Click here to Skip to main content
15,894,405 members
Search within:


I already build login system and I want to display username and first name when user logged in
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
SQL
PHP
MySQL
these code doesnt show any error but i am not getting username

PHP
function display_username() {
  //Start the Session


//3. If the form is submitted or not.
//3.1 If the form is submitted
if (isset($_POST['username']) and isset($_POST['password'])){
//3.1.1 Assigning posted values to variables.

//3.1.2 Checking the values are existing in the database or not
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
 
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
$count = mysqli_num_rows($result);
//3.1.2 If the posted values are equal to the database values, then session will be created for the user.
//if ($count == 1){
$_SESSION['username'] = $username;
//}else{
//3.1.3 If the login credentials doesn't match, he will be shown with an error message.
//$fmsg = "Invalid Login Credentials.";
//}
//}
//3.1.4 if the user is logged in Greets the user with message
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hayyyyyy" . $username . "
";}

}

}




/****************Register user functions ********************/

PHP
function register_user($first_name, $last_name, $username, $email, $password) {


	$first_name = escape($first_name);
	$last_name  = escape($last_name);
	$username   = escape($username);
	$email      = escape($email);
	$password   = escape($password);



	if(email_exists($email)) {


		return false;


	} else if (username_exists($username)) {

		return false;

	} else {

		$password   = md5($password);

		$validation_code = md5($username . microtime());

		$sql = "INSERT INTO users(first_name, last_name, username, email, password, validation_code, active)";
		$sql.= " VALUES('$first_name','$last_name','$username','$email','$password','$validation_code', 0)";
		$result = query($sql);
		confirm($result);


		$subject = "Activate Account";
		$msg = " Please click the link below to activate your Account
		http://omilearn.com/activate.php?email=$email&code=$validation_code
		";

		$headers = "From: noreply@omilearn.com";



		send_email($email, $subject, $msg, $headers);


		return true;

	}



}


PHP
<pre lang="PHP">
/****************Validation functions ********************/



function validate_user_registration(){

$errors = [];

$min = 3;
$max = 20;



// if($_SERVER['REQUEST_METHOD'] == "POST") {
if (isset($_POST['register-submit'])) {

$first_name = clean($_POST['first_name']);
$last_name = clean($_POST['last_name']);
$username = clean($_POST['username']);
$email = clean($_POST['email']);
$password = clean($_POST['password']);
$confirm_password = clean($_POST['confirm_password']);



if(strlen($first_name) < $min) {

$errors[] = "Your first name cannot be less than {$min} characters";

}

if(strlen($first_name) > $max) {

$errors[] = "Your first name cannot be more than {$max} characters";

}




if(strlen($last_name) < $min) {

$errors[] = "Your Last name cannot be less than {$min} characters";

}


if(strlen($last_name) > $max) {

$errors[] = "Your Last name cannot be more than {$max} characters";

}

if(strlen($username) < $min) {

$errors[] = "Your Username cannot be less than {$min} characters";

}

if(strlen($username) > $max) {

$errors[] = "Your Username cannot be more than {$max} characters";

}


if(username_exists($username)){

$errors[] = "Sorry that username is already is taken";

}



if(email_exists($email)){

$errors[] = "Sorry that email already is registered";

}




if(strlen($email) < $min) {

$errors[] = "Your email cannot be more than {$max} characters";

}

if($password !== $confirm_password) {

$errors[] = "Your password fields do not match";

}



if(!empty($errors)) {

foreach ($errors as $error) {

echo validation_errors($error);


}


} else {


if(register_user($first_name, $last_name, $username, $email, $password)) {



set_message("

Please check your email or spam folder for activation link

");

redirect("index.php");


} else {


set_message("

Sorry we could not register the user

");

redirect("index.php");

}



}



} // post request



} // function

What I have tried:

i tried many codes but didnt work
<?php display_username('$username'); ?>
<?php $_SESSION['username'] ?>
<?php
session_start();
echo $_SESSION['username']; ?>;

function display_username() {

$query=mysqli_query($con, ‘SELECT username FROM users WHERE users=”$_SESSION[‘username’]”’);

$fetch=mysqli_fetch_assoc($con, $query);

$userNameToShow = $fetch[‘username’];


}

<?php display_username() ?>


if(isset($_SESSION['email'])
Posted
Updated 30-Aug-18 8:46am
Add a Solution

3 solutions

PHP
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
Posted 
$password   = md5($password);
$validation_code = md5($username . microtime());

$sql = "INSERT INTO users(first_name, last_name, username, email, password, validation_code, active)";
$sql.= " VALUES('$first_name','$last_name','$username','$email','$password','$validation_code', 0)";

You're storing an unsalted MD5 hash of the user's password. This is a very insecure option.

if (isset($_POST['username']) and isset($_POST['password'])){
//3.1.1 Assigning posted values to variables.

//3.1.2 Checking the values are existing in the database or not
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";

That code block seems to be missing the "assigning posted values" part. Without it, your code will not work at all. And if you're simply doing $password = $_POST['password'], then you're expecting the user to enter the unsalted MD5 hash of their password, rather than their actual password. This would negate any benefits of the password hashing, and mean that you are effectively storing the passwords in plain text.


PHP has built-in functions to help you do the right thing, using a secure salted hash. You should study the examples and update your code to use them:
PHP: password_hash[^]
PHP: password_verify[^]
 
Share this answer
 
Posted
These codes didnt give any error but i am not getting username
PHP
function display_username() {
	if (isset($_POST['username']) and isset($_POST['password'])){
//3.1.1 Assigning posted values to variables.

//3.1.2 Checking the values are existing in the database or not
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
$result = mysqli_query($con, $query) or die(mysqli_error($con));
        
        $count = mysqli_num_rows($result);

} else {
	echo "sorry";
}

}
 
Share this answer
 
Posted
Updated 30-Aug-18 8:58am
v2
Comments
Richard Deeming 30-Aug-18 15:56pm    
If you want to update your question, then click the green "Improve question" link and update your question.

DO NOT post your update as a "solution".

And DO NOT then mark your false "solution" as the accepted answer!
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Display the username of logged in User
how to display the username from database when the user has logged in using a login view
Localy Logged in User first name and surname and username
How to display username from login to home component?
Displaying messages when user login
I want to disply login name after log out
How do I change navigation when user is signed in?
How to display the error message for a login form when entered details is already exist in database
How do I create a successful login system with PHP? I keep coming across this error.
Display users full name using First name and LastName....using label

Advertise
Privacy
Cookies
Terms of Use
Last Updated 30 Aug 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900