Pdo Class Function To $_Session['userid']

[aljosa]

Hi PHPFreaks,

I'm banging my head with problem how could I initialize $_SESSION['userid'] on user login with MYSQL field "userid" value. I'll then use this session value from "userid" for users content identification for SQL publish and retrive from/to MySQL table.

 

I have Class:

 

<?php
class Users {
public $userid = null;
public $username = null;
public $email = null;
public $password = null;
// Escape dirty
public function __construct( $data = array() ) {
if( isset( $data['userid'] ) ) $this->userid = stripslashes( strip_tags( $data['userid'] ) );
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['email'] ) ) $this->email = stripslashes( strip_tags( $data['email'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}
// Add form variables to
public function storeFormValues( $params ) {
//store the parameters
$this->__construct( $params );
}
// User login
public function userLogin() {
$success = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM users WHERE email = :email AND password = :password AND active IS NULL LIMIT 1";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "email", $this->email, PDO::PARAM_STR );
$stmt->bindValue( "password", $this->password, PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetchColumn();
if( $valid ) {
$success = true;
}
$con = null;
return $success;
} catch ( PDOException $e ) {
echo $e->getMessage();
return $success;
}
}
?>

 

and login.php

 

<?php

if(isset($_SESSION['stat']) == 1) :
header('Location:index.html');
else:

include_once('includes/config.php');

$errs = '';


if( !(isset( $_POST['login'] ) ) ) {
} else {
$usr = new Users;
$usr->storeFormValues( $_POST );

if( $_POST['email'] == "" || $_POST['password'] == "" ) {
$errs = '<p class="error">All fields are required.</p>';

} else {

if( $usr->userLogin() ) {

if ( $_POST['email'] == $usr->email && $_POST['password'] == $usr->password ) {
$_SESSION['email'] = $usr->email;
$_SESSION['userid'] = $usr->userid;
$_SESSION['stat'] = 1;
header('Location:index.html');
}

} else {
$errs = '<p class="error">Invalid Email or Password.</p>';
}
}
}
?>

 

Any help or suggestions appreciated from some PHP Guru. Oh.. And one more thing is userid from session secure enough for content to user linking in MySQL? Thank you all...

[aljosa]

Please help

[shlumph]

In your userLogin() function, you can set the $userid field from whatever is returned in that row if $success is true.

 

Edit: inline code tags.

Edited November 13, 2012 by shlumph

[Muddy_Funster]

you would need to return the value from the method, something like $this->userid = $valid['userid']; inside the userLogin method.

 

that will overwrite the value, if there is one, in the object parameter, if you don't want to do that just add another param' and assign it to that.

[aljosa]

Yuhuuu thank you Muddy_Funster you rock man!!!!

 

I just added your $this->userid = $valid['userid']; inside function userLogin and in login.php $_SESSION['userid'] = $usr->userid; echos out $userid from MySQL.

 

Thank you man a trillion times