netman182 Posted December 5, 2009 Share Posted December 5, 2009 I have searched this forum and on the googles. I have been looking for a way to make a few session variables. i found some code to do the username but i need to make a session that will take some fields from the specific users information in their DB record. the table is managers. the fields I need to grab from the DB are: fname, lname, teamid, tname how do i from my login page send those variables from the db in the checklogin.php to the session variables for the managers session? here is the checklogin.php <?php include("db_include.php"); $table = 'managers'; // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $table WHERE email='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/184091-sessions-help/ Share on other sites More sharing options...
mrMarcus Posted December 5, 2009 Share Posted December 5, 2009 NOTE: most important rule when using sessions is to have session_start(); at the top of each and every page you are using sessions on. e.g. <?php session_start(); //more code; now, you will want to replace session_register() with $_SESSION[]: <?php session_register ('myusername'); //no-no .. instead, use this: $_SESSION['myusername'] = 'some_username'; //and same for any other session you want to create; ?> so, here's a snippet of code to get you started: <?php /** * you should always have a condition that needs * to be met before executing a database query, * and/or setting session variables containg * private information such as usernames and * passwords; just another measure towards security; * * 'submit' would be the name="submit" of your * submit/input button in the form; * * e.g., <input type="submit" name="submit" value="Login" /> */ if (isset ($_POST['submit'])) { include("db_include.php"); //unless this is dynamic, just hard-code into query //no need to set it to variable; $table = 'managers'; /** * do you need to use stripslashes()? * turn off magic_quotes() in php.ini */ $myusername = stripslashes ($_POST['myusername']); /** * good; */ $myusername = mysql_real_escape_string ($myusername); /** * add md5() hash to password; * never store RAW password(s) * in database; use a hashing * function like md5(); */ $mypassword = md5 ($_POST['mypassword']); //query .. obvious; $sql = " SELECT `email`, `password` FROM `{$table}` WHERE `email` = '".$myusername."' AND `password` = '".$mypassword."' "; //you should remove the 'or trigger_error (mysql_error())' when out of development stage; $result = mysql_query ($sql) or trigger_error (mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if (mysql_num_rows ($result) > 0) { //start session; session_start(); //fetch result from query for usage; $res = mysql_fetch_array ($result); /** * add username to session; redirect to file "login_success.php"; * storing a password in a session variable or cookie can * be dangerous if not done properly; unless you really need to, don't; */ $_SESSION['myusername'] = $res['email']; /** * password in db should already be hashed * using md5() or something similar; * you will have to change how users * register, and make sure to apply md5() * hashing on the original password created * by user; */ $_SESSION['mypassword'] = $res['password']; //do not set if password is not hashed; /** * always include exit() immediately following * a header() redirect to avoid any further * script from being executed accidentally; */ header ('Location: login_success.php'); exit (0); } else { echo 'Wrong Username and/or Password'; } } //end IF wrapper; ?> EDIT: regarding the md5() .. i just wanted to explain a little further what you're going to need to do now. if you don't follow, just create a new thread with your registration form/code; you will need to apply md5() to your registration form passwords before they are inserted into the db. and so on for any password update your users might do, etc. Quote Link to comment https://forums.phpfreaks.com/topic/184091-sessions-help/#findComment-971959 Share on other sites More sharing options...
netman182 Posted December 6, 2009 Author Share Posted December 6, 2009 i understand that. but what is the easy way to grab fields from the record where username and password match. eg. Name, Teamid, Team Name??? thanks Quote Link to comment https://forums.phpfreaks.com/topic/184091-sessions-help/#findComment-972370 Share on other sites More sharing options...
PFMaBiSmAd Posted December 6, 2009 Share Posted December 6, 2009 mrMarcus actually did answer your question, because you are basically asking how to fetch the row that the query returned - $res = mysql_fetch_array($result); You then reference the correct elements of $res and assign them to $_SESSION variables - $_SESSION['fname'] = $res['fname']; .. repeat for the other columns that your query returned Quote Link to comment https://forums.phpfreaks.com/topic/184091-sessions-help/#findComment-972380 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.