Thursday, March 17, 2022

[FIXED] PHP SESSION undefined variable

      , , ,      No comments   

Issue

enter image description here Good evening, I am working on a small uni' project. I'm creating a website where people can post their used items to either sell them or exchange them with another object (a kind of ebay but 100000x times simpler) using PHP, which is new to me. to make it simple, after filling a connect form (connexion.php), the user gets redirected to his own profile (profil.php) where his username and email appears (after getting them from the database). as shown below:

///////////connexion.php : //////////

<?php
session_start(); 
try
{
    $bdd = new PDO('mysql:host=localhost;dbname=espace_membre;charset=utf8', 'root', '');
}
catch (Exception $e)
{
        die('Erreur : ' . $e->getMessage()); //message d'erreur au cas où la connexion échoue
}

if(isset($_POST['formconnect']))  //vérifie que le bouton pour se connecter est enclenché 
{
  $mailconnect = htmlspecialchars($_POST['mailconnect']); 
  $mdpconnect = sha1($_POST['mdpconnect']);
  if(!empty($mailconnect) AND !empty($mdpconnect))
  {
     $requser=$bdd->prepare("SELECT * FROM membres WHERE email = ? AND mdp= ?");  
     $requser->execute(array($mailconnect,$mdpconnect));
     $userexist=$requser->rowcount(); 
     if($userexist==1)
     {
          $userinfo=$requser->fetch();
          $_SESSION['id']=$userinfo['id'];
          $_SESSION['pseudo']=$userinfo['pseudo'];
          $_SESSION['email']=$userinfo['email'];
          header("Location: profil.php?id=".$_SESSION['id']);
     }
     else
     {
      $erreur="password or mail not valid" ; 
     }
  }
  else
  {
    $erreur =" please complete all inputs " ; 
  }
}
 ?>

when connected, the user is redirected to his profile, named profil.php as shown below :

<?php
session_start();

 
//tentative de connexion à la base de donnée 
try
{
    $bdd = new PDO('mysql:host=localhost;dbname=espace_membre;charset=utf8', 'root', '');
}
catch (Exception $e)
{
        die('Erreur : ' . $e->getMessage()); //message d'erreur au cas où la connexion échoue
}


if(isset($_GET['id']) AND $_GET['id'] > 0)
{
  $getid=intval($_GET['id']);
  $requser= $bdd -> prepare('SELECT * FROM membres WHERE id= ?');
  $requser->execute(array($getid));
  $userinfo=$requser->fetch();


[the table where my users infos are stored. membres means members in french][1]

<html>

<head>
    <title>Profil de <?php echo $userinfo['pseudo']?></title>    
    <meta charset='utf-8'>
</head>

  <div align="center">
         <h3>profil TROKI</h3>
        <br/>
        
        
      <h3>les annonces de <?php echo $userinfo['pseudo']?> </h3>
          pseudo = <?php echo $userinfo['pseudo']?> <br/> //this one works
           mail = <?php echo $userinfo['email']?> <br/>  //this one works too

           <?php 
            if (isset($_SESSION['id']) AND $userinfo['id']==$_SESSION['id']) 
            {
             ?>
              //everything here is visible only when the user is logged in 
             <h>Bienvenue dans ton profil <?php echo $userinfo['pseudo']?> </h2> 
             <a href="editionprofil.php"> éditer mon profil</a> 
             <a href="modifiermdp.php">modifier mon mot de passe</a>
             <a href="deconnexion.php"> se déconnecter</a>
             <a href="formulaireajout.php"> ajouter une annonce</a>
            
             <?php 
            }
           ?>
    </div>

 <?php    
  }
   else
   ?>
</html>

whenever I want to print something like

  <h2>welcome to your profile,<?php echo $userinfo['pseudo']?> </h2>

the variable $userinfo['pseudo'] turns into my user's nickname, which is what I want.

However, for I reason I don't know, I'am unable to have these variables working on any other pages and I keep getting this error :

** Notice: Undefined variable: userinfo in C:\wamp\www\projet2\formulaireajout.php on line 64**

I have created another page for the user to fill a form to post something

 <?php
session_start();
try
{
    $bdd = new PDO('mysql:host=localhost;dbname=espace_membre;charset=utf8', 'root', '');
}
catch (Exception $e)
{
        die('Erreur : ' . $e->getMessage()); //message d'erreur au cas où la connexion échoue
}

// ////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_SESSION['id']))
{   echo "ok"; // I'm getting "ok" so this condition is verified
 }

else
{
  //echo "lol";
  header('location:connexion.php');
} 
if(isset($_GET['id']) AND $_GET['id'] > 0)
{
  $getid=intval($_GET['id']);
  $requser= $bdd -> prepare('SELECT * FROM membres WHERE id= ?');
  $requser->execute(array($getid));
  $userinfo=$requser->fetch();
}

<!DOCTYPE html>
<html>
<head>
    <title>Ajouter une annonce</title>
</head>
<body>
    <h3>You can post your things here,<?php echo $userinfo['pseudo']?></h3> // here, $userinfo generates an undefined variable error ! 
    <div align="center">
    'some extra code deleted'

</body>
</html>

Well, my question is, if my $userinfo was defined in the profile.php page, why is it generating an error in all other pages I'm creating ? What Am I doing wrong ? (this project is approx 60% of my semester's points so I'm in trouble in I can't get it solved)

Thank you for reading and have an excellent day !


Solution

On the connection page you pass the id in the URL to the profile page like this: header("Location: profil.php?id=".$_SESSION['id']); The function on the profile page that is looking for $_GET['id'] to be set is satisfied because the id is set in the URL.

However, if I am a user and click and of these links:

  • editionprofil.php
  • modifiermdp.php
  • deconnexion.php
  • formulaireajout.php

The id is NOT being passed over in the URL or in the page request but your code is still looking for that value to be set on those pages as well per your code snippet below:

if(isset($_GET['id']) AND $_GET['id'] > 0)
{
  $getid=intval($_GET['id']);
  $requser= $bdd -> prepare('SELECT * FROM membres WHERE id= ?');
  $requser->execute(array($getid));
  $userinfo=$requser->fetch();
}

Because $_GET['id'] is not set this variable $userinfo is not getting defined to use later in your code. It's only getting set if $_GET['id'] is set and greater than 0.

My advice is, since you already set the user ID in the session, call the $_SESSION variables instead on other pages. So as long as you continue to start the session as you are now at the top of the file and you don't end or destroy the session, you should be able to access the values of the $_SESSION array on other pages:

      $_SESSION['id']=$userinfo['id'];
      $_SESSION['pseudo']=$userinfo['pseudo'];
      $_SESSION['email']=$userinfo['email'];

For the values you already set in the session, just echo out these values later in your code on other pages. So calling this should work on other pages:

<?php echo $_SESSION['pseudo']?></h3>

If course you want to destroy the session and/or unset the values when the user "logs out". Additionally since the values are in the session, you don't need to do a database lookup on every page for the same values unless they are going to change or you are looking for new data not already stored in the session.

Hope this helps.



Answered By - Shakima F

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...