Having trouble executing the user id session after user logs in

Here is the following codes i have so far for the sign up page login page and homepage. note i am only posting the php I know everything is working except for the user id session. I am connected to my database and row 1 is id and is the primary key.

here is the signup php

<?php
require ("func/insert.php");

if(isset($_POST['Submit']))
    {
        $first_name = mysqli_real_escape_string($con, $_POST ['first_name']);
        $last_name= mysqli_real_escape_string($con, $_POST ['last_name']);
        $email= mysqli_real_escape_string($con, $_POST ['email']);
        $password= $_POST ['password'];

        $StorePassword= password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));

        $sql = $con->query("INSERT INTO users ( first_name, last_name, email, password)
                    VALUES ( ' {$first_name} ' , ' {$last_name} ' , ' {$email} ' , ' {$StorePassword} ' )");
        header('Location: login.php');
    }
?>

HEre is the login php

<?php require ("func/insert.php"); ?>
<?php
    if(isset($_POST['Login']))
    {
    $email= mysqli_real_escape_string(htmlentities($con, $_POST ['email']));
    $password= mysqli_real_escape_string(htmlentities($con, $_POST ['password']));

    $result = $con->query(" select * from users where email='$email' AND password='$password' ");

    $row = $result->fetch_array(MYSQLI_BOTH);

    session_start();

    $_SESSION['UserID'] = $row['id']; //thinking this is the problem
    header ('Location: home.php');
    }

And here is the home php

<?php require ("func/insert.php"); ?>
<?php
session_start(); 
    if (isset($_SESSION['UserID'])) {
}
else {
echo "This session is not working.";
}
?>

Answers


It looks like you are comparing the stored and hashed password again a non-hashed password.

in Login.php This line set's your password:

$password= mysqli_real_escape_string(htmlentities($con, $_POST ['password']));

And then it is compared to the password that is stored in the database. However that password has been hashed in signup.php

    $StorePassword= password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));

Try hashing the incoming password in sign in.

$TryPassword= password_hash($_POST ['password'], PASSWORD_BCRYPT, array('cost' => 10));

And then the SQL:

$result = $con->query(" select * from users where email='$email' AND password='$TryPassword' ");

Before redirecting to the next page, debug it by making sure you returned a row!

print_r($result);

Need Your Help

Why does yesod require authorisation here?

haskell authorization yesod

I have a problem with yesod and authorization.

Move QMenuBar in QToolBar

c++ qt qmenubar

I have a QToolBar and QMenuBar.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.