[RESOLVED] Can't find problem in code!

cipars

I have problem with this piece of code. When i try to display variable "$log_username" it shows nothing. Plz help me to find problem and solution.

<?php
session_start();
include_once("db_conx.php");
// Initialize some vars
$user_ok = false;
$log_id = "";
$log_username = "";
$log_password = "";
// User Verify function
function checklogin($conx,$id,$u,$p){
	$sql = "SELECT email FROM users WHERE id='$id' AND username='$u' AND password='$p' LIMIT 1";
	$query = mysqli_query($conx, $sql);
	$numrows = mysqli_num_rows($query);
	if($numrows > 0){
		return true;
	}
}
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
	$log_id = $_SESSION['userid'];
	$log_username = $_SESSION['username'];
	$log_password = $_SESSION['password'];
	// Verify the user
	$user_ok = checklogin($db_conx,$log_id,$log_username,$log_password);
}
	if($user_ok = true){
		echo "logged in, hi $log_username </br>";
	} else {
		echo "not logged in </br>";
	}
?>

traq

You declare [font=monospace]$log_username[/font] as an empty string, so, if you see no output, it would seem that your user simply isn't logged in.

I would suspect that this:

if($user_ok = true){

…is a typo. Did you intend to check whether $user_ok is true? You need to use == or ===. A single = is assignment (you're making $user_ok true).

Another thing I would be concerned about is how you're handling passwords. There is never any reason to store the user's password in the session (and there are plenty of reasons not to). The way you are checking the password against your database suggests you might be storing it in plain text, which is also a very bad idea. Passwords should never be stored anywhere in plain text, ever. Hash them first. Then, store them someplace safe, and don't store them anywhere else.

cipars

Ok, i chaged "=" to "==", thanks for that , but problem i thought i have still remained. If i am using $log_username in function and it returns true, why cant i display

cipars

Ok, i chaged "=" to "==", thanks for that , but problem i thought i have still remained. If i am using $log_username in function and it returns true, why cant i use and display my variable $log_username afterwards?

traq

You're sure that your [font=monospace]checklogin[/font] function returns true? Have you checked [font=monospace]var_dump( $user_ok );[/font]?

Just to clarify, your output is "not logged in </br>", correct?

cipars

Omg, i found what my problem was. So stupid. I forgot to add session_start() at beggining of script where i declare session variables. That is why i couldn't use my session variables, becouse they weren't even set.

cipars

Yes, it was, but like i said, problem was in another script, where i forgot to add session-start(). Thank you for your help.