Jump to content

session data help


vherb

Recommended Posts

Hello. So I decided to build a employee dashboard area for the company I work at. i followed some tutorials on setting up a log in system, it works perfectly. I ended up adding a few more fields in the registration for the user profile. The inputs get sent to the database. I can recall the username through the session. i would like to be able to display first name last name and phone number that are current stored in the database. I have spent waaay too long trying to figure this out on my own and its driving me insane to the point i am willing to ask for help here. Any help would be appriciated!

registration.php

<!DOCTYPE html>
<html>
<head>
  <title>KTS</title>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">

   <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.4.3/css/mdb.min.css">
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css">
  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<link rel="stylesheet" type="text/css" href="css/style.css">
	
    

</head>
<body>

<nav class="navbar fixed-top navbar-expand-sm " style="background-color: #f1f1f1">
<button class="navbar-toggler custom-toggler" type="button" data-toggle="collapse" data-target="#nav-content" aria-controls="nav-content" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>





<div class="g-ytsubscribe" data-channelid="UCds5d45OsiuCkxSKjBy9UMQ" data-layout="full" data-theme="light" data-count="hidden"></div>

<!-- Links -->
<div class="collapse navbar-collapse" id="nav-content"> 

<ul class="navbar-nav">


<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris/producers.html">To Do</a>
</li>
<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris">Maintenance Logs</a>

</li>
<li class="nav-item">

<a class="nav-link navlinkfont active" href="http://lnmco.atspace.cc/lnm/Khris/soundcloud.html"></a>

</li>
</ul>
</div>
 

</nav>
<br>
<br>
<br>
<br>
    <div class="card" style="background-color: grey">

<?php
    require('db.php');
       
    // When form submitted, insert values into the database.
    if (isset($_REQUEST['username'])) {
        // removes backslashes
        $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
        $username = mysqli_real_escape_string($con, $username);
        $email    = stripslashes($_REQUEST['email']);
        $email    = mysqli_real_escape_string($con, $email);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con, $password);
        $create_datetime = date("Y-m-d H:i:s");
             $firstName = stripslashes($_REQUEST['firstName']);
        //escapes special characters in a string
        $firstName = mysqli_real_escape_string($con, $firstName);
        $lastName    = stripslashes($_REQUEST['lastName']);
        $lastName    = mysqli_real_escape_string($con, $lastName);
        $phone = stripslashes($_REQUEST['phone']);
        $phone = mysqli_real_escape_string($con, $phone);
       
      
            
            
        $query    = "INSERT into `users` (username, password, email, create_datetime, firstName, lastName, phone)
                     VALUES ('$username', '" . md5($password) . "', '$email', '$create_datetime', '$firstName', '$lastName', '$phone')";
        $result   = mysqli_query($con, $query);
        if ($result) {
            echo "<div class='form'>
                  <h3>You are registered successfully.</h3><br/>
                  <p class='link'>Click here to <a href='login.php'>Login</a></p>
                  </div>";
        } else {
            echo "<div class='form'>
                  <h3>Required fields are missing.</h3><br/>
                  <p class='link'>Click here to <a href='registration.php'>registration</a> again.</p>
                  </div>";
        }
    } else {
?>
    <form class="form" action="" method="post">
        <h1 class="login-title">Registration</h1>
        <input type="text" class="login-input" name="username" placeholder="Username" required />
        <input type="text" class="login-input" name="email" placeholder="Email Adress">
        <input type="password" class="login-input" name="password" placeholder="Password">
        <input type="text" class="login-input" name="firstName" placeholder="First Name" required />
        <input type="text" class="login-input" name="lastName" placeholder="Last Name">
        <input type="text" class="login-input" name="phone" placeholder="Phone Number" required />
       
        <input type="submit" name="submit" value="Register" class="login-button">
        <p class="link">Already have an account? <a href="login.php">Login here</a></p>
    </form>
<?php
    }
?>

</div>
 <script type="text/javascript" src="js/script.js"></script>

</body>
</html>

login.php

<?php
session_start();
?>

<!DOCTYPE html>
<html>
<head>
  <title>KTS</title>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.4.3/css/mdb.min.css">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css">
    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
    <link rel="stylesheet" type="text/css" href="css/youtube.css">
</head>

        
<body>

<nav class="navbar fixed-top navbar-expand-sm " style="background-color: #f1f1f1">
<button class="navbar-toggler custom-toggler" type="button" data-toggle="collapse" data-target="#nav-content" aria-controls="nav-content" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>





<div class="g-ytsubscribe" data-channelid="UCds5d45OsiuCkxSKjBy9UMQ" data-layout="full" data-theme="light" data-count="hidden"></div>

<!-- Links -->
<div class="collapse navbar-collapse" id="nav-content"> 

<ul class="navbar-nav">


<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris/producers.html">To Do</a>
</li>
<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris">Maintenance Logs</a>

</li>
<li class="nav-item">

<a class="nav-link navlinkfont active" href="http://lnmco.atspace.cc/lnm/Khris/soundcloud.html"></a>

</li>
</ul>
</div>
 

</nav>
<br>
<br>
<br>
<br>
<div class="card" style="background-color: grey">
<?php
    require('db.php');
   
    // When form submitted, check and create user session.
    if (isset($_POST['username'])) {
        $username = stripslashes($_REQUEST['username']);    // removes backslashes
        $username = mysqli_real_escape_string($con, $username);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con, $password);
           $firstName = stripslashes($_REQUEST['firstName']);
        //escapes special characters in a string
        $firstName = mysqli_real_escape_string($con, $firstName);
        $lastName    = stripslashes($_REQUEST['lastName']);
        $lastName    = mysqli_real_escape_string($con, $lastName);
        $phone = stripslashes($_REQUEST['phone']);
        $phone = mysqli_real_escape_string($con, $phone);   
            
            
        $query    = "SELECT * FROM `users` WHERE username='$username'
                     AND password='" . md5($password) . "'";
        $result = mysqli_query($con, $query) or die(mysql_error());
        $rows = mysqli_num_rows($result);
        if ($rows >= 1) {
            $_SESSION['username'] = $username;
             
              
            // Redirect to user dashboard page
                     echo "<script>window.location.href='/dashboard.php'</script>";
        } else {
            echo "<div class='form'>
                  <h3>Incorrect Username/password.</h3><br/>
                  <p class='link'>Click here to <a href='login.php'>Login</a> again.</p>
                  </div>";
        }
    } else {
?>
    <form class="form" method="post" name="login">
        <h1 class="login-title">Login</h1>
        <input type="text" class="login-input" name="username" placeholder="Username" autofocus="true"/>
        <input type="password" class="login-input" name="password" placeholder="Password"/>
        <input type="submit" value="Login" name="submit" class="login-button"/>
        <p class="link">Don't have an account? <a href="registration.php">Registration Now</a></p>
  </form>
<?php
    }
?>  
            
            
</div>

<script type="text/javascript" src="js/script.js"></script>

</body>
</html>

auth_session.php

<?php
    session_start();
    if(!isset($_SESSION['username'])) {  
            $_SESSION['firstName'] = $firstName;
        header("Location: login/login.php");
        exit();
    }
?>

dashboard.php

<?php
//include auth_session.php file on all user panel pages
include("login/auth_session.php");
?>


<!DOCTYPE html>
<html>
<head>
  <title>KTS</title>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
   <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
 
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css">
  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>

	
    

</head>
<body>

<div class="p-5 bg-primary text-center">
  <h1>User Dashboard</h1>
  
</div>

<nav class="navbar navbar-expand-sm bg-dark">
  <div class="container-fluid">
  
  
      <ul class="navbar-nav me-auto mb-2 mb-lg-0">
        <li class="nav-item">
          <a class="nav-link active text-white active" aria-current="page" href="dashboard.php">Home</a>
        </li>
              <li class="nav-item">
          <a class="nav-link text-secondary" aria-current="page" href="profile.php">Profile</a>
        </li>
        <li class="nav-item">
          <a class="nav-link text-secondary" href="tasks.php">Tasks</a>
        </li>
        
        <li class="nav-item">
          <a class="nav-link link-light text-secondary" href="#">Maintenance Logs</a>
        </li>
              
                <li class="nav-item">
          <a class="nav-link link-light text-secondary" href="login/logout.php">Logout</a>
        </li>
              
      </ul>
            
       <p class="text-end text-white">
               <?php
    date_default_timezone_set('US/Central'); //added line
    $b = time();

    $hour = date("g", $b);
    $m    = date("A", $b);

    if ($m == "AM") {
      if ($hour == 12) {
        echo "Good Evening,";
      } elseif ($hour < 4) {
        echo "Good Evening,";
      } elseif ($hour > 3) {
        echo "Good Morning,";
      }
    }

        elseif ($m == "PM") {
      if ($hour == 12) {
        echo "Good Afternoon,";
      } elseif ($hour < 6) {
        echo "Good Afternoon,";
      } elseif ($hour > 5) {
        echo "Good Evening,";
      }
    }

    ?> 
                <?php echo $_SESSION['username']; 
               ?>
          </p>
    </div>

</nav>
     
        
       

<div class="container mt-5">
  <div class="row">
    <div class="col-sm-4">
            
      
       
        <p>Hey, <?php echo $_SESSION['username']; ?>!</p>
        <p>You have <span class="badge bg-danger">5</span> new tasks</p>
       

      
    </div>
   
  </div>
</div>

<div class="mt-5 p-4 bg-dark text-white text-center">
  <p>some stuff here later</p>
</div>
 <script type="text/javascript" src="js/script.js"></script>

</body>
</html>

 

Edited by vherb
Link to comment
Share on other sites

I'd also point out that you aren't using prepared statements. I'd recommend learning PDO over mysqli. Additionally, you seem to rely heavily on sessions when ideally, only the user's ID should be stored in them and maybe a token.

Edited by Strider64
Link to comment
Share on other sites

In your login page, you need to extract the data from the data record you've retrieved and store it into the session, as you do for the username. 

$query = 'SELECT username, phone FROM users WHERE username=? AND password=?';
// bind parameters 
$result = mysqli_query($con, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if ($rows >= 1) {
    $_SESSION['username'] = $username;
    $_SESSION['phone'] = $result[ 'phone' ];
    . . . 

Learn to use parameterised queries (which is much easier with PDO) to protect against SQL Injection attacks. 
Obligatory XKCD reference: Little Bobby Tables

Never use "select *" in Production code. 
If somebody [else] adds some multi-Giga-byte columns holding the User's life story in video form, your super-quick login page suddenly slows to a crawl, having to read those massive fields that you've absolutely no interest in. 

Kudos for storing hashed passwords. 

Regards, 
   Phill W. 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.