Jump to content

Trouble converting user id into variable


Go to solution Solved by mac_gyver,

Recommended Posts

My goal here is to list projects by user once the user is logged in.  I have the back end in PHPAdmin set up and the query works fine.  I've sort of run into a wall due to my inexperience  when it comes to making the query work in the code.  I'm thinking it's somehow tied to setting variables relating to the SESSION VARIABLE for the user who has just logged in.  You'll see my log-in page first, and in the next block I've posted my page which will list the projects for the user who has logged in.  The User page is obviously not finished yet because I know the variables I need will go into the query on line 58, in addition this is my first attempt at relating tables in a query.

 

Thanks,

CB

<!DOCTYPE html>

<?php 
session_start(); 
$conn = mysqli_connect("localhost","root","","hsa_project_hub");
?>

<!--Project Hub index-->
<html>
	<head>
		<title>Project Hub Login</title>
		
		
		<!-- Modernizr allows HTML5 elements to work in older browsers: http://modernizr.com/ -->
		<script src="js/modernizr.js"></script>
	</head>
<style>

img {
	display: block;
	margin-left: auto;
	margin-right: auto;	
	box-shadow: 5px 5px 5px #888888;
	Float:	left
	position:	relative;
}

#container {
	background: #F0F0F0;
	width: 		300px;	
	display: block;
	margin-left: auto;
	margin-right: auto;
	border-style: solid;
	border-width: 1px;
}

h4	{
	font-family: "Avant Garde",Avantgarde,"Century Gothic",CenturyGothic,AppleGothic,sans-serif;
	font-size: 30px;
	color: #8F0000;
	float: left;
	position: relative;
	left: 70px;
	font-style:italic;
}

#copy_right {
	font-size: 10px;
	text-align: center;	
} 


</style>
	<body>
		
		<div id="container">
			
			<img src="images/hsa-logo.jpg" align="middle" alt=HSA logo>
							
			<h4>Project Hub</h4>	
			
		<!--Start of form-->
		<form action="index.php" method="post"> 			
				
	
		<table align="center" bgcolor="#F0F0F0" width="300" >
			<tr align="center">				
			</tr>
			
			<tr>
				<td align="right"><strong>Log-in:</strong></td>
				<td>
					<input type="text" name="user_loginName" placeholder="Enter your Log-in" required="required"/> 
				</td>
			</tr>
			
			<tr>
				<td align="right"><strong>Password:</strong></td>
				<td>
					<input type="password" name="user_pass" placeholder="Enter your pass"required="required"/> 
				</td>
			</tr>			
			
			<tr align="center">
				<td colspan="6">
					<input type="submit" name="login" value="Login"/>
				</td>
			</tr>
			
			
			
		</table>
	
	</form>
	
	</div><!--End of Container-->
	<p id="copy_right">Heitkamp Swift Architects © 2015</p>
			
			
			<?php
			//Validate log-in and password
				if(isset($_POST['login'])) {
					$user_loginName = mysqli_real_escape_string($conn,$_POST['user_loginName']);
					$user_pass = mysqli_real_escape_string($conn,$_POST['user_pass']);
					
					$sel = "select * from hsa_users where user_loginName='$user_loginName' AND user_pass='$user_pass'";
					$run = mysqli_query($conn, $sel);
					$check = mysqli_num_rows($run);
					
					if($check==0){						
					echo "<script>alert('Incorrect Log-in or Password.  Try again.')</script>";
					exit();						
					}
					else {
					
					$_SESSION['user_loginName']=$user_loginName;
					
					echo "<script>window.open('main.php','_self')</script>";
											
					}
				}
			
			?>
		
		
		
	</body>
</html>

User Page

<!DOCTYPE html>

<?php
session_start(); 

if(!$_SESSION['user_loginName']){
	header("location: index.php");
	}
else {
	
?>	

<!--Project Hub main.  Listed projects are dependant upon login permissions-->

<html>

	<head>
		<title>Project Hub Projects</title>

		<link href="hsastyle.css" rel="stylesheet">

	</head>
		<body>
			<div id="main_container">
				<p><em>version 1.0 beta</em></p>
		
				<div id="banner">
			
					<div id="logo">
						<img src="images/hsa-logo.jpg" alt=HSA logo>
					</div>
		
					<H2><em>Project Hub</em></h2>
					<h5><a href="logout.php">Log Out</a></h5>
			
						
				</div> <!--End Banner-->
			
			
				<h1>PROJECTS:</h1><br>
				
				
	<!--List of projects by user -->
		
		<table align="center">
		
			<tr align="center">
				<th>Project Name</th>
				<th>Project (HSA) No.</th>
				<th>RFI's</th>
				<th>Submittals</th>				
			</tr>

<?php


		//Getting projects from user session variable
		$sel = "select * from hsa_users,projects,member_project WHERE projects.id=member_project.project_id AND member_project.user_id=2 AND hsa_users.id=2";
		
	
		


?>

		</table>

					
			</div> <!--End main container-->
			<div id="copy_right"
			<p id="copy_right">Heitkamp Swift Architects © 2015</p>			
			</div>
	
	

			
			


			
<?php

	



?>
		
		
		
		</body>
		
		
</html>

<?php } ?>
Edited by CloudBreaker
Nobody has answered, so I think I will jump in and try to help.
In your CSS code, you have:
font-family: "Avant Garde",Avantgarde,"Century Gothic",CenturyGothic,AppleGothic,sans-serif;
 
Simply switch "Avantgarde" with "CenturyGothic" like this:
 
font-family: "Avant Garde",CenturyGothic,"Century Gothic",Avantgarde,AppleGothic,sans-serif;
 

 

Then your code should work.

when the user logs in, retrieve the user id from the database table and store it in a session variable - $_SESSION['user_id'] = $row['whatever_your_id_column_name_is']; // assuming that you have executed a database fetch statement and assigned the row to $row

 

then, just use $_SESSION['user_id'] at the point where you need to reference the currently logged in user's id.

Thanks mac_gyver.

 

I'm still having some issues...I've set the session variables that I need, but for some reason, on the next page the only variable that is carried through is the 'user_loginName' variable.  When the login in directed to main.php line 43 successfully echos the "user_loginName" while line 15 and 16 returns an "undefined index" error.  I don't understand why the "id" and the "user_firstName" variables are not echoing or not passing through to page for that matter.  

 

thanks

CB

 

index.php (the log-in page)

<?php
			//Validate log-in and password
				if(isset($_POST['login'])) {
					$user_loginName = mysqli_real_escape_string($conn,$_POST['user_loginName']);
					$user_pass = mysqli_real_escape_string($conn,$_POST['user_pass']);
					$id = ($conn['id']);
					$user_firstName = ($conn['user_firstName']);
					
					$sel = "select * from hsa_users where user_loginName='$user_loginName' AND user_pass='$user_pass' AND id='$id' AND user_firstName='$user_firstName'";
					$run = mysqli_query($conn, $sel);
					$check = mysqli_num_rows($run);
					
					if($check==0){						
					echo "<script>alert('Incorrect Log-in or Password.  Try again.')</script>";
					exit();						
					}
					else {
					
					$_SESSION['user_loginName']=$user_loginName;
					$_SESSION['id']=$id;
					$_SESSION['user_firstName']=$user_firstName;
				
					
					
					
					echo "<script>window.open('main.php','_self')</script>";
											
					}
				}
			
			?>

main.php

<!DOCTYPE html>

<?php
session_start(); 

if(!$_SESSION['user_loginName']){
	header("location: index.php");
	}
else {
	
?>	

<?php
// Echo session variables that were set on previous page
echo " The ID is " . $_SESSION["id"] . ".<br>";
echo "The First Name is " . $_SESSION["user_firstName"] . ".";
?>



<!--Project Hub main.  Listed projects are dependant upon login permissions-->

<html>

	<head>
		<title>Project Hub Projects</title>

		<link href="hsastyle.css" rel="stylesheet">

	</head>
		<body>
			<div id="main_container">
				<p><em>version 1.0 beta</em></p>
		
				<div id="banner">
			
					<div id="logo">
						<img src="images/hsa-logo.jpg" alt=HSA logo>
					</div>
		
					<H2><em>Project Hub</em></h2>
					<h5><a href="logout.php">Log Out</a></h5>
					<H6>Welcome  <?php echo $_SESSION['user_loginName'];?>
			
						
				</div> <!--End Banner-->
Edited by CloudBreaker

In the code you posted you are calling session_start() after the opening <DOCTYPE html> tag. This is wrong, it needs to be called before that line. Anything that is outside of the php tags is classed as output. This is what scootstah meant by his post.

 

You should rearrange your code in your scripts so all processing is done before you begin to output any HTML. Eg your code should be layout like

 

Eg

<?php
session_start();

// process the login here

?>
then you output your html here
  • Solution

                    $id = ($conn['id']);

                    $user_firstName = ($conn['user_firstName']);

 

 

^^^ you may be setting session variables using the result from the above two lines of code, but they are not the values that you think they are.

 

$conn in those two lines of code is your database connection. both of those lines of code should be throwing php errors, because there is no id or user_firstName values having anything to do with $conn. in order to retrieve the row from your database table, you need to execute a mysqli_fetch_assoc() statement.

 

and in looking at the sql query statement, you have now added some conditions in it that will never be true. your login should always be failing.

 

you are also (apparently) storing passwords in your database table in plain text. this is not safe as it will allow anyone that gains access to your data to have the raw passwords. php has password_hash() and password_verify() functions that you should be using. there are examples of how to use them in the php.net documentation.

 

^^^ you may be setting session variables using the result from the above two lines of code, but they are not the values that you think they are.

 

 

 

  

I was setting them with the POST variables taken from the user input.   The only error I'm receiving is an unassigned index error after I log in...everything else is functioning as expected up to this point in the code minus the these to variables not carrying over.  I now realize I have to treat this separately with the correct syntax with a a mysqli_fetch_assoc() statement as you mentioned .   Maybe I just should assign these two session variables on the main page instead of the log-in page. I plan on hashing the passwords after I get everything working smoothly...currently I'm doing all this locally.

 

thanks again all

$user_loginName = mysqli_real_escape_string($conn,$_POST['user_loginName']);
$user_pass = mysqli_real_escape_string($conn,$_POST['user_pass']);
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.