PHP not displaying username after login

Question

I'm learning php and html from scratch, and I have this project in which I'd like to display the username after logging in.

I've stated that:

<a>Hello, <?php 
                        if(isset($_SESSION['username'])){
                            echo $_SESSION['username'];
                        } else {
                            echo "user";
                        }

                        ?>
                        </a>

at the html field in which I want the username to show. It worked before. However, after logging out, the username is no longer there.

This is the code for the logout:

<?php

     session_start();
     session_unset();
     header("location:index.php");
     exit();

?>

And the one for logging in:

<?php 
session_start();


$user = $_POST['login'];
$pass = md5($_POST['pword']);
$entrar = $_POST['entrar'];
$conn = mysqli_connect("localhost","root", "", "pdsys", "3308");

if(isset($entrar)){
    $verifica = mysqli_query($conn,"SELECT * FROM users WHERE username = '$user' AND pword = '$pass'") or die ("Usuário ou senha incorretos");
    if (mysqli_num_rows($verifica)<=0){
        echo "<script language='javascript' type='text/javascript'>
        alert('Login e/ou senha incorretos');window.location
        .href='index.php';</script>";
        die();
    } else {
        setcookie("login", $user);
        header("location: main.php");
    }
}?>

I figure it might have something to do with the session_destroy(), but I can't figure it out how to make it work again. It just displays "user".

Everything else is functional = the connection with the database, the login system etc.

PS: I mentioned session_destroy(); because it was what I used earlier. I changed it to session_unset() in hopes it would display the username after login, but it didn't. — André Braga, May 31 '20 at 05:30
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, May 31 '20 at 13:28

score 0 · Answer 1 · answered May 31 '20 at 06:06

0

Worked it out by adding a line to set the value of session username:

<?php 
session_start();


$user = $_POST['login'];
$pass = md5($_POST['pword']);
$entrar = $_POST['entrar'];
$conn = mysqli_connect("localhost","root", "", "pdsys", "3308");

if(isset($entrar)){
    $verifica = mysqli_query($conn,"SELECT * FROM users WHERE username = '$user' AND pword = '$pass'") or die ("Usuário ou senha incorretos");
    if (mysqli_num_rows($verifica)<=0){
        echo "<script language='javascript' type='text/javascript'>
        alert('Login e/ou senha incorretos');window.location
        .href='index.php';</script>";
        die();
    } else {
        setcookie("login", $user);
        $_SESSION['username']=$user;
        header("location: main.php");
    }
}?>

answered May 31 '20 at 06:06

André Braga

19
3

... and not use md5 for password – Book Of Zeus May 31 '20 at 06:26
1

@bookofzeus Since I'm learning, I'm using the tutorials I find avaiable. What's your suggestion for password? – André Braga May 31 '20 at 06:47
https://www.sitepoint.com/password-hashing-in-php/ and use libraries, openssl or other where you can Salt your password. – Book Of Zeus Jun 02 '20 at 02:35

Muhammad Hassan Javed · Accepted Answer · 2020-05-31T06:20:35.180

0

Use

session_destroy();

in logout functionality.

edited May 31 '20 at 06:20

answered May 31 '20 at 06:15

Muhammad Hassan Javed

380
2
14

PHP not displaying username after login

2 Answers2