I am creating a login system for my site and would like to echo the username from the html portions of the pages that users accesses once logged in. I'm able to start sessions and redirct pages correctly, but I'm unable to get the session variable for the username to echo onto the page after login. Below is the code I'm using for the login page. Any suggestions would be appreciated.

<?php

session_start();

$_SESSION['auth'] = 'yes';
$_SESSION['username'] = $userName;

?>

<!DOCTYPE HTML PUBLIC "_//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
      <head>
            <title>SeubsWorld - Login</title>
            <meta http-equiv="Content-Type" content="text/html; charset=8"/>
            <link href="style.css" media="screen" rel="stylesheet" type="text/css" />
      </head>
      <body>
            <h1>Log In</h1>
            <div id="content">
            <form action="processform.php" method="POST">

        <?php error_reporting(E_ERROR | E_WARNING | E_PARSE); ?>

        <div>

             <?php if ($error['alert'] |= '') {

                  echo "<div class='alert'>",$error['error_alert'],"</div>"; 
                  }
              ?>

            <label for="username">Username: *</label>
            <input type="text" name="username" value="<?php echo $input['user']; ?>" >

            <div class="error"><?php echo $error['user']; ?></div>

            <label for="password">Password *</label>
            <input type="password" name="password" value="<?php echo $input['pass']; ?>">

            <div class="error"><?php echo $error['pass']; ?></div>

            <p class="required">* required fields</p>

            <input type="submit" name="submit" class="submit" value="submit">
  </body>
   </html>

    1. Use tags when posting

    2. Is error reporting turned on? Do you define your variables before using them?

      session_start();

echo $userName;
$_SESSION['username'] = $userName;

      It's my understanding that the $_SESSION variables are passed along to the next page by the session_start() frunction and should not have to be defined on every page. I'm able to successfully echo session variables that I type directly into the code, but I want to echo the username that the user inputs in the login form, which seems to be a bit more tricky.

        He's not saying you have to define $_SESSION everytime, however in the code you provided:

        <?php

session_start();

$_SESSION['auth'] = 'yes';
$_SESSION['username'] = $userName;

        You use a variable $userName which you have not previously defined. If error reporting was set to E_ALL you would receive a notice about using an undefined variable.

          The variable $userName is defined in "processform.php" as "$userName=$_POST['username'];". Thats probably why there is no error report and I suspect this is not the correct way to do this, but I can't think of anything else.

            finisher1017;10995270 wrote:

            The variable $userName is defined in "processform.php" as "$userName=$_POST['username'];"

            It doesn't matter what you define it as in some other unrelated file - it only matters in whatever script is being executed at the moment.

            Thus, if you've got this:

            <?php

session_start();

$_SESSION['auth'] = 'yes';
$_SESSION['username'] = $userName;

?>

            at the top of whatever script it is you posted, then you're effectively wiping out $_SESSION['username']'s data with a NULL value since $userName isn't defined on any of the 5 or so lines above it.

              I figured that might be the case, but I've tried different names and values for the $_SESSION['username'] variable but I'm still unable to get the results to echo in the html. How would I go about echoing user input from a previous page?

                I don't think you're following what bradgrafelman is saying:

                your problem is not that "the results won't echo in the html".

                the problem (or so it seems) is that, at the very beginning, you are doing something that completely prevents your results from being what you want.

                <?php 
session_start(); 

$_SESSION['auth'] = 'yes'; 
// do you really want to do this?
// if you're using $_SESSION['auth'] to authenticate the user, then this makes no sense:
//  you're automatically declaring him an authorized user, without even checking anything.
// but I digress...

$_SESSION['username'] = $userName;
// $userName does not exist at this point.
// even IF $_SESSION['username'] _did_ have the user's name, it now has _nothing_
// (because you just assigned it the value of an undefined (and therefore empty) variable.)

                // MAYBE (???) //
// does $_SESSION['username'] already have the user's name?
//    (say $_SESSION['username'] holds the value "Bill")
// Maybe you're trying to do this?
$userName = $_SESSION['username'];
print $userName;
// would print "Bill".

                  I believe I understand what bradgrafelman is saying, but I've tried using variable names that don't exist in any other files and get the same result.

                  The user is authenticated by a username and password at the login page. If the username and/or password is incorrect they are redirected to a different page where, as far as I know, the existing session variables are useless. I'm sure there's a more secure way of accomplishing the same thing but I'm not concerned with that right now. What I'm trying to do is pretty standard but none of the explanations I've come across seem to work in my program. What I need is a solid explanation of the correct way to display the username on every page after successful login.

                    to reiterate...

                    traq;10995289 wrote:
                    // MAYBE (???) //
// does $_SESSION['username'] already have the user's name?
//    (say $_SESSION['username'] holds the value "Bill")
// Maybe you're trying to do this?
$userName = $_SESSION['username'];
print $userName;
// would print "Bill".
                    finisher1017 wrote:

                    I'm sure there's a more secure way of accomplishing the same thing but I'm not concerned with that right now.

                    (if you ever become "concerned with that," that would be good, because it really is something you should look into.)

                      finisher1017;10995295 wrote:

                      I've tried using variable names that don't exist in any other files and get the same result.

                      That doesn't make any sense - the problem has nothing to do with the variable name you've chosen. The problem is that you appear to be overwriting the session data stored in $_SESSION with data from nonexistent variables.

                      finisher1017;10995295 wrote:

                      What I need is a solid explanation of the correct way to display the username on every page after successful login.

                      It's quite simple: when you've got some data that you want to persist across subsequent page requests, store it in $SESSION. On those subsequent page requests, if you want to use that data again, simply retrieve it from $SESSION.

                      EDIT: The above explanation assumes you've already properly configured session handling to your liking and have called [man]session_start/man before working with session data. Just thought I'd explicitly state that in case it wasn't assumed.

                        Write a Reply...