nitation Posted January 26, 2009 Share Posted January 26, 2009 Hello folks, I am finding it hard to retrieve the id (mysql field) for a specific user. This is the scenario: When a user login to my system, i want the user to be able to click on a link to change his/her password. The login system works fine, but when the user clicks on the link, the change_password page will display without the user's information. This is what am doing: <a href="<?php echo "change_pin.php?regid={$_SESSION['regid']}" ?></a> I set this $_SESSION['regid'] from my login page after successful login like this: if($count==1){ $_SESSION['username'] = $username; $_SESSION['regid'] = $regid; Any help ~ Quote Link to comment Share on other sites More sharing options...
RichardRotterdam Posted January 26, 2009 Share Posted January 26, 2009 but when the user clicks on the link, the change_password page will display without the user's information. <a href="<?php echo "change_pin.php?regid={$_SESSION['regid']}" ?></a> If you use a session why would you attach the user id as url param? What does your query look like if you are going to display info you'll have to fetch it first. Or do you just need the session data? Quote Link to comment Share on other sites More sharing options...
nitation Posted January 26, 2009 Author Share Posted January 26, 2009 so what do i do in this situation. I want the user to click on a link and it should open a page with his information. Quote Link to comment Share on other sites More sharing options...
RichardRotterdam Posted January 26, 2009 Share Posted January 26, 2009 something like (you dont need id parameters you have those in your session) <a href="profile.php">check profile</a> on your profile.php you get the user data with a query <?php session_start(); $regid=(int)$_SESSION['regid']; $query="select from users where user_id={$regid}"; ?> Quote Link to comment Share on other sites More sharing options...
RichardRotterdam Posted January 26, 2009 Share Posted January 26, 2009 something like (you dont need id parameters you have those in your session) <a href="profile.php">check profile</a> on your profile.php you get the user data with a query <?php session_start(); $regid=(int)$_SESSION['regid']; $query="select from users where user_id={$regid}"; ?> edit: sorry you were trying to get the id didn't read well you could do a query with the session data you have Quote Link to comment Share on other sites More sharing options...
nitation Posted January 26, 2009 Author Share Posted January 26, 2009 Not working. Have a look at my code: <?php session_start(); $regid=(int)$_SESSION['regid']; $sqluser2=mysql_query("select*from register_account where regid={$regid}") or die(mysql_error()); if(!empty($sqluser2)) { $rowuser=mysql_fetch_array($sqluser2); $regid=$rowuser["regid"]; $surname=$rowuser["lastname"]; $firstname=$rowuser["firstname"]; $pin=$rowuser["pin"]; } ?> <?php echo $pin; ?> Outputs nothing Quote Link to comment Share on other sites More sharing options...
RichardRotterdam Posted January 26, 2009 Share Posted January 26, 2009 does $refid have a value? try to echo $reqid to see if it does. also echo out the query to see what the query looks like Quote Link to comment Share on other sites More sharing options...
nitation Posted January 26, 2009 Author Share Posted January 26, 2009 I did this both and am getting no value for them. <?=$_SESSION['regid']?> <?=$regid?> Quote Link to comment Share on other sites More sharing options...
nitation Posted January 26, 2009 Author Share Posted January 26, 2009 this is my login script <?php session_start(); ob_start(); error_reporting(E_ALL); ini_set('display_errors', 'off'); include_once 'includes/en.php'; include_once 'config.php'; $errorMsg=ENTER_ACCESS_CODE; if (isset($_POST['log'])) { $username=$_POST['username']; $password=$_POST['password']; $pin=$_POST['pin']; $regid=$_POST['regid']; $username = stripslashes($username); $password = stripslashes($password); $pin = stripslashes($pin); $regid = stripslashes($regid); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $pin = mysql_real_escape_string($pin); $regid = mysql_real_escape_string($regid); $sql="SELECT * FROM register_account WHERE username='$username' AND password='$password' AND pin='$pin' AND status=1"; $result=mysql_query($sql) or die("connection error"); $count=mysql_num_rows($result); // If result matched $username $pin and $password, table row must be 1 row if($count==1){ $_SESSION['username'] = $username; $_SESSION['password'] = $password; $_SESSION['pin'] = $pin; $_SESSION['regid'] = $regid; header("location:index.php"); } else { $errorMsg=ACCESS_CODE_ERROR_WRONG; } } ob_end_flush(); ?> Quote Link to comment Share on other sites More sharing options...
RichardRotterdam Posted January 26, 2009 Share Posted January 26, 2009 In your login script, does echo $regid; give a value? The way you set the session seems right so thats pretty odd Quote Link to comment Share on other sites More sharing options...
gevans Posted January 26, 2009 Share Posted January 26, 2009 change your login script to this; <?php session_start(); ob_start(); error_reporting(E_ALL); ini_set('display_errors', 'off'); include_once 'includes/en.php'; include_once 'config.php'; $errorMsg=ENTER_ACCESS_CODE; if (isset($_POST['log'])) { $username=$_POST['username']; $password=$_POST['password']; $pin=$_POST['pin']; $username = stripslashes($username); $password = stripslashes($password); $pin = stripslashes($pin); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $pin = mysql_real_escape_string($pin); $sql="SELECT * FROM register_account WHERE username='$username' AND password='$password' AND pin='$pin' AND status=1"; $result=mysql_query($sql) or die("connection error"); $count=mysql_num_rows($result); // If result matched $username $pin and $password, table row must be 1 row if($count==1){ $details = mysql_fetch_assoc($result); $_SESSION['username'] = $username; $_SESSION['password'] = $password; $_SESSION['pin'] = $pin; $_SESSION['regid'] = $details['regid'];//chec that `regid` is the field name in the db table header("location:index.php"); die(); } else { $errorMsg=ACCESS_CODE_ERROR_WRONG; } } ob_end_flush(); ?> and change the next page to.... Quote Link to comment Share on other sites More sharing options...
gevans Posted January 26, 2009 Share Posted January 26, 2009 <?php session_start(); $regid=(int)$_SESSION['regid']; $sqluser2 = mysql_query("SELECT * FROM register_account WHERE regid={$regid}") or die(mysql_error()); if($rowuser = mysql_fetch_assoc($sqluser2)) { $surname = $rowuser["lastname"]; $firstname = $rowuser["firstname"]; $pin = $rowuser["pin"]; } echo $pin; ?> Quote Link to comment Share on other sites More sharing options...
nitation Posted January 26, 2009 Author Share Posted January 26, 2009 Work like magic. thanks a million Quote Link to comment Share on other sites More sharing options...
gevans Posted January 26, 2009 Share Posted January 26, 2009 hit solved Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.