Jump to content

Session Handling problem


kinetskie25
Go to solution Solved by Psycho,

Recommended Posts

I am new to PHP coding and I may have a simple problem regarding session handling. I wish yo guys could help..

 

I made a simple site with user login functions. User login is working good, but there is a problem with the session handling.. What I want is that when the user logs in, the message "Welcome <user's first name here> !", but I don't know how to do that part.

 

here's my index.php:

<?php

session_start();
include_once('includes/connmng.php');


if (isset($_SESSION['logged_in'])){

?>
<?php $title = "SCIS - Home" ?>
<html>

<?php include('fragments/head.php'); ?>

<body>

<div id="wrapper">

<?php include('fragments/header.html'); ?>
<hr>
<br>

<?php include('fragments/loggedin.php'); ?>
<hr>
<br>

<?php include('fragments/nav.html'); ?>

<?php include('fragments/frontcontent.php'); ?>

<hr>
<br>

<?php include('fragments/pollsection.php'); ?>

<?php include('fragments/frontsciscont.php'); ?>

<?php include('fragments/fronttechcont.php'); ?>

<br>
<hr>

<?php include('fragments/footer.html'); ?>

</div> <!--wrapper -->

</body>

<?php include('fragments/scripts.html'); ?>

</html>

<?php
}else{
if(isset($_POST['username'], $_POST['password'])){
	$username = $_POST['username'];
	$password = md5($_POST['password']);

	if(empty($username) or empty($password)){
		$error = 'All fields required!';
	}else{
		$query = $pdo->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
		$query->bindValue(1, $username);
		$query->bindValue(2, $password);
		
		$query->execute();
		
		$num = $query->rowCount();
		
		if($num == 1){
		$_SESSION['logged_in'] = true;
		header('Location: index.php');
		exit();
		}else{
			$error = 'You may have entered a wrong username/password.';
		}
	}


} 
?>
<?php $title = "SCIS - Home" ?>

<html>

<?php include('fragments/head.php'); ?>

<body>

<div id="wrapper">

<?php include('fragments/header.html'); ?>
<hr>
<br>
<?php include('fragments/login.php'); ?>

<?php if (isset($error)){ ?>
	<small style="color: #aa0000;"> <?php echo $error; ?> </small>
	<br/> <br />
<?php } ?>
<hr>
<br>

<?php include('fragments/nav.html'); ?>

<?php include('fragments/frontcontent.php'); ?>

<hr>
<br>

<div id="preview">
<div id="center_preview">

<?php include('fragments/pollsection.php'); ?>

<?php include('fragments/frontsciscont.php'); ?>

<?php include('fragments/fronttechcont.php'); ?>

</div>
</div>

<br>
<hr>

<?php include('fragments/footer.html'); ?>

</div> <!--wrapper -->

</body>

<?php include('fragments/scripts.html'); ?>

</html>

<?php } ?>

and this is my loggedin.php: 

<?php
 include_once('includes/users.php');
 $user = new Users;
 $users = $user->fetch_all();


 ?>
<?php foreach ($users as $user){ ?>
 Welcome, <?php echo $user['firstName']?>! 
 <?php } ?>
 <a href="logout.php"> Logout </a>

and here's the users.php class I saw from a tutorial:

 <?php
 
class Users{
	public function fetch_all(){
		global $pdo;
		
		$query = $pdo->prepare("SELECT * FROM users");
		$query->execute();
		
		return $query->fetchAll();
	}
	
	public function fetch_data($id){
		global $pdo;
		
		$query = $pdo->prepare("SELECT * FROM user WHERE id = ?");
		$query->bindValue(1, $id);
		$query->execute();
		
		return $query->fetch();
	}
}

?>

as you can see, it will display the user's first name there, but it loops, so it also displays other users' first names. How can I make it only display the first name of the logged in user?

 

*sorry for my bad english*

Link to comment
Share on other sites

update your SQL so that you only find 1 user.

 

so add a WHERE clause: "WHERE user.username = $username"

where user.username refers to the table (user) and the field (username) that should match the provided username ($username) from the user through the login form

 

I notice that you don't actually check credentials, i.e. password.. so you might want to look into that also

Link to comment
Share on other sites

  • Solution

I don't see the actual login script. That is where you need to start. You are apparently only checking the value of $_SESSION['logged_in'] to determine if the user is logged in or not. I assume that is a simple Boolean value (i.e. True/false). Instead, you should store the User ID within the Session data. You can then use that for both determining if the user is logged in AND to query additional details about the logged in user if you wish. However, if you plan on using the "Welcome [firstname]" on many of the pages, then you might as well store that in the session data when the user logs in as well. Don't query the database on every page load for the same information if you don't need to.

 

So, in your login script, change it so it stores the user ID and the user's first name in session data. E.g.: $_SESSION['user_id']  and $_SESSION['user_fname'

 

Then change this in your index.php script

 

if (isset($_SESSION['logged_in'])){

 

To:

 

if (isset($_SESSION['user_id'])){

 

Then on the loggedin.php script use something like this

 

Welcome, <?php echo $_SESSION['user_fname']?>! 
<a href="logout.php"> Logout </a>
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.