I want to display 'Welcome "username"' when a user logs in but it doesn't work. I might be doing something wrong with sessions.
It gives an error message of:
Notice: Array to string conversion
My code:
<?php
require("config.php");
if(empty($_SESSION['user']))
{
header("Location: index.php");
die("Redirecting to index.php");
}
$user = $_SESSION['user'];
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>uvoluntary</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<link href="font/stylesheet.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="navbar navbar-fixed-top navbar-inverse">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<a class="brand">Logged In</a>
<div class="nav-collapse">
<ul class="nav pull-right">
<li><a href="eventsignup.php">Create Event</a></li>
<li><a href="#">My Events</a></li>
<li class="divider-vertical"></li>
<li><a href="logout.php">Log Out</a></li>
</ul>
</div>
</div>
</div>
</div>
<!-- MAIN CONTENT -->
<div class="container content container-fluid" id="home">
<h1 style="text-align: center;">Admin Control Panel</h1>
<!-- HOME -->
<h2>Welcome <?php echo $user; ?> </h2>
</div>
</body>
</html>
Config.php
<?php
// These variables define the connection information for your MySQL database
$username = "root";
$password = "";
$host = "localhost";
$dbname = "uvoluntarytest";
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
try { $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options); }
catch(PDOException $ex){ die("Failed to connect to the database: " . $ex->getMessage());}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
header('Content-Type: text/html; charset=utf-8');
session_start();
?>
Index.php
<?php
require("config.php");
$submitted_username = '';
if(!empty($_POST)){
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); }
$login_ok = false;
$row = $stmt->fetch();
if($row){
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++){
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']){
$login_ok = true;
}
}
if($login_ok){
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: secret.php");
die("Redirecting to: secret.php");
}
else{
echo '<h4 style="color:red;font-weight:bold; margin-top:40px; margin-left:850px;">Username And/or Password Incorrect. Please try again.</h4>';
}
}
?>