0

I want after somone is logging in to display the user name on another page page , also is this a good way for login ?

<?php

session_start();

$database =mysqli_connect("localhost", "root", "", "login");

if (isset($_POST['login_bn'])) {
 
 $usrname = mysqli_real_escape_string($db, $_POST['usrname']);
 $pas = mysqli_real_escape_string($db, $_POST['pas']);
 
 $sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
 $result = mysqli_query($database, $sql);
 
 if (mysqli_num_rows($result) == 1) {
  
  header("location: home.php");
 
 } 
 
?>

And i want to display the username here on the nav bar somwhere

<?php

session_start();

?>

<!DOCTYPE html>

<html>
<head>

</head>
<body>

  <button onclick="'">Log Out </button>

<ul>
<!-- Here somehwere -->

<li><a href="main.html"> Home</a></li>


</ul>

sorry for newbie Question

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
OneBeginner
  • 139
  • 2
  • 9
  • 2
    PHP is stateless, so you need to store the users details in a `_SESSION`. Once you have done this, you will be able to access it from any page (as long as you do `session_start();` at the top. – Farkie Sep 27 '16 at 10:48
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Sep 27 '16 at 10:48
  • get a `session` value to next page and print the name e.g for ` ` but you need to start session using `session_start();` – Karthi Sep 27 '16 at 10:48
  • 2
    You are storing password as plain text PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) – RiggsFolly Sep 27 '16 at 10:49
  • I will look intro SQL injection and password_hash(). – OneBeginner Sep 27 '16 at 11:02
  • And thank you all for your help – OneBeginner Sep 27 '16 at 11:03

5 Answers5

3

Try this, should read this Session in php

set session in login page $_SESSION["usrname"] = $usrname; and get value in home.php

<?php    
    session_start();    
    $database =mysqli_connect("localhost", "root", "", "login");
    if (isset($_POST['login_bn'])) {    
        $usrname = mysqli_real_escape_string($db, $_POST['usrname']);
        $pas = mysqli_real_escape_string($db, $_POST['pas']);   
        $sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
        $result = mysqli_query($database, $sql);    
        if (mysqli_num_rows($result) == 1) {
            $_SESSION["usrname"] = $usrname;
            header("location: home.php");   
        }   
    ?>

home.php

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
  <button onclick="'">Log Out </button>
<ul>
<!-- Here somehwere -->
<?php  echo $_SESSION["usrname"]; ?>
<li><a href="main.html"> Home</a></li>
</ul>

i hope it will be helpful.

Dave
  • 3,073
  • 7
  • 20
  • 33
2

After selecting data from mysql

if (mysqli_num_rows($result) == 1) {
    $_SESSION['uname'] = $result['usrname'];
    header("location: home.php");

}

In home.php file just echo the username session wherever you want

<?php echo $_SESSION['uname'];?>
Owais Aslam
  • 1,577
  • 1
  • 17
  • 39
1
 <?php

   session_start();

   $database =mysqli_connect("localhost", "root", "", "login");

   if (isset($_POST['login_bn'])) {

    $usrname = mysqli_real_escape_string($db, $_POST['usrname']);
    $pas = mysqli_real_escape_string($db, $_POST['pas']);

    $sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
    $result = mysqli_query($database, $sql);

    if (mysqli_num_rows($result) == 1) {

        $_SESSION['userName']=/*user name here*/
        header("location: home.php");

    }   
  ?>

than just call $_SESSION['userName'] anywhere in your application to get the name of logged in user

Dave
  • 3,073
  • 7
  • 20
  • 33
Shahrukh
  • 102
  • 5
1

try this code :-

<?php
session_start();

if (isset($_POST['login_bn'])) {

$mysqli = new mysqli("example.com", "user", "password", "database");
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$stmt = $mysqli->prepare("SELECT * FROM accounts WHERE usrname='".$usrname."' AND pas='".$pas."'");
$stmt->execute();
$res = $stmt->get_result();
$row = $res->fetch_assoc();
if(!empty($row))
{
$_SESSION["user_name"]=$row["first_name"]." ".$row["last_name"];//and access it anywhere after session_start(); as echo $_SESSION["user_name"]
header("location: home.php");
}

}
Abhijit Jagtap
  • 2,740
  • 2
  • 29
  • 43
0

You can use PHP Sessions for this.

Change you first code snippet to

<?php

session_start();

$database =mysqli_connect("localhost", "root", "", "login");

if (isset($_POST['login_bn'])) {

    $usrname = mysqli_real_escape_string($db, $_POST['usrname']);
    $pas = mysqli_real_escape_string($db, $_POST['pas']);

    $sql = "SELECT * FROM accounts WHERE usrname='$usrname' AND pas='$pas'";
    $result = mysqli_query($database, $sql);

    if (mysqli_num_rows($result) == 1) {
        $_SESSION['usrname']=$usrname
        header("location: home.php");

    } 

?>

Then you can access it from any page (as long as you do session_start();) by using $_SESSION['usrname']

For example if you want to print out out the username, then you just have to call

<?php echo $_SESSION['usrname']; ?>
Yannick Huber
  • 607
  • 2
  • 16
  • 35