aljosa Posted November 13, 2012 Share Posted November 13, 2012 Hi PHPFreaks, I'm banging my head with problem how could I initialize $_SESSION['userid'] on user login with MYSQL field "userid" value. I'll then use this session value from "userid" for users content identification for SQL publish and retrive from/to MySQL table. I have Class: <?php class Users { public $userid = null; public $username = null; public $email = null; public $password = null; // Escape dirty public function __construct( $data = array() ) { if( isset( $data['userid'] ) ) $this->userid = stripslashes( strip_tags( $data['userid'] ) ); if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) ); if( isset( $data['email'] ) ) $this->email = stripslashes( strip_tags( $data['email'] ) ); if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) ); } // Add form variables to public function storeFormValues( $params ) { //store the parameters $this->__construct( $params ); } // User login public function userLogin() { $success = false; try { $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD ); $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); $sql = "SELECT * FROM users WHERE email = :email AND password = :password AND active IS NULL LIMIT 1"; $stmt = $con->prepare( $sql ); $stmt->bindValue( "email", $this->email, PDO::PARAM_STR ); $stmt->bindValue( "password", $this->password, PDO::PARAM_STR ); $stmt->execute(); $valid = $stmt->fetchColumn(); if( $valid ) { $success = true; } $con = null; return $success; } catch ( PDOException $e ) { echo $e->getMessage(); return $success; } } ?> and login.php <?php if(isset($_SESSION['stat']) == 1) : header('Location:index.html'); else: include_once('includes/config.php'); $errs = ''; if( !(isset( $_POST['login'] ) ) ) { } else { $usr = new Users; $usr->storeFormValues( $_POST ); if( $_POST['email'] == "" || $_POST['password'] == "" ) { $errs = '<p class="error">All fields are required.</p>'; } else { if( $usr->userLogin() ) { if ( $_POST['email'] == $usr->email && $_POST['password'] == $usr->password ) { $_SESSION['email'] = $usr->email; $_SESSION['userid'] = $usr->userid; $_SESSION['stat'] = 1; header('Location:index.html'); } } else { $errs = '<p class="error">Invalid Email or Password.</p>'; } } } ?> Any help or suggestions appreciated from some PHP Guru. Oh.. And one more thing is userid from session secure enough for content to user linking in MySQL? Thank you all... Quote Link to comment Share on other sites More sharing options...
aljosa Posted November 13, 2012 Author Share Posted November 13, 2012 Please help Quote Link to comment Share on other sites More sharing options...
shlumph Posted November 13, 2012 Share Posted November 13, 2012 (edited) In your userLogin() function, you can set the $userid field from whatever is returned in that row if $success is true. Edit: inline code tags. Edited November 13, 2012 by shlumph Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted November 13, 2012 Share Posted November 13, 2012 you would need to return the value from the method, something like $this->userid = $valid['userid']; inside the userLogin method. that will overwrite the value, if there is one, in the object parameter, if you don't want to do that just add another param' and assign it to that. Quote Link to comment Share on other sites More sharing options...
aljosa Posted November 13, 2012 Author Share Posted November 13, 2012 Yuhuuu thank you Muddy_Funster you rock man!!!! I just added your $this->userid = $valid['userid']; inside function userLogin and in login.php $_SESSION['userid'] = $usr->userid; echos out $userid from MySQL. Thank you man a trillion times Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.