How do I send POST data to another session in PHP?-CodePudding

I have a session that accepts login information and if user is valid within my database, I am setting the pages post array with the other data for user and displaying it in another session on a different page. My email and password are getting sent to the next session but the rest of my data isn't and I cant figure out why. I do know that I am successfully retrieving the data of the login user from the database table, however there is some issue with the other fields being sent to post and then on to the next session.

My login page

<?php
session_start();

if(isset($_POST["firstName"]))
{
    $_SESSION["firstName"] = $_POST["firstName"];
}

if(isset($_POST["lastName"]))
{
    $_SESSION["lastName"] = $_POST["lastName"];
    
}

if(isset($_POST["phone"]))
{
    $_SESSION["phone"] = $_POST["phone"];
    
}

if(isset($_POST["email"]))
{
    $_SESSION["email"] = $_POST["email"];
    
}

if(isset($_POST["sin"]))
{
    $_SESSION["sin"] = $_POST["sin"];
    
}

if(isset($_POST["password"]))
{
    $_SESSION["password"] = $_POST["password"];
    header('Location: ViewAllEmployees.php');
    exit;
}



require "MySQLConnectionInfo.php";

$error = "";
// if email and password not set
if (! isset($_POST["email"]) || ! isset($_POST["password"])) {
    $error = "Please enter employee login information.";
} else {
    // if email and password set from login input
    if ($_POST["email"] != "" && $_POST["password"] != "") {
        try {
            $pdo = new PDO("mysql:host=$host;dbname=$database", $username, $password);
            // set the PDO error mode to exception
            $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            echo "Connected successfully" . "</br>";

            $sqlQuery = "SELECT * FROM employee";

            try {
                $result = $pdo->query($sqlQuery);
                $rowCount = $result->rowCount();


                if ($rowCount == 0)
                    echo "There are no rows to display from the Employee table ";

                // find employee
                for ($i = 0; $i < $rowCount; $i  ) {
                    $row = $result->fetch();

                    $firstname = $row[1];
                    $lastname = $row[2];
                    $email = $row[3];
                    $phone = $row[4];
                    $sin = $row[5];
                    $password = $row[6];

                    if (isset($_POST["email"]) && isset($_POST["password"])) {
                        
                        if ($email == $_POST["email"] && $password == $_POST["password"]) {
                            
                            $_POST["firstName"] = $firstname;
                            $_POST["lastName"] = $lastname;
                            $_POST["email"] = $email;
                            $_POST["phone"] = $phone;
                            $_POST["sin"] = $sin;
                            $_POST["password"] = $password;
                            break;
                        }
                    }
                }

               
            } catch (PDOException $e) {
                echo "Login unsuccessful.  " . $e->getMessage();
            }

            $pdo = null;
        } catch (PDOException $e) {
            echo "Connection failed:  " . $e->getMessage();
        }
    } else
        $error = "Please enter employee login information.";
}

?>

<html>
<head>
<title>Login</title>
</head>
<body>
        <?php
include "Header.php";
include "Menu.php";
?>      
<div class="content">
        <form action="Login.php" method="post">
            Email Address: <input type="text" name="email" /> <br /> Password: <input
                type="text" name="password" /> <br /> <br /> <input type="submit"
                value="Login" />
        </form>
        <br /> <br />


    </div>
        <?php

echo $error;
include "Footer.php";
?>      
    </body>
</html>

CodePudding user response：

The problem here is, you set the $_SESSION array before you assigning them to the $_POST array. The moment you assign the $_SESSION['firstName'] = $_POST['firstName'], the $_POST['firstName'] is empty.

Solution : Move the area where you set the $_SESSION variable

if(isset($_POST["firstName"]))
{
    $_SESSION["firstName"] = $_POST["firstName"];
}

after you setting the $_POST variable.

if ($email == $_POST["email"] && $password == $_POST["password"]) {
   $_POST["firstName"] = $firstname;
   $_POST["lastName"] = $lastname;

For the email and the password, these fields get saved in the session because you're passing these two POST fields from the HTML Form and in the top section where you set the $_SESSION variable, these two fields are already populated in the $_POST array.

CodePudding user response：

There are some parts of the code that could be improved, like:

Add the email directly here in a WHERE clause, so that you don't need to do a for loop for all the employees.
```
$sqlQuery = "SELECT * FROM employee";
```
if (isset($_POST["email"]) && isset($_POST["password"])) in the try block is not necessary and could be moved up and replace the first check (where you are using != "").

Regardless, to answer your question you need to know a bit of how the flow of the code is. The reason the other information isn't being sent to other page is that where you are setting the $_SESSION variable, that information isn't available to the code.

You have a form in your html that sends data to your code. This will only populate $POST["email"] and $POST["password"]. In the beginning of the code you are checking for other data in $POST which aren't yet populated therefore they won't be saved in $_SESSION.

If you insist to not using Kinglish's approach from the comments, you should move $_SESSION["phone"] = $_POST["phone"], etc to where you have found the user from the database.