Fetch row and display using sessions

Question

been working on this project where I want people to login and when successful see info that we get from the database. I am not sure how to get the user email and other data stored to session

My problem is that I am struggling to store the data in sessions. I can sign in and echo the username that I created a session for, but the other data is not working.

I have gone through stacks of stuff on here, but obviously I am a little lost.

Here is the code for my checklogin.php

<?php

session_start();
ob_start();
include_once 'config.php';

// Connect to server and select databse.
try
{
    $pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
    $db = new PDO('mysql:host='.$host.';dbname='.$db_name.';charset=utf8', $username, $password);
}
catch(Exception $e)
{
    die('Error : ' . $e->getMessage());
}   

// Define $myusername and $mypassword 
$myusername = $_POST['myusername']; 
$mypassword = $_POST['mypassword'];
$myemail = 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$stmt = $db->query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'");


// rowCount() is counting table row
$count = $stmt->rowCount();

// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1){

    // Register $myusername, $mypassword and print "true"
    echo "true";
    $_SESSION['username'] = $myusername;
    $_SESSION['email'] = $myemail;

}
else {
    //return the error message
    echo "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>Wrong Username or Password</div>";
}

ob_end_flush();

?>

and then my index.php looks like this

<?php
  session_start();
  if(!isset($_SESSION['username'])){
    header("location:main_login.php");
  }
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Login</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap -->
<link href="css/bootstrap.css" rel="stylesheet" media="screen">
<link href="css/main.css" rel="stylesheet" media="screen">
</head>
<body>
<div class="container">
  <div class="form-signin">
    <div class="alert alert-success">You have been <strong>successfully</strong> logged in as <?php echo $_SESSION['username']; ?>. Your email is <?php echo $row['email']; ?></div>





    <a href="logout.php" class="btn btn-default btn-lg btn-block">Logout</a> </div>

</div>
<!-- /container -->
</body>
</html>

Note that on index.php the username works fine when I echo it, but not the email.

Any help would be appreciated

Answer 1

You can use query here to get all data for the session user, by select query.

$q= "select * from user where username = '$yoursessionusername'"

By this query you will get all details for the loggedin user.

Can create one session.php with below code:

session_start();

$username=$_SESSION['username'];
$email=$_SESSION['email'];

and can use those variables to your page.

Answer 2

This is supposed to be a comment, but i have a low reputation here.

First of all, please consider binding your values. PDO luckily has that functionality.Also as an observation, stripslashes does not totally prevent SQL injection.

From what i see, your email address is not saved in any session variable. This should fix,

$myemail = $_SESSION['name_of_email_from_database'];

Also do not forget, to access your session variables, include session_start() on every page that needs it. To prevent PHP's warning message of too many session starts, add the following code:

<?php
if(!isset($_SESSION)){
  session_start();
}

?>