Create a session in PHP

0

I'm trying to get my site's login system to create a session for the logged-in user, causing it to appear on the next page it logs in but is not showing up. Here is the code:

verify_login.php

<?php
session_start();  
$_SESSION['nome'] = $_POST['NOME'];  
$_SESSION['senha'] = $_POST['SENHA'];  

include 'bd.php';

if($_POST["NOME"] == "geral" && $_POST["SENHA"] == "geral"){
     echo
                "<script>
                 alert('Bem Vindo adm!');   
                 window.location.href='info_php.php';                
                 </script>";
}



$link = mysqli_connect($servidor,$usuario,$senha,$banco);

if(isset($_POST["NOME"]) && isset($_POST["SENHA"]))
    {
        if(!empty($_POST["NOME"]) && !empty($_POST["SENHA"]))
        {
                $sql = "select * from empresa where  NOME =             '".$_POST['NOME']."' and SENHA = '".$_POST['SENHA']."';";

                $result = $link ->query($sql);

            if($result->num_rows > 0) {

            $_SESSION['nome'] = $nome;
            $_SESSION['senha'] = $senha;

            echo
                "<script>
                 alert('Bem Vindo!');
                 window.location.href='index2.php';              
                 </script>";
            }               


            else{
                unset ($_SESSION['nome']);
                unset ($_SESSION['senha']);
                echo
                "<script>
                 alert('Login ou senha Incorreta!');               
                 </script>";

             }

index2.php

<?php
session_start();

if((!isset ($_SESSION['nome']) == true) and (!isset ($_SESSION['senha']) == true))
{
    unset($_SESSION['nome']);
    unset($_SESSION['senha']);
    header('location:index.php');
}
?>

<!DOCTYPE html>
<html>
<title>EVA system</title>
<meta charset="UTF-8">
<body>
<span>Bem-Vindo, <strong><?php echo $_SESSION['nome']; ?></strong></span><br>
    
asked by anonymous 28.09.2017 / 03:10

2 answers

1

The following lines are strange to me:

 $_SESSION['nome'] = $nome;
 $_SESSION['senha'] = $senha;

The variables $nome and $senha were not instantiated, the session will have no data in the respective fields. You can remove these two lines because you are already assigning the values passed by POST before:

$_SESSION['nome'] = $_POST['NOME'];  
$_SESSION['senha'] = $_POST['SENHA']; 
    
28.09.2017 / 03:49
0

Never save "sensitive" variables in the session without using some encryption, this data is often exposed by cookies or other PHP faults.

I would advise you to learn CodeIgniter, Laravel, Symfony or Slim3 for PHP development.

    
28.09.2017 / 17:55