Doesn't see Session after form processing, how to solve it?

V

Vyacheslav Marvin2020-06-28 11:46:40

PHP

Vyacheslav Marvin, 2020-06-28 11:46:40

Hello.

Such a question, after registration does not see the session, where did I overlook?

Here is the registration form handler. In it, after checking the addition to the database, it throws it on the generated personal user page.

session_start();

    require_once 'connection.php';

    $dbh = new PDO('mysql:host=localhost; dbname=projectboard', $user, $pass);

    if (!empty($_POST)){
        if ( !isset($_POST['name']) || !isset($_POST['lastname']) || !isset($_POST['email']) || !isset($_POST['pass']) ) {
            echo 'Не все данные заполнены!!!';
            die;
        }
       
        $name = htmlspecialchars($_POST['name']);
        $lastname = htmlspecialchars($_POST['lastname']);
        $email = htmlspecialchars($_POST['email']);
        $pwd = htmlspecialchars($_POST['pass']);

        $name_t = trim($name);
        $lastname_t = trim($lastname);
                
        $hashed_password = password_hash($pwd, PASSWORD_DEFAULT);
        
        $stmt = $dbh->prepare("INSERT INTO users (name, lastname, email, password) VALUES (:name, :lastname, :email, :pass)");
        $stmt->bindParam(':name', $name_t);
        $stmt->bindParam(':lastname', $lastname_t);
        $stmt->bindParam(':email', $email);
        $stmt->bindParam(':pass', $hashed_password);

        $falg = $stmt->execute();

        if ($falg) {
            header ('Location: office.php?id='. $_SESSION['id']);
            die;
        } else {
            echo "Данная электронная почта уже используется. ";?><a href="enter.php" style="color: red">Войдите</a> <?php echo "по этой почте или используйте другую";
            die;
        }    

    }

But for some reason it doesn't work that way, when he throws on a personal page, the following code is triggered to check user content so that I can make it look like someone else's page as a guest:

session_start();

    error_reporting(E_ALL & ~E_NOTICE); //Убираем Notice, а все остальные ошибки выводим

    require_once 'connection.php';

    $dbh = new PDO('mysql:host=localhost; dbname=projectboard', $user, $pass);

    $id = $_SESSION['id'];

    $stmt = $dbh->prepare('SELECT name, lastname FROM users WHERE id = :id');
    $stmt->bindParam(':id', $id);
    $stmt->execute();

    $officeID = $_GET['id'];

            if(!isset($_SESSION['id'])) { 
                session_destroy();
                header('Location: enterOrReg.html');
                exit;
            }

But there is a transfer to a page where it offers to enter or register:

<!DOCTYPE html>
<html lang="ru-RU">
<head>
    <meta charset="UTF-8">
    <link rel="stylesheet" href="enterOrReg.css">
    <title>Войдтие или зарегестрируйтесь | Проектная доска</title>
</head>
<body>
    <div>
        <button onclick="document.location='enter.php'" class="enter">Войдите</button>
        <p>или</p>
        <button onclick="document.location='registration.php'">зарегистрируйтесь</button>
    </div>
</body>
</html>

As far as I understand, the problem is in this line of code on the personal page, but without this line the code will not work as I need, so that a person can go to someone else's page: If I just go to the user's personal page, then this code does not work, although both on the login page and on the registration page, the session start is enabled:

$officeID = $_GET['id'];

session_start();

    error_reporting(E_ALL & ~E_NOTICE); //Убираем Notice, а все остальные ошибки выводим

    require_once 'connection.php';

    $dbh = new PDO('mysql:host=localhost; dbname=projectboard', $user, $pass);

    $id = $_SESSION['id'];

    $email = trim ($_POST['email']);
    $pwd = trim($_POST['pass']);

    $email = htmlspecialchars($email);
    $pwd = htmlspecialchars($pwd);

                    if ( !empty($pwd) && !empty($email) ) {
                        $stmt = $dbh->prepare('SELECT id, email, password FROM users WHERE email = :email'); //Добавили id, для перенаправления на личную страницу
                        $stmt->bindParam(':email', $email);
                        $stmt->execute();
                
                        $user_p = $stmt->fetch(PDO::FETCH_OBJ);
                
                        if ($user_p){
                            if(password_verify($pwd, $user_p->password)){
                                $_SESSION['id'] = $user_p->id;
                                header('Location: office.php?id='. $_SESSION['id']);
                            }else{
                                echo '<p class="wrong">Неверный Email или пароль</br>Если Вы не зарегестрированы</p>';
                                echo '<a href="registration.php" class="reg">Зарегестрироваться</a>';
                            }
                        }else{
                            echo '<p class="wrong">Неверный Email или пароль</br>Если Вы не зарегестрированы</p>';
                            echo '<a href="registration.php">Зарегестрироваться</a>';
                        }
                    }else{
                        echo '<p class="noValues">Пожалуйста, заполните все поля</p>';
                    }

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

T

ThunderCat, 2020-06-28
@Marcheslav

$_SESSION['id'] is used all over the place, but not set anywhere. Apparently you do not quite understand how sessions work.