Data not displaying correctly after user logs in through login form in PHP

Question

The code below is of my user login form. But, after the username and password matches and the page is being redirected, it shows error 'Undefined index in username in [path]'.

<?php
session_start();

require_once "dbreg.php";
$errormsg = array();
$errorcount = 0;
if (!empty($_POST)) {
  if (empty($_POST['username'])) {
    $errormsg[] = "Enter valid username";
    $errorcount++;
  }
  if(empty($_POST['password'])) {
    $errormsg[] = "Please enter password";
    $errorcount++;
}
if(!empty($_POST['username'])) {
$userquery = mysql_query("SELECT * FROM regform WHERE username='".$_POST['username']."'");
$useroutput = mysql_fetch_assoc($userquery);

if (empty($useroutput)) {
  $errormsg[] = "Invalid username or password";
  $errorcount++;
}
else {
  $queryoutput = mysql_query("SELECT * FROM regform WHERE username = '".$_POST['username']."' AND userpass = '".$_POST['password']."'");
  $newoutput = mysql_fetch_assoc($queryoutput);
  if (empty($newoutput)) {
    $errormsg[] = "Please enter valid login and password";
    $errorcount++;
  }
  else {
    $_SESSION['uid'] = $newoutput['id'];
    header("Location: http://localhost/classwork2/userprofile.php");
  }
}
}
}

 ?>
    <!DOCTYPE html>
    <html>

    <head>
        <meta charset="utf-8">
        <title>Login form</title>
    </head>

    <body>
      <h1>Login</h1>
      <?php
      if (!empty($errormsg)) {
        for ($i=0; $i < count($errormsg) ; $i++) {
          # code...
          ?>
          <div style="color:red"><?php echo $errormsg[$i]; ?></div>
          <?php
        }
      }
       ?>
        <table border="1">
            <form name="lognow" id="lognow" action="reglogin.php" method="post" enctype="multipart/form-data">
                <tr>
                    <td>
                        <label>Username</label>
                    </td>
                    <td>
                        <input type="text" name="username" id="username">
                    </td>
                </tr>
                <tr>
                    <td>
                        <label>Password</label>
                    </td>
                    <td>
                        <input type="text" name="password" id="password">
                    </td>
                </tr>
                <tr>
                  <td>
                    <input type="submit" value="Login">
                  </td>
                </tr>
            </form>
        </table>
        <h3>Or</h3>
        <h2>
          <a href="reg1.php">Click Here</a> to Register.
        </h2>
    </body>

    </html>

And below is the code to the userprofile.php page

<?php
session_start();
require_once "dbreg.php";

$sql = "SELECT firstname, lastname FROM regform WHERE username = '" . $_SESSION['username'] . "'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);

echo "Hello, " . $row['firstname'] . $row['lastname'] ;

?>

Will be kind if anyone can guide me what am i doing wrong. Also if i keep the above code inside an if(!empty($_POST['username'])) the page displays blank.

That's because you never did/set `$_SESSION['username'] = "YOUR_USERNAME"` after successful login, you just did `$_SESSION['uid'] = $newoutput['id'];` and redirected the user to *userprofile.php* page. — Rajdeep Paul, Sep 10 '16 at 19:42
Many thanks for your answer, but there ar lots of usernames and passwords (suppose), then its not possible to use this method i guess, so then what to use? or how should i modify the code? — Abhrapratim Nag, Sep 10 '16 at 19:45
I've given a solution below, hopefully this will resolve your issue. — Rajdeep Paul, Sep 10 '16 at 19:53

score 0 · Accepted Answer · edited May 23 '17 at 12:08

0

The problem is, you never did/set $_SESSION['username'] = "YOUR_USERNAME" after successful login, you just did $_SESSION['uid'] = $newoutput['id']; and redirected the user to userprofile.php page.

So the solution is, construct your query based on user's id, rather than user's username. In userprofile.php page, change the query like this:

$sql = "SELECT firstname, lastname FROM regform WHERE id = '" . $_SESSION['uid'] . "'";

// your code

Sidenote: mysql_* functions are deprecated as of PHP 5.5 and are removed altogether in PHP 7.0. Use mysqli or pdo instead. And this is why you shouldn't use mysql_* functions.

edited May 23 '17 at 12:08

Community

1
1

answered Sep 10 '16 at 19:52

Rajdeep Paul

16,887
3
18
37

Yes it works now. Thx and i should definitely use mysqli – Abhrapratim Nag Sep 10 '16 at 19:56
1

@AbhrapratimNag You're welcome. And if you're going start with `mysqli`, I suggest you to read about [prepared statements](https://en.wikipedia.org/wiki/Prepared_statement) as well. – Rajdeep Paul Sep 10 '16 at 19:59
Yes of course @Rajdeep i will. Just a question, for 'mysqli' will W3 Schools or any other be a good place? – Abhrapratim Nag Sep 10 '16 at 20:03
@AbhrapratimNag You can Google start from anywhere, but always keep an eye on official documentation, [http://php.net/manual/en/book.mysqli.php](http://php.net/manual/en/book.mysqli.php) – Rajdeep Paul Sep 10 '16 at 20:06
Ok i will. Thank you. – Abhrapratim Nag Sep 10 '16 at 20:08

Data not displaying correctly after user logs in through login form in PHP

1 Answers1