pengu

I eventually came to the conclusion that I can use the username to look up stuff in the database. The username is unique so I shouldn't run into multiple queries. If there is a better method, please do tell!

I have a table that contains ID username password ect ect Using Session ID I want to pass that information constantly through all the pages. At the moment as a test I'm just doing a echo of the "ID" on another page and It's not displaying it at all. I want to be able to pull information from the database for different pages. LINKS.PHP <?php session_start(); require_once('includes/functions.inc.php'); if (check_login_status() == false) { redirect('login.php'); } ?> <html> <head> </head> <style> a:hover { color: #333333; } </style> <body> <font face="Fixedsys"> <p>WELCOME <?php echo $_SESSION['id'] ; ?> </p> <p> [<a href="./news.php" target="body">News</a>] [<a href="./includes/logout.inc.php" target="body">logout</a>] </p> so it's not displaying the "ID" on this other page, for example

Oh can it? So far it's just being displayed as the ID. But I want to use it for a profile page and some other things. So I want to be able to grab it all the time SELECT * FROM whatever WHERE id = $_SESSION['id'] kind of thing.

Hey guys, Not the best with php, hence why I'm here asking for some help. I'm currently doing a website using "user authentication". So if you try to go to index.php or news.php it will redirect you to the login page, this is working just fine! Goes to database selects username&password, makes a session ID true and all pages check this.. The problem I'm having is I want to pass more information through the session, I'm 100% sure this is possible. For example in my "login.inc.php" page which checks all data entered I want to take the users "id" and pass this thru all pages so I can make for example.. a profile page. LOGIN.INC.PHP <?php require_once('*changed*'); require_once('functions.inc.php'); session_start(); // Check if user is already logged in if ($_SESSION['logged_in'] == true) { redirect('../index.php'); } else { if ( (!isset($_POST['username'])) || (!isset($_POST['password'])) OR (!ctype_alnum($_POST['username'])) ) { header('Location: ../login.php'); } $mysqli = @new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE); if (mysqli_connect_errno()) { printf("Unable to connect to database: %s", mysqli_connect_error()); exit(); } $username = $mysqli->real_escape_string($_POST['username']); $password = $mysqli->real_escape_string($_POST['password']); $sql = "SELECT * FROM users WHERE username = '" . $username . "' AND password = md5('" . $password . "')"; $result = $mysqli->query($sql); //sure this is wrong, it doesn't even make sense to me.. but it's what I want it to do //pull the ID from the database while($row = mysql_fetch_array($result)) { $id = $row['id']; } if (is_object($result) && $result->num_rows == 1) { // used throughout the other pages $_SESSION['logged_in'] = true; // this one works, but only because it's pulling it from the "form" $_SESSION['username'] = $username; //this don't work $_SESSION['id'] = $id; redirect('../index.php'); } else { redirect('../login.php'); } } ?> functions.inc.php <?php function redirect($page) { header('Location: ' . $page); exit(); } function check_login_status() { // If $_SESSION['logged_in'] is set, return the status if (isset($_SESSION['logged_in'])) { return $_SESSION['logged_in']; return $_SESSION['username']; return $_SESSION['id']; } return false; } ?> Please help!