h1234 Posted October 14, 2013 Share Posted October 14, 2013 (edited) i have put 3 users on my database. If i login with all 3 it works there is no problem(providing correct username and password matches).The problem is that it recognizes all 3 users as the first user. even if i check password it will display all three users password the same(all tho when i log in i have to have correct password and username for each user) as the first user which is user id 1. When i echo username or name or surname it displays the first users name or surname whatever i echo , no matter who i log in with I am not sure whats going on here at all. here is my code for the login functions i think the problems lies here i know this is not the best code but there must be a way to fix this users.php <?php function register_user($register_data){ Global $dbc; array_walk($register_data,'array_sanatize'); $register_data['password']= md5($register_data['password']); $fields='`'.implode('`, `',array_keys( $register_data)).'`'; $data='\''.implode('\', \'', $register_data).'\''; //print_r($register_data); mysqli_query($dbc," INSERT INTO `users` ($fields) VALUES ($data)"); //mysqli_error($dbc); } function user_data($user_id){ Global $dbc; $data=array(); $user_id = (int)$user_id; $func_num_args=func_num_args(); $func_get_args=func_get_args(); if($func_num_args >=1){ unset($func_get_args[0]); $fields='`'.implode('`, `', $func_get_args).'`'; $data=mysqli_query($dbc," SELECT $fields FROM `users` WHERE `user_id` = $user_id "); //mysqli_error($dbc); if ($data === false) { die("error on mysqli_query: ". mysqli_error($dbc)); } $data=mysqli_fetch_assoc($data); //print_r ($data); return $data; } } function logged_in(){ GLOBAL $dbc; return(isset($_SESSION['user_id'])) ? true : false; } function user_exists($username){ GLOBAL $dbc; $username=sanatize($username); $query= mysqli_query($dbc,"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return ($check[0]==1)?true:false; } function email_exists($email){ GLOBAL $dbc; $email=sanatize($email); $query= mysqli_query($dbc,"SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return ($check[0]==1)?true:false; } function user_active($username){ GLOBAL $dbc; $username=sanatize($username); $query= mysqli_query($dbc,"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1 "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return ($check[0]==1)?true:false; } function user_id_from_username($username){ GLOBAL $dbc; $username = sanatize($username); $query= mysqli_query($dbc,"SELECT `user_id` FROM `users` WHERE `username` = '$username' "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return $check[0]=='user_id'; } function login($username , $password){ GLOBAL $dbc; $user_id = user_id_from_username($username); $username = sanatize($username); $password = md5($password); $query= mysqli_query($dbc,"SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); //$check= mysqli_fetch_array( $query , MYSQLI_BOTH); if(mysqli_num_rows($query) == 1) { return 0 == 1 ? $user_id : true ; } // no results found so return false return false; log.php include("config/init.php"); if(empty($_POST)===false){ $username= $_POST['username']; $password= $_POST['password']; } if(empty($username) ===true || empty($password) ===true){ $errors[] ='Please enter a valid username and password'; } else if (user_exists($username)===false){ $errors[] ='This username does not exist. Please sign up'; } else if (user_active($username)===false) { $errors[]="you have not activated your account via email"; } else { // here errors //testing username passwords ect, if all of the above statemens failed $login=login($username,$password); if($login===false){ //$error[]= echo "That username and password combination is incorrect"; } else { // set username session // redirect user to home //die($login); $_SESSION['user_id']=$login; header('location:index.php'); exit(); } } //print_r($errors); include('templates/header.php'); include('templates/footer.php'); ?> config/init.php <?php session_start(); require('connect.php'); require('functions/general.php'); require('functions/users.php'); // to be accessed by every page to check errors for login if(logged_in()===true){ $session_user_id=$_SESSION['user_id']; $user_data = user_data($session_user_id,'user_id','username','password','name' ,'surname' ,'email'); //echo $user_data['name']; if(user_active($user_data['username'])=== false){ session_destroy(); header('Location:index.php'); exit(); } } //else echo "cannot retreive data"; $errors=array(); ?> this does not echo correct username or id . no errors are displayed <aside id="widgets"> require_once('config/init.php'); require_once('config/functions/users.php'); require_once('config/functions/general.php'); ?> <h4 class="username"> Welcome <?php echo $user_data['name'];?> </h4> <div class="inner"> <ul> <li> <a href="logout.php"> Log out </a> </li> <li> <a href="changepassword.php"> New password </a> </li> </ul> </div> <?php echo mysqli_error($dbc);?> </aside> <?php include('templates/footer.php'); ?> <?php ?> Edited October 14, 2013 by h1234 Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted October 14, 2013 Share Posted October 14, 2013 I think here you should have to return $row['user_id'] from your database table instead just true; function logged_in(){ GLOBAL $dbc; return(isset($_SESSION['user_id'])) ? true : false; } Quote Link to comment Share on other sites More sharing options...
h1234 Posted October 15, 2013 Author Share Posted October 15, 2013 I think here you should have to return $row['user_id'] from your database table instead just true; function logged_in(){ GLOBAL $dbc; return(isset($_SESSION['user_id'])) ? true : false; } Thanks man but how? im new to php Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 15, 2013 Share Posted October 15, 2013 Which ever user successfully logs in, Your code will always return the user's data with the user_id of 1. This is because your login() function does not return the users user_id but the boolean value of true when the username and password match a record in the users table! function login($username , $password) { GLOBAL $dbc; $user_id = user_id_from_username($username); $username = sanatize($username); $password = md5($password); $query= mysqli_query($dbc,"SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); if(mysqli_num_rows($query) == 1) { return 0 == 1 ? $user_id : true; } // no results found so return false return false; } This line will always return true return 0 == 1 ? $user_id : true;You save the returned value of login() to the $_SESSION['user_id'] variable. This variable is then passed to the user_data() function to get the logged in users data. You then convert the users id value to an integer. $user_id = (int)$user_id;Which will convert the boolean value of $user_id to the integer value of 1. So therefore the query within that function will always return the user with the user_id of 1. $data=mysqli_query($dbc," SELECT $fields FROM `users` WHERE `user_id` = $user_id "); What you need to do is set the session data when the query successfully returns a result with a matched username/password. You should not be using user_data() function to get their data on each page request. This will be your login function function login($username , $password) { GLOBAL $dbc; $username = sanatize($username); $password = md5($password); // get all users data from database when username/password match. $query= mysqli_query($dbc,"SELECT `user_id`, `username`, `name` , `surname`, `email` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); if(mysqli_num_rows($query) == 1) { // set user data to sessions $row = mysqli_fetch_assoc($query); $_SESSION['user_id'] = $row['user_id']; $_SESSION['username'] = $row['username']; $_SESSION['name'] = $row['name']; $_SESSION['surname'] = $row['surname']; $_SESSION['email'] = $row['email']; return true; // return true } // no results found so return false return false; } To check if the user successfully logged in with the username/password you'd do if(login($username, $password)) { // successfully logged in! // Session data is already reloaded with users data printf('<pre>%s</pre>', print_r($_SESSION, true)); } else { // did not successfully login } Quote Link to comment Share on other sites More sharing options...
h1234 Posted October 15, 2013 Author Share Posted October 15, 2013 Which ever user successfully logs in, Your code will always return the user's data with the user_id of 1. This is because your login() function does not return the users user_id but the boolean value of true when the username and password match a record in the users table! function login($username , $password) { GLOBAL $dbc; $user_id = user_id_from_username($username); $username = sanatize($username); $password = md5($password); $query= mysqli_query($dbc,"SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); if(mysqli_num_rows($query) == 1) { return 0 == 1 ? $user_id : true; } // no results found so return false return false; } This line will always return true return 0 == 1 ? $user_id : true;You save the returned value of login() to the $_SESSION['user_id'] variable. This variable is then passed to the user_data() function to get the logged in users data. You then convert the users id value to an integer. $user_id = (int)$user_id;Which will convert the boolean value of $user_id to the integer value of 1. So therefore the query within that function will always return the user with the user_id of 1. $data=mysqli_query($dbc," SELECT $fields FROM `users` WHERE `user_id` = $user_id "); What you need to do is set the session data when the query successfully returns a result with a matched username/password. You should not be using user_data() function to get their data on each page request. This will be your login function function login($username , $password) { GLOBAL $dbc; $username = sanatize($username); $password = md5($password); // get all users data from database when username/password match. $query= mysqli_query($dbc,"SELECT `user_id`, `username`, `name` , `surname`, `email` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); if(mysqli_num_rows($query) == 1) { // set user data to sessions $row = mysqli_fetch_assoc($query); $_SESSION['user_id'] = $row['user_id']; $_SESSION['username'] = $row['username']; $_SESSION['name'] = $row['name']; $_SESSION['surname'] = $row['surname']; $_SESSION['email'] = $row['email']; return true; // return true } // no results found so return false return false; } To check if the user successfully logged in with the username/password you'd do if(login($username, $password)) { // successfully logged in! // Session data is already reloaded with users data printf('<pre>%s</pre>', print_r($_SESSION, true)); } else { // did not successfully login } thanks but where do i place this in my init.php file? as all i am getting is underfined variables. Is there any way to change the user_data function only to get this to work as i want to echo the username when user logs in. i hope this make sense. thanks Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 15, 2013 Share Posted October 15, 2013 You do not need the user_data() function any more. This has now been merged with the login() function. The login function stores the users data in the $_SESSION. Instead of using the $user_data variable to get the users data you now use $_SESSION. When you want to echo the users name, you use <?php echo $_SESSION['name'];?> Instead of $user_data['name'] Quote Link to comment Share on other sites More sharing options...
h1234 Posted October 15, 2013 Author Share Posted October 15, 2013 (edited) You do not need the user_data() function any more. This has now been merged with the login() function. The login function stores the users data in the $_SESSION. Instead of using the $user_data variable to get the users data you now use $_SESSION. When you want to echo the users name, you use <?php echo $_SESSION['name'];?> Instead of $user_data['name'] thanks but what happens to this functions as i use this to state what files are protected for example and this states what user can see it links to. When i use the if statement to check when user is logged in i get undefined variables for username and password. function logged_in(){ GLOBAL $dbc; return isset($_SESSION['user_id']) ; } this was whats in my init.php file i am not using the $user_data anymore but if i do then it doesnt recognise .It still doesnt echo out the name. the session is started in this file if(logged_in()===true){ $session_user_id=$_SESSION['user_id']; $user_data = user_data($session_user_id,'user_id','username','password','name' ,'surname' ,'email'); //echo $user_data['name']; if(user_active($user_data['username'])=== false){ session_destroy(); header('Location:index.php'); exit(); } } you been a great help so far. thanks man Edited October 15, 2013 by h1234 Quote Link to comment Share on other sites More sharing options...
h1234 Posted October 15, 2013 Author Share Posted October 15, 2013 thanks but what happens to this functions as i use this to state what files are protected for example and this states what user can see it links to. When i use the if statement to check when user is logged in i get undefined variables for username and password. function logged_in(){ GLOBAL $dbc; return isset($_SESSION['user_id']) ; } this was whats in my init.php file i am not using the $user_data anymore but if i do then it doesnt recognise .It still doesnt echo out the name. the session is started in this file if(logged_in()===true){ $session_user_id=$_SESSION['user_id']; $user_data = user_data($session_user_id,'user_id','username','password','name' ,'surname' ,'email'); //echo $user_data['name']; if(user_active($user_data['username'])=== false){ session_destroy(); header('Location:index.php'); exit(); } } you been a great help so far. thanks man another thing is that user_data is being used to change passwords as well. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 15, 2013 Share Posted October 15, 2013 (edited) The logged_in function should work as before, no need to modify it. No need to use the user_data function as data is already in the $_SESSION variable Do not use $user_data, use $_SESSION init.php should be if(logged_in() === true) { $session_user_id = $_SESSION['user_id']; if(user_active($_SESION['username']) === false){ session_destroy(); header('Location:index.php'); exit(); } } another thing is that user_data is being used to change passwords as well. how Is the password changed? Edited October 15, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
h1234 Posted October 15, 2013 Author Share Posted October 15, 2013 (edited) The logged_in function should work as before, no need to modify it. No need to use the user_data function as data is already in the $_SESSION variable Do not use $user_data, use $_SESSION init.php should be if(logged_in() === true) { $session_user_id = $_SESSION['user_id']; if(user_active($_SESION['username']) === false){ session_destroy(); header('Location:index.php'); exit(); } } how Is the password changed? i just changed code and now it doesnt logged me in at all. the code below does not work. Where must this be placed after the login function? it says i am not logged in if(login($username, $password)) { // successfully logged in! // Session data is already reloaded with users data printf('<pre>%s</pre>', print_r($_SESSION, true)); } else { // did not successfully login } if(logged_in()===true){ $session_user_id=$_SESSION['user_id']; $user_data = user_data($session_user_id,'user_id','username','password','name' ,'surname' ,'email'); //$_SESSION['user_id','username','password','name' ,'surname' ,'email']; //echo $user_data['name']; if(user_active($user_data['username'])=== false){ session_destroy(); header('Location:index.php'); exit(); } } //else echo "cannot retreive data"; only logs in with the old code in init.php Edited October 15, 2013 by h1234 Quote Link to comment Share on other sites More sharing options...
Solution Ch0cu3r Posted October 15, 2013 Solution Share Posted October 15, 2013 (edited) i just changed code and now it doesnt logged me in at all. the code below does not work. Where must this be placed after the login function? it says i am not logged in if(login($username, $password)) { // successfully logged in! // Session data is already reloaded with users data printf('<pre>%s</pre>', print_r($_SESSION, true)); } else { // did not successfully login } That code above is to replace this code in log.php $login=login($username,$password); if($login===false){ //$error[]= echo "That username and password combination is incorrect"; } else { // set username session // redirect user to home //die($login); $_SESSION['user_id']=$login; header('location:index.php'); exit(); } Replace // successfully logged in! with the code you want to run when user successfully logs in Replace // did not successfully login with the code you want to run when the user does not successfully login. You can remove printf('<pre>%s</pre>', print_r($_SESSION, true));. it is only there to display what is stored within the $_SESSION variable when login is successful. The code in reply #9 replaces the code in init.php Edited October 15, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
h1234 Posted October 15, 2013 Author Share Posted October 15, 2013 That code above is to replace this code in log.php $login=login($username,$password); if($login===false){ //$error[]= echo "That username and password combination is incorrect"; } else { // set username session // redirect user to home //die($login); $_SESSION['user_id']=$login; header('location:index.php'); exit(); } Replace // successfully logged in! with the code you want to run when user successfully logs in Replace // did not successfully login with the code you want to run when the user does not successfully login. You can remove printf('<pre>%s</pre>', print_r($_SESSION, true));. it is only there to display what is stored within the $_SESSION variable when login is successful. The code in reply #9 replaces the code in init.php Awsome man . it seems to be working as i see the different user_id display correct within the array. but now i get this error and it does not stay logged in. this is what i get in the log.php Notice: Undefined index: username in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 218 Notice: Undefined index: name in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 219 Notice: Undefined index: surname in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 220 Notice: Undefined index: email in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 221 Notice: Undefined index: username in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 218 Notice: Undefined index: name in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 219 Notice: Undefined index: surname in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 220 Notice: Undefined index: email in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 221 successfully logged in! Array ( [user_id] => 6 [username] => [name] => [surname] => [email] => ) Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted October 16, 2013 Share Posted October 16, 2013 (edited) Make some effort man. @Ch0cu3r did the hard part of the code for you, all you need to do is to define username, surname,name and mails variables like user_id and to redirect the page. Edited October 16, 2013 by jazzman1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.