PHP / MySQL Get Username of Current Logged In User

Question

I am trying to get the username of the current logged in user so I can do things such as display the username on a welcome screen or check to see if that user has access to a page.

$logedInUsername is returning "Array" which I would have thought returned "Bob" since that is the user that I logged in as.

index.php

<?php
// Start Require Login
require("common.php");
if(empty($_SESSION['user']))
{
    header("Location: login.php");
    die("Redirecting to login.php");
}

// get current logged in user   
$logedInUsername = $_SESSION['user'];
echo $logedInUsername;

// check if the username is equal to admin
if($logedInUsername == "admin")
{
  echo "You are a admin!";
} 
else 
{
  echo "You are NOT a admin!";
}
// End Require Login

// ... html code below here ...

common.php

<?php 
$username = "username"; 
$password = "password"; 
$host = "localhost"; 
$dbname = "db"; 

$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); 

try 
{ 
    $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to connect to the database: " . $ex->getMessage()); 
} 

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 

if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) 
{ 
    function undo_magic_quotes_gpc(&$array) 
    { 
        foreach($array as &$value) 
        { 
            if(is_array($value)) 
            { 
                undo_magic_quotes_gpc($value); 
            } 
            else 
            { 
                $value = stripslashes($value); 
            } 
        } 
    } 

    undo_magic_quotes_gpc($_POST); 
    undo_magic_quotes_gpc($_GET); 
    undo_magic_quotes_gpc($_COOKIE); 
} 

header('Content-Type: text/html; charset=utf-8'); 

session_start();

login.php

<?php 
require("common.php"); 

$submitted_username = ''; 

if(!empty($_POST)) 
{ 
    $query = " 
        SELECT 
            id, 
            username, 
            password, 
            salt, 
            email 
        FROM users 
        WHERE 
            username = :username 
    "; 

    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    {  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    $login_ok = false; 


    $row = $stmt->fetch(); 
    if($row) 
    { 

        $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
        for($round = 0; $round < 65536; $round++) 
        { 
            $check_password = hash('sha256', $check_password . $row['salt']); 
        } 

        if($check_password === $row['password']) 
        { 
            $login_ok = true; 
        } 
    } 


    if($login_ok) 
    { 
        unset($row['salt']); 
        unset($row['password']); 

        $_SESSION['user'] = $row; 

        header("Location: index.php"); 
        die("Redirecting to: index.php"); 
    } 
    else 
    { 
        print("Login Failed."); 

        $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?> 
<h1>Login</h1> 
<form action="login.php" method="post"> 
    Username:<br /> 
    <input type="text" name="username" value="<?php echo $submitted_username; ?>" /> 
    <br /><br /> 
    Password:<br /> 
    <input type="password" name="password" value="" /> 
    <br /><br /> 
    <input type="submit" value="Login" /> 
</form> 

Answer 1

try this.

login.php

$_SESSION['user'] = $row['username']; 

Answer 2

You are setting the entire row to $_SESSION['user'] so it is an Array.

You can replace

$logedInUsername = $_SESSION['user'];;

with

$logedInUsername = $_SESSION['user']['username'];

Answer 3

<?php echo htmlspecialchars($_SESSION["username"]); ?>

这确保即使有一些引号和特殊字符，它们也会显示为 HTML 实体