[Solved] isset(SESSION[‘user’]) not working [closed]

Question

see this post for how to handle passwords… it uses mysqli but you should be able to easily see how it would work with pdo. https://stackoverflow.com/a/26321573/623952

insert your passwords like this:

$password_to_insert_into_db = password_hash($plaintext_password, PASSWORD_BCRYPT);

I changed variable names and things. b/c it was easier for me.

<?php

session_start();

// for my testing...  
$_POST['username'] = 'noterate';
$_POST['password'] = 'noterateE';
// ----------------------------------- 

$dsn = 'mysql:host=localhost;dbname=test';   

$usernameForSQL = 'root';
$passwordForSQL = ''; 

$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);

$user = isset($_POST['username']) ? $_POST['username'] : ''; 
$pass = isset($_POST['password']) ? $_POST['password'] : ''; 

if (!empty($user) && !empty($pass)) { 
   if (checkLogin($user, $pass, $db)) {
      $_SESSION['user'] = $user;
   }
   else echo "error: user not validated<br/>";
}

function checkLogin($user, $pass, $db)  {

   $query = "select * 
               from user 
              where username = ? ";

   $stmt = $db->prepare($query);
   $stmt->execute(array($user));

   $result = $stmt->fetch(PDO::FETCH_ASSOC);
   if ($result) { 
      if (password_verify($pass, $result['password'])) {
         $_SESSION['user'] = $user; 
         return true; 
      }
      // else... password doesn't match
   }
   // else... username doesn't exist 

   return false; 
}
/*
mysql> describe user;
+----------+-------------+------+-----+---------+----------------+
| Field    | Type        | Null | Key | Default | Extra          |
+----------+-------------+------+-----+---------+----------------+
| userid   | int(11)     | NO   | PRI | NULL    | auto_increment |
| username | varchar(60) | YES  | UNI | NULL    |                |
| password | varchar(60) | YES  |     | NULL    |                |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.02 sec)



mysql> select * from user;
+--------+-------------+--------------------------------------------------------------+
| userid | username    | password                                                     |
+--------+-------------+--------------------------------------------------------------+
|      1 | my_username | $2y$10$fc48JbA0dQ5dBB8MmXjVqumph1bRB/4zBzKIFOVic9/tqoN7Ui59e |
|      2 | stuff       | $2y$10$o3s39w.9HqeuUP0j7o9qv.NyMSFMfbsa6SzNZi2gnOo4Zol69w/mm |
|     17 | new_user    | $2y$10$lIFIUN2q0UzB9Wtmc/kuCuW7driQkpZHiPIiwQPskanSPXqQbXZGu |
|     18 | noterate    | $2y$10$YEsHG2X4rjPArViZTUtM4uEs27e.GR7g05T7Ajno2j0aogMXADbQ2 |
+--------+-------------+--------------------------------------------------------------+
4 rows in set (0.00 sec)

*/
?>


<?php 
session_start();

var_dump($_SESSION); 

if (isset($_SESSION['user'])) { ?>  
   <div>it exists</div> 
<?php } else { ?>  
   <div>nope</div> 
<?php } ?>

Accepted Answer

see this post for how to handle passwords… it uses mysqli but you should be able to easily see how it would work with pdo. https://stackoverflow.com/a/26321573/623952

insert your passwords like this:

$password_to_insert_into_db = password_hash($plaintext_password, PASSWORD_BCRYPT);

I changed variable names and things. b/c it was easier for me.

<?php

session_start();

// for my testing...  
$_POST['username'] = 'noterate';
$_POST['password'] = 'noterateE';
// ----------------------------------- 

$dsn = 'mysql:host=localhost;dbname=test';   

$usernameForSQL = 'root';
$passwordForSQL = ''; 

$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);

$user = isset($_POST['username']) ? $_POST['username'] : ''; 
$pass = isset($_POST['password']) ? $_POST['password'] : ''; 

if (!empty($user) && !empty($pass)) { 
   if (checkLogin($user, $pass, $db)) {
      $_SESSION['user'] = $user;
   }
   else echo "error: user not validated<br/>";
}

function checkLogin($user, $pass, $db)  {

   $query = "select * 
               from user 
              where username = ? ";

   $stmt = $db->prepare($query);
   $stmt->execute(array($user));

   $result = $stmt->fetch(PDO::FETCH_ASSOC);
   if ($result) { 
      if (password_verify($pass, $result['password'])) {
         $_SESSION['user'] = $user; 
         return true; 
      }
      // else... password doesn't match
   }
   // else... username doesn't exist 

   return false; 
}
/*
mysql> describe user;
+----------+-------------+------+-----+---------+----------------+
| Field    | Type        | Null | Key | Default | Extra          |
+----------+-------------+------+-----+---------+----------------+
| userid   | int(11)     | NO   | PRI | NULL    | auto_increment |
| username | varchar(60) | YES  | UNI | NULL    |                |
| password | varchar(60) | YES  |     | NULL    |                |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.02 sec)



mysql> select * from user;
+--------+-------------+--------------------------------------------------------------+
| userid | username    | password                                                     |
+--------+-------------+--------------------------------------------------------------+
|      1 | my_username | $2y$10$fc48JbA0dQ5dBB8MmXjVqumph1bRB/4zBzKIFOVic9/tqoN7Ui59e |
|      2 | stuff       | $2y$10$o3s39w.9HqeuUP0j7o9qv.NyMSFMfbsa6SzNZi2gnOo4Zol69w/mm |
|     17 | new_user    | $2y$10$lIFIUN2q0UzB9Wtmc/kuCuW7driQkpZHiPIiwQPskanSPXqQbXZGu |
|     18 | noterate    | $2y$10$YEsHG2X4rjPArViZTUtM4uEs27e.GR7g05T7Ajno2j0aogMXADbQ2 |
+--------+-------------+--------------------------------------------------------------+
4 rows in set (0.00 sec)

*/
?>


<?php 
session_start();

var_dump($_SESSION); 

if (isset($_SESSION['user'])) { ?>  
   <div>it exists</div> 
<?php } else { ?>  
   <div>nope</div> 
<?php } ?>