[SOLVED] Retrieving session-id information

[barbz]

Hi to all,

I am building this website and want users to, once they have registered and logged in, to access their personal profile page. So far they can register and login and access their potential personal page. However, i don't know how to retrieve the session ID to do simple stuff like echo-ing "hi [username]!". I'm using mySQL for this.

this is my login script:

<?php
//Start session
session_start();

//Connect to mysql server
$link=mysql_connect("localhost","root","root");
if(!$link) {
	die('Failed to connect to server - Please contact administrator: ' . mysql_error());
}
//Select database
$db=mysql_select_db("database_name");
if(!$db) {
	die("Unable to select database - Please contact the administrator");
}

//Sanitize the value received from login field
//to prevent SQL Injection
if(!get_magic_quotes_gpc()) {
	$login=mysql_real_escape_string($_POST['login']);
}else {
	$login=$_POST['login'];
}

//Create query
$qry="SELECT member_id FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result)>0) {
		//Login Successful
		session_regenerate_id();
		$member=mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID']=$member['member_id'];
		session_write_close();
		header("location: ../account.php");
		exit();
	}else {
		//Login failed
		header("location: ../index.php");
		exit();
	}
}else {
	die("Query failed");
}
?>

 

on each page, i have run this authorisation script to check whether the user is logged in or not:

 

<?php
//Start session
session_start();
//Check whether the session variable
//SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID'])=='')) {
	header("location: access-denied.php");
	exit();
}
?>

that is called with this script at the beginning of any member-only page:

<?php
require_once('auth.php');
?>

 

My mySQL "members" table is sorted like this:

 

 

#member_id

#int(11)

#UNSIGNED

#No

#auto_increment

#firstname#varchar(100)#latin1_swedish_ci#Yes#NULL

#lastname#varchar(100)#latin1_swedish_ci#Yes#NULL

#login#varchar(100)#latin1_swedish_ci#No[/td]

#passwd#varchar(32)#latin1_swedish_ci#No

 

I am no MySQL or PHP genius as you can see.. I just need to associate a session id to a member id which i can then asociate to a member name. I searched in this forum,Google and my PHP book with no luck, I can't seem to find exactly what I need.

Thank you in advance for any help or suggestions

 

[barbz]

Actually, I managed to display to username of the logged user successfully but I'm not sure it's the best approach:

what i did was, in the login script, if the login process was a success, create a new variable that stored the value entered in the login form.

 

		$_SESSION['SESS_LOGIN']=$login;

 

In the member page i simply echo-ed this value:

 

 <?php echo $_SESSION['SESS_LOGIN']; ?>

 

I have two questions for this though:

1. Is it safe or a even a good approach?

2. how could I now access more information about this user. I think it's something along the line of creating a mysql query that looks like: $query = "SELECT wanted_info FROM members WHERE login='$login'";  or instead of WHERE login='$login', calling the SESS_LOGIN value but i'm not quite sure what the full code is, if I have to connect to the mysql database each time i call these pieces of information etc... any help would be immensely appreciated.

Thank you

[barbz]

Sorry to insist, but help would really really be appreciated

[mikefrederick]

youre basically there...

$memberid=$_SESSION['SESS_MEMBER_ID'];

$qry="SELECT * FROM members WHERE member_id='$memberid'";

$sql=mysql_query($qry);

$results=mysql_fetch_assoc($sql);

echo $results['member_id'];

echo $results['firstname'];

and so on

[barbz]

arg! thank you so much!

These few lines you posted will possibly allow me to get my degree.. simple as that.

A huge thank you..