Hey guys,
Not the best with php, hence why I'm here asking for some help.
I'm currently doing a website using "user authentication". So if you try to go to index.php or news.php it will redirect you to the login page, this is working just fine! Goes to database selects username&password, makes a session ID true and all pages check this..
The problem I'm having is I want to pass more information through the session, I'm 100% sure this is possible. For example in my "login.inc.php" page which checks all data entered I want to take the users "id" and pass this thru all pages so I can make for example.. a profile page.
LOGIN.INC.PHP
<?php
require_once('*changed*');
require_once('functions.inc.php');
session_start();
// Check if user is already logged in
if ($_SESSION['logged_in'] == true) {
redirect('../index.php');
} else {
if ( (!isset($_POST['username'])) || (!isset($_POST['password'])) OR
(!ctype_alnum($_POST['username'])) ) {
header('Location: ../login.php');
}
$mysqli = @new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
if (mysqli_connect_errno()) {
printf("Unable to connect to database: %s", mysqli_connect_error());
exit();
}
$username = $mysqli->real_escape_string($_POST['username']);
$password = $mysqli->real_escape_string($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '" . $username . "' AND password = md5('" . $password . "')";
$result = $mysqli->query($sql);
//sure this is wrong, it doesn't even make sense to me.. but it's what I want it to do
//pull the ID from the database
while($row = mysql_fetch_array($result))
{
$id = $row['id'];
}
if (is_object($result) && $result->num_rows == 1) {
// used throughout the other pages
$_SESSION['logged_in'] = true;
// this one works, but only because it's pulling it from the "form"
$_SESSION['username'] = $username;
//this don't work
$_SESSION['id'] = $id;
redirect('../index.php');
} else {
redirect('../login.php');
}
}
?>
functions.inc.php
<?php
function redirect($page) {
header('Location: ' . $page);
exit();
}
function check_login_status() {
// If $_SESSION['logged_in'] is set, return the status
if (isset($_SESSION['logged_in'])) {
return $_SESSION['logged_in'];
return $_SESSION['username'];
return $_SESSION['id'];
}
return false;
}
?>
Please help!