Can't read session variable due login script

Question

Currently I have a problem with setting up a session variable.

    <?php

session_start();

if( isset($_SESSION['user_id']) ){
    header("Location: home.php");
}

require 'pdoconnect.php';

if(!empty($_POST['email']) && !empty($_POST['password'])):

    $records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email');
    $records->bindParam(':email', $_POST['email']);
    $records->execute();
    $results = $records->fetch(PDO::FETCH_ASSOC);

    $message = '';

    if(count($results) > 0 && password_verify($_POST['password'], $results['password']) ){

        $_SESSION['user_id'] = $results['id'];
        header("Location: glogin.php");
        $_SESSION['email'] = $_POST['email'];
        $email = $_SESSION['email'];


    } else {
        $message = 'Login failed, try again';
    }

endif;

Above you can see the login script that I'm using, this code is running at

login.php

<form action="login.php" method="POST">

<input type="email" placeholder="Enter your e-mail" name="email" required>
<input type="password" placeholder="Enter your password" name="password" required>

<input type="submit" value="Log in">

<?php if(!empty($message)): ?>
<p><?= $message ?></p>
<?php endif; ?> 

</form>

And this is the form that is used to login, the form is also running at

login.php

Now the problem comes, I want to put the email that the user used to login into a session variable, but I can't set the form action to a other page because then the login script will not work anymore.

So my question is: 'How do I read $_SESSION['email'] without changing the form action?

I already tried to include login.php into a other page but didn't work unfortunately.

try to echo $_SESSION['email'] after your if condition, see if it contains any value — Bilal Zafar, Oct 17 '16 at 08:25
i think u need to use `header("Location: glogin.php");` after `$_SESSION['email'] = $_POST['email'];` otherwise it will redirect to gologin page without saving session value — devpro, Oct 17 '16 at 08:30
and i also suggest to use $result value not $_POST value for session as like `id` example: `$_SESSION['email'] = $results['email'];` — devpro, Oct 17 '16 at 08:31
and if you want to read `email` value in other page than you also need to include this function in each page `session_start();` — devpro, Oct 17 '16 at 08:33

score 0 · Answer 1 · edited May 23 '17 at 12:00

You are using redirection header() before $_SESSION value assignment.

This:

$_SESSION['user_id'] = $results['id'];
header("Location: glogin.php");
$_SESSION['email'] = $_POST['email'];
$email = $_SESSION['email'];

Should be:

$_SESSION['user_id'] = $results['id'];
$_SESSION['email'] = $_POST['email'];
$email = $_SESSION['email'];
header("Location: glogin.php"); // at last
exit;

If you want to use $_SESSION['email'] value in glogin.php page than you must need to start your session session_start() in page also.

One last suggestion, you can can $results value instead of $_POST value in your session same as id field like:

$_SESSION['email'] = $results['email'];

You also need to learn why exit() required after header() function, you can read this post: PHP: Utilizing exit(); or die(); after header("Location: ");

Peter · Answer 2 · 2016-10-17T15:02:22.113

0

Use $_SERVER['PHP_SELF'] instead of login.php as form action.

<form method="POST" action="<?= $_SERVER['PHP_SELF']; ?>">

You should also exit after using header('Location: ...').

if (isset($_SESSION['login'])) {
    header("Location: index.php");
    exit;
}

If you do not exit after doing a redirect, the complete script will still be executed. Some variables might not be set and well, in short.. Just exit;

Furthermore you are redirecting before setting your session variables.

$_SESSION['user_id'] = $results['id'];
$_SESSION['email'] = $_POST['email'];
header("Location: glogin.php");
exit;

Update

Not sure exactly what you are trying to do with gloging.php but it should look something like this.

<?php 
session_start();
if (isset($_SESSION['user_id'])) {
    echo $_SESSION['email'];
    exit;
} else {
    header("Location: nologin.php");
    exit;
}
?>

edited Oct 17 '16 at 15:02

answered Oct 17 '16 at 08:38

Peter

8,776
6
62
95

But I still get an error at `glogin.php` that says $results is undefined. I edited the full code as you suggested. – Jummy01234 Oct 17 '16 at 09:03
@Jummy01234: you can access `$results` in glogin file. you can use $_SESSION variable in this file. – devpro Oct 17 '16 at 09:08
@devpro, this is the code that I'm using now as you said, but it still says $results undefined. – Jummy01234 Oct 17 '16 at 09:23
`` – Jummy01234 Oct 17 '16 at 09:23
@Jummy01234 `$_SESSION['email']` you have already set the email in session in current file no need to assign again. `$email = $_SESSION['email'];` should be `echo $_SESSION['email'];` – devpro Oct 17 '16 at 09:27
[link](http://txt.do/d5jd5) `login.php` and [link](http://txt.do/d5jdd) `gloging.php`. I did what you suggested, but still $results is undefined – Jummy01234 Oct 17 '16 at 10:06
login.php is fine now.. I'll check gloging.php .. a moment please – Peter Oct 17 '16 at 14:58

Can't read session variable due login script

2 Answers2

Update