use the variable $username?
  • traq
    Permalink to comment #
    Your session is not being started in index.php. You must start sessions (and do anything else that involves sending headers) before you start output to the browser. By starting your page with plain HTML, you have no chance at using $_SESSION.

    Output buffering (as used in your checklogin.php), imo, is not a solution for this problem. Yes, it works, but it's hacky and fragile. OB has its uses, but this is an issue with a much cleaner solution:

    When writing PHP scripts, put all of the PHP code _first_.
    Put all output (HTML, echo, print etc.) _last_.
    Much cleaner, more flexible, all problems related to body vs. http headers solved. Example:

    <?php
    session_start();
    $username = $_SESSION['username']; 
    $output = "Welcome back, $username!";
    /*  other code  */
    // BTW, "$username = $_SESSION['username']" is bad also.
    // what if $_SESSION['username'] doesn't exist yet?
    // you get no output, no error handling.
    // you get a warning (which may not be displayed) 
    // ...and opportunity for /actual/ problems later in your script.
    // check that the variable is set/ not empty first. maybe:
    /* 
    $username = empty( $_SESSION['username'] )? 
        "guest":
        $_SESSION['username'];
    */
    ?>
    <!DOCTYPE html>
    <!-- html,etc. -->
    <h1>Hello!</h1>
    <p><?= $output ?></p>
    <!-- etc.,/html -->


    During development, you should adjust PHP's error settings to show warnings and errors.
    <?php
    error_reporting( -1 );


    This way, PHP can give you clues as to what's going wrong (in this case, you are getting warnings like "Cannot send session cache limiter - headers already sent" and "Undefined index: username (referring to $_SESSION['username'])").

    Turn error reporting back off when your site is ready to go public, of course.
Add a Comment