Jump to content

Help

KaiSheng

By KaiSheng
in PHP Coding Help

 Share
Go to solution Solved by Ch0cu3r,

Recommended Posts

KaiSheng Newbie

KaiSheng

Posted
Posted

To make it more specific, i will post my code here.

 

home page)

        $query = ("SELECT * FROM `users` ");
        $result = mysqli_query($link, $query) or die(mysqli_error($link));
            $row = mysqli_fetch_array($result);
            $_SESSION['user_id']= $row['id'];
            $_SESSION['role'] = $row['role'];
            $status= $row['status'];
 
            echo '<p><i>Welcome!<br />';?>
        
        <br>
               <?php echo 'You are logged in as ' . '(' . $_SESSION['role'] . ')' ?>
            <br>
            <?php    
            echo 'Wanna play a game and win prizes?'?> Click  <tr>
<td><a href="gameInfo.php?id=<?php echo $_SESSION['user_id']; ?>">Here</a></td>
 
---
gameInfo page)
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($link, $sql) or die(mysqli_error($link));
$row = mysqli_fetch_array($result);
 
}
                        ?>
                        
            <tr>
<td>Click <a href="game.php" onclick="return confirm('Do you want to test your luck?')">Play Now!</a></td>
 
 
---
The problem is that
the session id is always the 1st user id even i am using different session id to login to the website.
 
---
please, anyone help me please?
I believe is that I have wrong variables on going.
However I do not know which is the wrong one as there is no error appeared on the screen.
 
Link to comment
Share on other sites
  • Solution
Ch0cu3r Newbie

Ch0cu3r

Posted
  • Solution
Posted (edited)

The problem is that

the session id is always the 1st user id even i am using different session id to login to the website.

Because you are getting all the users from the users table and then getting the first record from the query and setting it to the session.

 

The users session id should be set when they login, You should not be resetting the users session id on each page load. What is your login code?

Edited by Ch0cu3r
Link to comment
Share on other sites
Stefany93 Regular Member

Stefany93

Posted
Posted

Yup, the (*) operator is messing up your results, like the colleague above said. Never use the * to fetch everything from the DB because it makes it run way slower and if you add more columns you would need for special occasions only, and you fetch 'em all at every query, that will slow down your application greatly.

Link to comment
Share on other sites
KaiSheng Newbie

KaiSheng

Posted
  • Author
Posted (edited)

Because you are getting all the users from the users table and then getting the first record from the query and setting it to the session.

 

The users session id should be set when they login, You should not be resetting the users session id on each page load. What is your login code?

 

This is my login code.

--

<?php
session_start();
if (!isset($_SESSION['user_id'])) {
    if (isset($_POST['username'])) {
        //retrieve form data
        $username = $_POST['username'];
        $password = $_POST['password'];
 
 
        //connect to database
        $HOST = 'localhost';
        $USERNAME = 'root';
        $PASSWORD = '';
        $DB = 'db';
 
        $link = mysqli_connect($HOST, $USERNAME, $PASSWORD, $DB);
 
        //match the username and password entered with database record
        $query = ("SELECT * FROM `users` WHERE `username`='$username' AND `password`='".sha1($password)."'");
        $result = mysqli_query($link, $query) or die(mysqli_error($link));
 
        //if record is found, store id and username into session
        if (mysqli_num_rows($result) >0) {
            $row = mysqli_fetch_array($result);
            $_SESSION['user_id'] = $row['id'];
            $_SESSION['role'] = $row['role'];
 
            $msg = '<p><i>Hello, ' . $row['username'] . '!<br />';
            $msg .= 'You are logged in.<br /><a href="home.php">Home</a></p>';
        } else { //record not found
            $msg = '<p class="error">Sorry, you must enter a valid username and password to log in.<a href="login.php"> Back</a></p>';
            
        }
    }
} else {
    $msg = 'You are already logged in.<br /><a href="home.php">Home</a></p>';
}
?>
Edited by KaiSheng
Link to comment
Share on other sites
KaiSheng Newbie

KaiSheng

Posted
  • Author
Posted

Thanks!! problem fixed! :)

on the home page

 

code was 

    $query = ("SELECT * FROM `users` ");

i changed to

 $query = ("SELECT id,role FROM `users` WHERE id='".$_SESSION['user_id']."'");

 

!! 

 

Thanks 

Ch0cu3r

for the hint!!!!! THANKS. HAHAHAHHAA. SO HAPPY NOW. SPENT 2 DAYS ON THIS SHIT ):

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.