I create the session variable $_SESSION within my validateLogin.php file shown here:
<?php
include'db_config.inc';
require_once('InitDB.php');
$error_msg = '';
$error_flag = false;
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
try {
$dbh = new PDO("mysql:host=127.0.0.1;dbname=$db", $user, $password);
}
catch (PDOException $e) {
die($e->getMessage());
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
if((!isset($username))or(!isset($password))){
$error_msg = 'Missing Value or Values';
$error_flag = true;
}
if($error_flag){
$_SESSION['ERR_MSG'] = $error_msg;
session_write_close();
header("location: login.html");
exit();
}
$loginmatches = $dbh->query ("SELECT * FROM Member WHERE username = '$username'
AND password = '$password'");
if($loginmatches){
if($loginmatches->rowCount() == 1){
$member = $loginmatches->fetch(PDO::FETCH_ASSOC);
$dbh->exec ("INSERT INTO `Login`
(`username`,`loginTime`)
VALUES ('$username',NOW())");
[B] $_SESSION['SESS_MEM_ID'] = $member['username'];
switch($member['siteRole']){
case "MEMBER":
header("location: member_profile.php");[/B]
}
}
else {
header("location: login.php");
}
}
else{
$error_msg = 'Incorrect value or values entered!';
$_SESSION['ERR_MSG'] = $error_msg;
session_write_close();
header("location: login.php");
}
echo $member['username'];
?>
I have highlighted in bold where the variable is created and forwarded to the member profile page. This is my member profile page code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member Login</title>
<link rel="stylesheet" type="text/css" media="screen" href="login.css" />
</head>
<body>
<div id = "whole">
<div id = "mainHeading">
<h1>Taxi Service</h1>
</div>
<div id = "links">
</div>
<div id = "content">
Welcome <?php echo $_SESSION['SESS_MEM_ID']; ?>
</div>
<div id = "footer">
</div>
</div>
</body>
</html>
Where the username should be printed out within the php tags, i receive the following error:
Notice: Undefined variable: _SESSION in C:\Program Files\EasyPHP-5.3.8.1\www\Final Year Project\member_profile.php on line 16
Once i find out why the variable isn't passing, i'd like to use the sessions to display error messages if a login fails also.
Any help would be appreciated.
Thanks.