Jump to content

Getting ID from Username

slj90

By slj90
in PHP Coding Help

 Share

Recommended Posts

slj90 Advanced Member

slj90

Posted
Posted

I have a table that has Customer ID along with their Username. My code currently uses their username as the 'auth User'. How do I get the CustomerID from the username..

 

The code I am using to get the username from the previous page is..

 

<?php

session_start();

// Check if we have an authenticated user
if (!isset($_SESSION["authenticatedUser"]))
//if not re-direct to login page
{
$_SESSION["message"] = "Please Login";
header("Location: loginpage.php");
}
else;
{
//If authenticated then display page conetents
?>

 

and to display the username..

 

<?php echo $_SESSION["authenticatedUser"]; ?>

 

So how would I go about getting the CustomerID from this?

 

Thank you

Link to comment
Share on other sites
joel24 Member

joel24

Posted
Posted

wheres the script to log the user in?

when they log in you should put their user id in a session value

 

or to get said value later on, you could do something like

$sql = @mysql_query("SELECT user_id FROM users WHERE username = '{$_SESSION["authenticatedUser"]}'");
$userID = mysql_fetch_array($sql);
$userID = $userID['user_id'];

Link to comment
Share on other sites
slj90 Advanced Member

slj90

Posted
  • Author
Posted

Thanks for your response.. I have added your code to my script and then added the following to see the result..

 

<?php echo $_SESSION["authenticatedUser"]; 
      echo $CustomerID 
  ?>

 

Where the CustomerID should be it says 'Array'?

 

The login script:

 

<?php
include ("connection.php");


session_start();
// Collect data from form and save in variables
//See if any info was submitted 
$Username = $_GET['Username'];  
//Clean data - trim space 
$Username = trim ( $Username);  
//Check its ok - if not then add an error message to the error string 
if (empty($Username))  
    $errorString = $errorString."<br>Please supply Username.";
//See if any info was submitted 
$Password = $_GET['Password'];  
//Clean data - trim space 
$Password = trim ( $Password);  
//Check its ok - if not then add an error message to the error string 
if (empty($Password))  
    $errorString = $errorString."<br>Please supply Password.";        

//  Query to search the user table
$query= "SELECT * FROM Customer WHERE Username='$Username' AND  Password='$Password'";

// Run query through connection
	$result = mysql_query ($query); 

// Check result of query 

// if rows found set authenticated user to the user name entered 
if (mysql_num_rows($result) > 0) { 
$_SESSION["authenticatedUser"] = $Username;
// Relocate to the logged-in page
header("Location: loggedon.php");
} 
else
// login failed redirect back to login page with error message
{
$_SESSION["message"] = "Could not connect as $Username " ;
header("Location: loginpage.php");
}
?>

 

 

 

 

 

Thank you very much for your help

Link to comment
Share on other sites
garethhall Regular Member

garethhall

Posted
Posted

Well you are already selecting the user and checking that there is a result so if mysql_num_rows($result) > 0 that means that a user has been found. So simply return the userID and set a session with the userID

 

 

if (empty($Password))  
    $errorString = $errorString."<br>Please supply Password.";        

//  Query to search the user table
$query= "SELECT * FROM Customer WHERE Username='$Username' AND  Password='$Password'";

// Run query through connection
	$result = mysql_query ($query);

###### NEW CODE return row details
$row = mysql_fetch_assoc($query);
###### END

// Check result of query 

// if rows found set authenticated user to the user name entered 
if (mysql_num_rows($result) > 0) { 
$_SESSION["authenticatedUser"] = $Username;

###### NEW CODE set the session
$_SESSION['userID'] = $row['userID'];
###### END

// Relocate to the logged-in page
header("Location: loggedon.php");
} 
else
// login failed redirect back to login page with error message
{
$_SESSION["message"] = "Could not connect as $Username " ;
header("Location: loginpage.php");
}

Link to comment
Share on other sites
slj90 Advanced Member

slj90

Posted
  • Author
Posted

Gareth, Thank you for response... I have added your lines to my code, however i get the following errors...

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /study_D/undergrad/c3221281/webpages/my_iis_website/loginAction.php on line 28

Warning: Cannot modify header information - headers already sent by (output started at /study_D/undergrad/c3221281/webpages/my_iis_website/loginAction.php:28) in /study_D/undergrad/c3221281/webpages/my_iis_website/loginAction.php on line 36

 

Line 28:

 

  $row = mysql_fetch_assoc($query);

 

 

Line 36:

 

header("Location: loggedon.php");

 

 

 

 

Thanks alot for your help

Link to comment
Share on other sites
slj90 Advanced Member

slj90

Posted
  • Author
Posted

It is now working with no errors  :)...

 

What do I need to put on the 'loggedon.php' page to get the userID?

 

What I am attempting to do is use it in a URL, to direct the user to a page where they update their details...

 

<a href="./updateprofile.php?UserID=<?php echo $row["UserID"]?>">YOUR DETAILS</a>

 

 

Thanks again

Link to comment
Share on other sites
garethhall Regular Member

garethhall

Posted
Posted

This

<a href="./updateprofile.php?UserID=<?php echo $_SESSION['userID']?>">YOUR DETAILS</a>

 

I use the session as that would make sure that the user is logged in to as nothing will be updated if the session is not set. You can also simply look at the generated source code to make sure it out puts the information.

 

The other things you need to look at is security.

1. I would never pass a username and password the the GET method as anyone could read it.

2. You need to protect mysql from sql injection (you are open to this attack at the moment)

3. you should also hash you password with sha1 or md5

Link to comment
Share on other sites
slj90 Advanced Member

slj90

Posted
  • Author
Posted

Gareth, Thanks a lot for all your help, it is now working great  :)!

 

At the moment security isn't too much of a big deal as I am just creating this as a small project for fun and to learn PHP and MySQL. I'm not planning on making it into an actual website with real users any time soon.

 

Thanks again!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.