PDO: isset & session not working

Question

I have a password secured page, that can be accessed only with username and password. Everything must be correct but I it doesn't!

this is my form (index.php) adn pdo:

<?php
if (isset($_POST['name'], $_POST['password'])) {

    $dns = "mysql:host=localhost;dbname=department_c";
    $option = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES UTF8');
    try{
        $pdo = new PDO($dns, "root", "", $option);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    } catch(PDOException $e){
        die("Erreur de connection.");
    }

    $sql="SELECT * FROM admin WHERE name = :name AND password = MD5(:password)";
    $stmt = $pdo->prepare($sql);
    $stmt->bindValue('name', $_POST['name']);
    $stmt->bindValue('password', $_POST['password']);
    $stmt->execute();

    $nbMembre = $stmt->rowCount();

    if($nbMembre == 1){
        $membre = $stmt->fetch(PDO::FETCH_ASSOC);
        header("location:test.php");
    } else {
        $msg="<font color='orange'>Enter username and  password.</font>";
    }
} else {
    $msg ="<font color='red'>Lgon!</font>";
}

?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<meta charset="UTF-8" />
</head>
<body>
<form action="" method="post">
<label for="name">Username: </label>
<input type="text" name="name" /><br/>
<label for="password">Passwprd: </label>
<input type="password" name="password" /><br/>
<input type="submit" value="login" />
</form>
<p><?php echo $msg; ?></p>
</body>
</html>

and this is my test page. it's suppous to be secured and accessed with username and password. without if(!isset($_SESSION['name'])) or if I put it like if(isset($_SESSION['name'])) I access into the page, but with !isset I cannot!

Here is the code (test.php):

<?php
session_start();
require 'connect.php';
if(!isset($_SESSION['name'])){
header("location:index.php");
exit();
    }
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test</title>
</head>
<body>
<header>
</div>
wellcome
Hellos-.....
<br>
<a href="logout.php"><h2>Logout</h2></a>
</div>
</body>
</html>

and here is my logout code (logout.php):

<?php
session_start();
$_SESSION = array();
session_destroy();
if(!isset($_SESSION['name'])){
 header("location:index.php");
}else{
 echo"<h2> There was a problem with logging out!</h2>";
 exit();
}

?>

Answer 1

Edit

In your index.php file:

Try putting session_start(); $_SESSION['name'] = $_POST['name']; between $membre = $stmt->fetch(PDO::FETCH_ASSOC); and header("location:test.php"); then follow the conditional statements I put in my original answer.

This I tested and worked for me:

...

    if($nbMembre == 1){
        $membre = $stmt->fetch(PDO::FETCH_ASSOC);
        
// my addition

session_start();
$_SESSION['name'] = $_POST['name'];

        header("location:test.php");
    } else {
        $msg="<font color='orange'>Enter username and password.</font>";
    }
} else {
    $msg ="<font color='red'>Lgon!</font>";
}

...
// rest of code

---

Original answer

Base yourself on the following: (test code works as one file)

Assign a variable to the form's POST element, then assign a session name from the $_POST.

This would be considered as your login page:

<?php
session_start();
// require 'connect.php';

if(isset($_POST['submit'])){

    $name = $_POST['name'];
    $_SESSION['name'] = $_POST['name'];

if(isset($_SESSION['name']) && !empty($_SESSION['name'])){

    echo "session is set";
    echo "<br>";
    echo $name;

    } else  { 

        echo "session is NOT set";

            }

       } // brace for if(isset($_POST['submit']))
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test</title>
</head>
<body>

<form action="" method="post">
<label for="name">Username: </label>
<input type="text" name="name" /><br/>
<label for="password">Password: </label>
<input type="password" name="password" /><br/>
<input type="submit" name="submit" value="TEST" />

</form>
</body>
</html>

Then this, your test.php as you have it now.

<?php
session_start();
require 'connect.php';

    if(isset($_SESSION['name']) && !empty($_SESSION['name'])){

        echo "session is set";
        echo "<br>";
        echo $name;

        } else  { 

        //  echo "session is NOT set";
         header("location:index.php");

                }
/* old method
if(!isset($_SESSION['name'])){
header("location:index.php");
exit();
    }
*/

?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test</title>
</head>
<body>
<header>
</div>
wellcome
Hellos-.....
<br>
<a href="logout.php"><h2>Logout</h2></a>
</div>
</body>
</html>

---

Passwords:

I also noticed that you are storing passwords using MD5. This is no longer recommended.

Here are a few password storage options:

• crypt()
• bcrypt()
• scrypt()
• PBKDF2
• PBKDF2 on PHP.net
• PHP 5.5's password_hash() function.

Other links:

• PBKDF2 For PHP

---

Sessions:

Here is an intuitive tutorial on sessions:

• http://www.phpro.org/tutorials/Introduction-To-PHP-Sessions.html