0

I am having index.php page as follow which have a login form, that calls login.php page. It creates session values over there.

<?php 
  session_start();
  $con=mysqli_connect("localhost","root","","sam");
  if (mysqli_connect_errno($con))
  {
      echo "Could not connect " . mysqli_connect_error();
  }
  $id = $_SESSION["id"];
  $user_login = $_SESSION["user_login"];
  $password_login = $_SESSION["password_login"];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Samsung Ops Guide</title>
<link href="css/index.css" rel="stylesheet" type="text/css" />
</head>

<body>

    <a href="#" class="title">Tracker</a>
    <form action="login.php" method="post" id="login">
    <input id="email" placeholder="T-ID" type="text" name="em" />
    <input id="email" placeholder="Password" type="password" name="pwd"/>
    <input id="loginButton" type="submit" value="Login" name="log" />
    </form>
    <div id="error1"></div>


</body>
</html>
<?php 
if (isset($_SESSION["user_login"]) && isset($_SESSION["password_login"])) {
$query = mysqli_query($con,"select * from employees where Tid='$user_login' and    password='$password_login'");
while($row = mysqli_fetch_array($query)){ 
         $ptype = $row["designation"];
}
if($ptype=="agent")
{
    header("location:/new/l1/");
}

if($ptype=="l2")
{
    header("location:/new/l2/");
}

 }
?>

Then having a login.php page which is called when the login form is called. Login form calls and fetch values from the database and create session according to that.

login.php is as follows :

<?php
session_start();
 include "inc_files/connection.php"; // it is only creating a connection with database nothing else
 $user_login=$_POST['em'];
 $password_login=$_POST['pwd'];
 $password_login = md5($password_login);

if(empty($user_login) || empty($password_login))
{
die (retmsg(0,"Please fill T-ID and Password"));
}

$query = mysqli_query($con,"select * from employees where Tid='$user_login' and password='$password_login'");
  $read = mysqli_num_rows($query);

  if(!$read)
  {
    die (retmsg(0,"Incorrect T-ID or Password"));
  }
  else
  {
    while($row = mysqli_fetch_array($query)){ 
                     $id = $row["id"];
         $ptype = $row["designation"];
    }
     $_SESSION["id"] = $id;
     $_SESSION["user_login"] = $user_login;
     $_SESSION["password_login"] = $password_login;
     if (isset($_SESSION["user_login"]) && isset($_SESSION["password_login"]))
         {
            if ($ptype == "l1")
                {echo retmsg(1,"l1");}
            if ($ptype == "l2")
                {echo retmsg(1,"l2");}
     }
}

  function retmsg($status,$txt)
  {
        return json_encode(array('status' => $status, 'txt' => $txt));
  }
?>

i am getting an error that

  $id = $_SESSION["id"];
  $user_login = $_SESSION["user_login"];
  $password_login = $_SESSION["password_login"];

are not defined. in index.php

Improve this question
2
  • What is the error you are getting ? Commented Apr 25, 2014 at 6:52
  • @Jenz please check i had updated the question. Commented Apr 25, 2014 at 6:58

2 Answers 2

Reset to default
2

Here, the session variables will be set only when you have logged in. At first time, they are not set and you are trying to access them in these lines (in index.php).

  $id = $_SESSION["id"];
  $user_login = $_SESSION["user_login"];
  $password_login = $_SESSION["password_login"];

firstly you have to check whether they are set, and then access it like:

if(isset($_SESSION["id"]))
  $id = $_SESSION["id"];
if(isset($_SESSION["user_login"]))
  $user_login = $_SESSION["user_login"];
if(isset($_SESSION["password_login"]))
  $password_login = $_SESSION["password_login"];

When you are using the same page for form submission, you can access 

 $user_login=$_POST['em'];
 $password_login=$_POST['pwd'];

only if the form is submitted. ie, On page load the form won't be submitted, which means there won't be any POST variables in the page. So surely it will create problem (the same issue we have discussed above). So here, you have to make sure that the form variables are accessed only if the form is submitted. You can do it by the following lines,

if (!empty($_POST))    // if there are any posted variables
{
 $user_login=$_POST['em'];
 $password_login=$_POST['pwd'];
 $password_login = md5($password_login);
..............................
}

Also make sure that you have added all the code for form submission inside this if condition.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

1 more question @Jenz, i tried using submission of the login form on the same page. but then it was showing that $_POST["em"], $_POST["pwd"] are not defined.
U mean u have integrated code in login.php to index.php page ??
then it was not showing session error but it shows the error for $_POST["em"], $_POST["pwd"] are not defined.
0

I don't know the exact error. Let try with single quotes. 

  $id = $_SESSION['id'];
  $user_login = $_SESSION['user_login'];
  $password_login = $_SESSION['password_login'];**
Improve this answer

1 Comment

ok fine. Lets post your correct answer. Then it will helpful for me .:P

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.