Leaderboard

The login code just does that I just built it into a function to call exactly as you said. function current_user() { if (is_user_logged_in()) { return $_SESSION['email']; } return null; } I went this route because I just couldn't work it out how to use the key. Ironically of course my noddy testing and coding took way longer than probably revisiting that properly. The db function is this? Is this not good way of doing things? function db(): PDO { static $pdo; if (!$pdo) { $pdo = new PDO( sprintf("sqlsrv:server=%s;Database=%s",DB_HOST, DB_NAME), DB_USER, DB_PASSWORD, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION] ); } return $pdo; } Thanks for all your help. Always learning, always looking for better ways. I'm a MSSQL/BI developer/data architect by day, so all of this is new to me

I would add the following suggestion regarding this type of logic if ($row['fk_usertypes_id'] ==1) { echo "Hello 1"; } else { echo "Hello 2"; } Just because the value is not 1, you should not assume the value is 2 - even if those are the only expected values. I've seen multiple production issues where such logic was implemented and unexpected conditions caused impactful bugs. If you only expect the value to be 1 or 2, I would do the following. if ($row['fk_usertypes_id'] == 1) { echo "Hello 1"; } else if (($row['fk_usertypes_id'] == 2) { echo "Hello 2"; } else { //Throw error echo "Unhandled error"; } Although at this point a switch() statement might make more sense.

your login code should put the user's id (auto-increment primary index) into a uniquely named session variable, such as $_SESSION['user_id']. you would then test if that session variable is set on any page that requires a logged in user. you would query on each page request, using $_SESSION['user_id'], to get any other user data, such as the username, email, access type, ... don't do that. once you have the user's data, just test/use it on a single page to control what content gets displayed on the page and what action the user can perform on that page. since this query to get the access type will at most match one row of data, don't use a loop at all. just fetch/test the data. i reviewed your previous thread on this forum. you were using a single fetch() statement in it. what happended? this implies your db() function creates a new database connection every time it is called. don't do that. a database connection is one of the slowest operations you can perform on a page. your application should create one database connection, then use that single connection for every database operation on the page. don't do this. as of php8, the default setting for PDO error handling is to use exceptions for all the database statements that can fail - connection, query, exec, prepare, and execute. with exceptions, any discrete error check logic in your code won't ever get executed upon an error since execution transfers elsewhere. this is one of the great points of using exceptions. your main code will only 'see' error free execution. if execution continues past a statement that can fail, you know the statement was successful without needing conditional logic to test if it was or was not. this simplifies the code, allowing you to remove all the now unnecessary conditional logic. the only time you should catch and handle a database exception in your code is for recoverable user error, such as when inserting/updating duplicate or out of range user data. for all other error numbers and all other query types, just let php catch and handle any database exception. if you set the default fetch mode to assoc when you make the database connection, you don't need to specify it in each fetch statement, simplifying the code.

Here is another way of writing this $User = current_user(); // I assume this 'current_user function is something you wrote $sql = 'SELECT fk_usertypes_id FROM users WHERE email=:User'; $statement = db()->prepare($sql); $parms = array('User'=>$User); if (!$statement->execute($parms)) { echo "Query did not run"; exit(); } // You probably don't need a loop here, but here you go while($row = $statement->fetch(PDO::FETCH_ASSOC)) { echo "UserType " . $row['fk_usertypes_id'] . '</br>'; } // this code makes no sense since you are not in the loop here. /* if ($bob == 1) echo "Hello 1"; else echo "Hello 2"; */ echo "<p><a href='index.php'>Home</a></p>"; view('footer'); // I HAVE NO IDEA WHAT "view" IS SUPPOSED TO DO FOR YOU Made some changes to your use of PDO and the way your query results are being processed. Of course, as already mentioned, you probably only have one results row since the email should be unique (perhaps). And I'm assuming that 'bob' is representing the sole result value, the usertype id, hence I left it out.

I have a note that the reverse engineered underlying code that will work with 8.x is this: SELECT CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password')))));