-4

i cant seem to get it working, would someone be able to help me create the code i will need to show the currents logged in users name on a page after logging in. i have a seperate login.php page as the "home" page. once logged in it will redirect to menu.php which is where i want to be able to show the name of the logged on user.

Connect.php is the seperate script connecting to the database. "gebruikersnaam" is dutch for username "wachtwoord" is dutch for password. "recht" is a dutch word for rights ( just the right if they are allowed to log in yes/no "ja/nee" )

hopefully someone can help :D

<?php
session_start();
include_once 'connect.php';

if(isset($_SESSION['user'])!="") {
   header("Location: login.php");
}
if(isset($_POST['btn-login'])) {
   $Gebruikersnaam = $_POST['Gebruikersnaam'];
   $wachtwoord = $_POST['wachtwoord'];
   $res=mysqli_query($conn, "SELECT * FROM accounts WHERE Gebruikersnaam='$Gebruikersnaam'");
   $row= $res->fetch_array(MYSQL_ASSOC);
   $_SESSION['gebruikersnaam'] = $Gebruikersnaam;

  if($row['wachtwoord']==($wachtwoord) AND ($row['recht']==("ja"))) {
      $_SESSION['user'] = $row['ID'];
      header("Location: menu.php");
  } else {
        echo "<script>alert('Verkeerde login details');</script>";
  }

}
?>
Funk Forty Niner
  • 74,372
  • 15
  • 66
  • 132
yanick
  • 1
  • `MYSQL_ASSOC` that's a `mysql_` function, not `mysqli_` for one thing. Then your `if(isset($_SESSION['user'])!="")` is a false positive and won't work that way. Unsure if the POST arrays have value also. – Funk Forty Niner Mar 17 '17 at 11:23
  • Your script is vulnerable to SQL Injections! Use prepared statements instead. – node_modules Mar 17 '17 at 11:23
  • my friend has helped me with the script. but if i am right, we used the post becuase in the near future i will need to make it so i posts information to a database log who and when logs in. – yanick Mar 17 '17 at 11:29
  • i am not yet skilled enough to be able to change the function to msqli, could you maybe help me rewrite this part of the code ? or atleast so it is easyer to understand so i can use it ? – yanick Mar 17 '17 at 11:30
  • 1
    *i am not yet skilled enough to be able to change the function to msqli* what do u mean? your select is in `mysqli` and your fetch is `mysql` you are mixing the apis – Masivuye Cokile Mar 17 '17 at 11:32
  • Possible duplicate of [Can I mix MySQL APIs in PHP?](http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php) – Masivuye Cokile Mar 17 '17 at 11:33

1 Answers1

0

Amend your query and fetch as follows:

$res = $conn->query("SELECT * FROM accounts WHERE Gebruikersnaam='$Gebruikersnaam'");
$row = $res->fetch_assoc();

I don't know how you are connecting to the DB, but that must also be using mysqli, i.e.

$conn = new mysqli($host, $user, $pass, $db);
NiallFH
  • 182
  • 9
  • Thank you very much, now il just have to see how i can show the logged on user on other pages. – yanick Mar 17 '17 at 13:31