jygrnmny Posted July 26, 2015 Share Posted July 26, 2015 I changed my login page to use PDO. After researching, I can't seem to find a solution on how to pass variables that are not defined in the login page. I can pass the username and display it with no issues but the memberid and firstname doesn't pass no matter what I try. I'm trying to pass id and firstname - to display the first name. The id is to define who's logged in because data will be populating a database with existing info for that user. There are two databases, one with registration info - id, firstname, lastname, password..... The second database will populate examination info and will be linked with the registration database < again so it knows who's taking the exam. Here's the code I've tried to pass the variables needed to landing page minus html. Login.php require_once('inc/config.php'); //check if already logged in move to home page if( $user->is_logged_in() ){ header('Location: members.php'); } //process login form if submitted if(isset($_POST['submit'])){ $memberID = $_POST['memberID']; $firstname= $_POST['firstname']; $email = $_POST['email']; $password = $_POST['password']; if($user->login($email,$password)){ $_SESSION['email'] = $email; $_SESSION['memberID'] = $memberID; $_SESSION['firstname'] = $firstname; header('Location: members.php'); exit; } else { $error[] = 'Wrong email or password.'; } } ?> USER.php This is where I've added memberid and firstname but not passing. <?php include('password.php'); class User extends Password{ private $_db; function __construct($db){ parent::__construct(); $this->_db = $db; } private function get_user_hash($username, memberID, firstname){ try { $stmt = $this->_db->prepare('SELECT memberID, firstname, password FROM members WHERE username = :username AND active="Yes WHERE memberID = :memberID AND firstname = :firstname LIMIT 1" '); $stmt->execute(array('memberID' => $memberID)); $stmt->execute(array('firstname' => $firstname)); $stmt->execute(array('username' => $username)); $row = $stmt->fetch(); return $row['password']; } catch(PDOException $e) { echo '<p class="bg-danger">'.$e->getMessage().'</p>'; } } public function login($username,$password){ $hashed = $this->get_user_hash($username); if($this->password_verify($password,$hashed) == 1){ $_SESSION['loggedin'] = true; return true; } } public function logout(){ session_destroy(); } public function is_logged_in(){ if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){ return true; } } } ?> LANDING PAGE Here's what I have at the top of the landing page. <?php session_start(); $_SESSION['memberID'] = $memberID['memberID']; $_SESSION['firstname'] = $firstname['firstname']; ?> And this in the html <?php echo $_SESSION['memberID']; ?> <?php echo $_SESSION['firstname']; ?> If someone could help that would be great. I've worked all day on this and can't pass the variables to the landing page to the db. Quote Link to comment Share on other sites More sharing options...
requinix Posted July 27, 2015 Share Posted July 27, 2015 Are you sure the login form contains those values? That's highly unusual. Aren't you supposed to use the email and password to look up that information in your database instead? Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted July 27, 2015 Share Posted July 27, 2015 Do you have errors enabled? Also, add "traps" along the way so you know you are executed the expected code. Use var_dump() as applicable. A couple of specifics... Login.php Is $user object created in inc/config.php? If not, it doesn't exist. Agree with requinx that $_POST['memberID'] and $_POST['firstname'] shouldn't be in the form. If they should be, then they should also be used in the verifyaction query $user->login(), else they should be obtained from the DB. Where is members.php? LANDING PAGE. Why set session with variables that are not defined? html page Not sure what you are trying to do. Quote Link to comment Share on other sites More sharing options...
NomadicJosh Posted July 27, 2015 Share Posted July 27, 2015 (edited) I think you are not seeing the results you need because you are setting the sessions on the landing page instead of in the class. I think your login method should look similar to what's below: public function login($username,$password){ //must start a session session_start(); $hashed = $this->get_user_hash($username); if($this->password_verify($password,$hashed) == 1){ /** memberID and firstname variables must be pulled from the database on successful login in order for the sessions to be set. Similar to how you are querying the database for those data elements in your get_user_hash method. */ $_SESSION['loggedin'] = true; $_SESSION['memberID'] = $memberID['memberID']; $_SESSION['firstname'] = $firstname['firstname']; return true; } } The above code will still not give you the results you need, but the comment I've added about the database will help point you into the right direction. Edited July 27, 2015 by parkerj Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.