Home/ Questions/Q 8386557
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T17:58:22+00:00

I’m having a lot of trouble with the $_SESSION variable. I’m trying to create

  • 0

I’m having a lot of trouble with the $_SESSION variable. I’m trying to create a way for users to log in and out. I can log a user in but i don’t seem to be able to maintain the session when i switch page. When the user correctly logs in they are taken to profile.php. But if i return to index.php the following error is printed:

Notice: Undefined index: login in /Applications/MAMP/htdocs/www/Shared sites/userlogreg/index.php on line 3

I’m quite new to this but from looking on SO and elsewhere i can’t seem to figure it out. Any help would be appreciated.

index.php

<?php
session_start();
if ($_SESSION['login'] == 1) {
    echo "<h1>Logged in!</h1>"; 
} else {
    echo "<h1>Not logged in</h1><br/>";
}

?>
<!DOCTYPE HTML>
<html>
<head>
    <title>Index page</title>
</head>
<body>
    <h2>Login</h2>
    <form action="login.php" method="POST">
        <div>
            <label for="emailSignIn">Email:</label>
            <input type="email" name="email" placeholder="Email" required="required" />
        </div>
        <div>
            <label for="passwordSignIn">Password:</label>
            <input type="password" name="password" placeholder="Password" required="required" />
        </div>
        <input type="submit" name="submit" value="Sign in" />
    </form> 

    <h2>Register</h2>
    <form action="register.php" method="POST">
        <div>
            <label for="firstnameRegister">First name:</label>
            <input type="text" name="firstname" placeholder="First name" required="required" />
        </div>
        <div>
            <label for="lastnameRegister">Last name:</label>
            <input type="text" name="lastname" placeholder="Last name" required="required" />
        </div>
        <div>
            <label for="emailRegister">Email:</label>
            <input type="email" name="email" placeholder="Email" required="required" />
        </div>
        <div>
            <label for="passwordRegister">Password:</label>
            <input type="password" name="password" placeholder="Password" required="required">
        </div>
        <input type="submit" name="submit" value="Create account" />
    </form>

</body>

</html>

login.php

<?php

$email = sanitize_input($_POST['email']); //echo "Sanitized email: ".$email; echo "<br/>";
$password = $_POST['password']; //echo "Inputted password: ".$password; echo "<br/>";

if ((!isset($email)) || (!isset($password))) {
    // VISITOR NEEDS TO ENTER AN EMAIL AND PASSWORD
    //echo "Data not provided";
} else {
    // CONNECT TO MYSQL
    $mysql = mysqli_connect("localhost", "root", "root");
    if(!$mysql) {
    //echo "Cannot connect to PHPMyAdmin.";
    exit;
    } else {

    }
}
// SELECT THE APPROPRIATE DATABASE
$selected = mysqli_select_db($mysql, "languageapp");
if(!$selected) {
    //echo "Cannot select database.";
    exit;
} else {

}

// GET THE USER'S UNIQUE SALT FROM THE DATABASE
$unique_salt = mysqli_query($mysql, "select uniqueSalt from user where email = '".$email."'");
$row = mysqli_fetch_array($unique_salt);
//echo "Salt: ".$row['uniqueSalt']; echo "<br/>";

// HASH THE PASSWORD 
$iterations = 10;
$hashed_password = crypt($password,$row['uniqueSalt']); 
for ($i = 0; $i < $iterations; ++$i)
{
    $hashed_password = crypt($hashed_password . $password,$row['uniqueSalt']);
}

//echo "Password entered by user: ".$hashed_password; echo "<br/>";

$user_db_password = mysqli_query($mysql, "select password from user where email = '".$email."'");
$row = mysqli_fetch_array($user_db_password);
//echo "User's password: ".$row['password']; echo "<br/>";

// query the database to see if there is a record which matches
$query = "select count(*) from user where email = '".$email."' and password = '".$hashed_password."'";
$result = mysqli_query($mysql, $query);
if(!$result) {
    //echo "Cannot run query.";
    exit;
}

$row = mysqli_fetch_row($result);
$count = $row[0];

if ($count > 0) {
    session_start();
    $_SESSION['login'] = 1;
    $_SESSION['email'] = $email;
    $_SESSION['errors'] = "";
    header("location:profile.php");
    //echo "<h1>Login successful!</h1>";
    //echo "<p>Welcome.</p>";
    //echo "<p>This page is only visible when the correct details are provided.</p>";
} else {
    session_start();
    $_SESSION['login'] = '';
    header("location:index.php");
    //echo "<h1>Login unsuccessful!</h1>";
    //echo "<p>The email and password combination entered was not recognized</p>";
}

// CLEAN THE INPUT
function sanitize_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Change this line:

    if ($_SESSION['login'] == 1) {

    ..to this:

    if (isset($_SESSION['login']) && $_SESSION['login'] == 1) {

    That way, you check if 'login' is set before you access it.

    • 0