I changed my login page to use PDO. After researching, I can't seem to find a solution on how to pass variables that are not defined in the login page. I can pass the username and display it with no issues but the memberid and firstname doesn't pass no matter what I try.
I'm trying to pass id and firstname - to display the first name. The id is to define who's logged in because data will be populating a database with existing info for that user.
There are two databases, one with registration info - id, firstname, lastname, password..... The second database will populate examination info and will be linked with the registration database < again so it knows who's taking the exam.
Here's the code I've tried to pass the variables needed to landing page minus html.
Login.php
require_once('inc/config.php');
//check if already logged in move to home page
if( $user->is_logged_in() ){ header('Location: members.php'); }
//process login form if submitted
if(isset($_POST['submit'])){
$memberID = $_POST['memberID'];
$firstname= $_POST['firstname'];
$email = $_POST['email'];
$password = $_POST['password'];
if($user->login($email,$password)){
$_SESSION['email'] = $email;
$_SESSION['memberID'] = $memberID;
$_SESSION['firstname'] = $firstname;
header('Location: members.php');
exit;
} else {
$error[] = 'Wrong email or password.';
}
}
?>
USER.php This is where I've added memberid and firstname but not passing.
<?php
include('password.php');
class User extends Password{
private $_db;
function __construct($db){
parent::__construct();
$this->_db = $db;
}
private function get_user_hash($username, memberID, firstname){
try {
$stmt = $this->_db->prepare('SELECT memberID, firstname, password FROM members WHERE username = :username AND active="Yes WHERE memberID =
:memberID AND firstname = :firstname LIMIT 1" ');
$stmt->execute(array('memberID' => $memberID));
$stmt->execute(array('firstname' => $firstname));
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['password'];
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}
?>
LANDING PAGE Here's what I have at the top of the landing page.
<?php
session_start();
$_SESSION['memberID'] = $memberID['memberID'];
$_SESSION['firstname'] = $firstname['firstname'];
?>
And this in the html
<?php echo $_SESSION['memberID']; ?>
<?php echo $_SESSION['firstname']; ?>
If someone could help that would be great. I've worked all day on this and can't pass the variables to the landing page to the db.