I am building a welcome user page - after my user logs in, I want on each page to echo the name of the user. however I am having difficulty, after looking at various forums I have resulted into posting my code in the hope someone may have an idea where I am going wrong.
I have 2 key pages - Login and the Index page.
Login.php page
<?php
session_start();
require("includes/connect.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="css/login.css">
<!--Cited Bootstrap: Responsive web design-->
<link href="css/bootstrap-theme.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="css/bootstrap.css">
</head>
<body>
<div class="container">
<form class="form-signin" role="form" action="login.php" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<input type="text" class="form-control" placeholder="Username" name="username_login" required autofocus>
<input class="form-control" type="password" placeholder="Password" name="user_password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<label class="forgotten"><a href="forgottenpass.php">Forgotten password?</a></label>
</form>
<?php
//if an admin or user session is already in progress then dont let them log in, redirect to 'index.php'
if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
echo "You are already logged in";
//if use not logged in then
}else
if ( trim($_POST['username_login']) AND trim($_POST['user_password']))
{
//if username and password are entered, blank before user fills form
$usr = (isset($_POST['username_login'])? $_POST['username_login']:null);
$pwd = (isset($_POST['user_password'])? $_POST['user_password']:null);
//$usr = mysqli_escape_string($usr); //Prevent against SQL Injection by avoiding "\" being executed
// $pwd = mysqli_escape_string($pwd); //Prevent against SQL Injection by avoiding "\" being executed
if ($usr && $pwd){
$epwd = $pwd;
$q = "SELECT * FROM users WHERE UName='$usr' LIMIT 1;";
$resultset = mysqli_query($conn,$q);
$rowcount = mysqli_num_rows($resultset);
if ($rowcount==1){
while ($userRow = mysqli_fetch_assoc($resultset)){
//Get the DB username and password to compare
$dataBaseEmail = $userRow['UName'];
$dataBasePass = $userRow['Password'];
$userGroup = $userRow['UserLevelID'];
}
mysqli_free_result($resultset);
unset($q);
//Compare DB user and pass to those entered
if ($usr == $dataBaseEmail && $epwd == $dataBasePass){
//Now that we know they are activated ect, we can create a session based on their privlidges
if ($userGroup ==1){ //ADMIN load the console
$_SESSION['admin'] = true;
//header("Location: admincreateuser.php");
echo '<div class="login-error">You are an admin user <a href="adminindex.php">Admin</a>.</div>';
//exit;
}else{ //Normal User
$_SESSION['user'] = true;
$_SESSION['user'] = $dataBaseEmail;
//header ("Location: index.php");
echo '<div class="login-error">You are a standard user <a href="index.php">Standard</a>.</div>';
//exit;
}
}else{//user and pass do not match DB
echo '<div class="login-error">Incorrect Password, try again</div>';
}
}else{
echo '<div class="login-error">Error: There is no such user registered on the system. Please check the username and password entered.</div>';
}
}
}
?>
</div> <!-- /container -->
</body>
</html>
Index.php page:
<?php
session_start();
include "includes/header.php";
include "includes/connect.php";
?>
<div class="jumbotron">
<h1>Operating system being used:<?php echo $os?></h1>
<p>Text</p>
<?php echo $os?>
<?php
echo "Hello" .$_SESSION['user'];
?>
Many thanks in advance.
