session data help

vherb · November 1, 2023

Hello. So I decided to build a employee dashboard area for the company I work at. i followed some tutorials on setting up a log in system, it works perfectly. I ended up adding a few more fields in the registration for the user profile. The inputs get sent to the database. I can recall the username through the session. i would like to be able to display first name last name and phone number that are current stored in the database. I have spent waaay too long trying to figure this out on my own and its driving me insane to the point i am willing to ask for help here. Any help would be appriciated!

registration.php

<!DOCTYPE html>
<html>
<head>
  <title>KTS</title>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">

   <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.4.3/css/mdb.min.css">
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css">
  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<link rel="stylesheet" type="text/css" href="css/style.css">
	
    

</head>
<body>

<nav class="navbar fixed-top navbar-expand-sm " style="background-color: #f1f1f1">
<button class="navbar-toggler custom-toggler" type="button" data-toggle="collapse" data-target="#nav-content" aria-controls="nav-content" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>





<div class="g-ytsubscribe" data-channelid="UCds5d45OsiuCkxSKjBy9UMQ" data-layout="full" data-theme="light" data-count="hidden"></div>

<!-- Links -->
<div class="collapse navbar-collapse" id="nav-content"> 

<ul class="navbar-nav">


<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris/producers.html">To Do</a>
</li>
<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris">Maintenance Logs</a>

</li>
<li class="nav-item">

<a class="nav-link navlinkfont active" href="http://lnmco.atspace.cc/lnm/Khris/soundcloud.html"></a>

</li>
</ul>
</div>
 

</nav>
<br>
<br>
<br>
<br>
    <div class="card" style="background-color: grey">

<?php
    require('db.php');
       
    // When form submitted, insert values into the database.
    if (isset($_REQUEST['username'])) {
        // removes backslashes
        $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
        $username = mysqli_real_escape_string($con, $username);
        $email    = stripslashes($_REQUEST['email']);
        $email    = mysqli_real_escape_string($con, $email);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con, $password);
        $create_datetime = date("Y-m-d H:i:s");
             $firstName = stripslashes($_REQUEST['firstName']);
        //escapes special characters in a string
        $firstName = mysqli_real_escape_string($con, $firstName);
        $lastName    = stripslashes($_REQUEST['lastName']);
        $lastName    = mysqli_real_escape_string($con, $lastName);
        $phone = stripslashes($_REQUEST['phone']);
        $phone = mysqli_real_escape_string($con, $phone);
       
      
            
            
        $query    = "INSERT into `users` (username, password, email, create_datetime, firstName, lastName, phone)
                     VALUES ('$username', '" . md5($password) . "', '$email', '$create_datetime', '$firstName', '$lastName', '$phone')";
        $result   = mysqli_query($con, $query);
        if ($result) {
            echo "<div class='form'>
                  <h3>You are registered successfully.</h3><br/>
                  <p class='link'>Click here to <a href='login.php'>Login</a></p>
                  </div>";
        } else {
            echo "<div class='form'>
                  <h3>Required fields are missing.</h3><br/>
                  <p class='link'>Click here to <a href='registration.php'>registration</a> again.</p>
                  </div>";
        }
    } else {
?>
    <form class="form" action="" method="post">
        <h1 class="login-title">Registration</h1>
        <input type="text" class="login-input" name="username" placeholder="Username" required />
        <input type="text" class="login-input" name="email" placeholder="Email Adress">
        <input type="password" class="login-input" name="password" placeholder="Password">
        <input type="text" class="login-input" name="firstName" placeholder="First Name" required />
        <input type="text" class="login-input" name="lastName" placeholder="Last Name">
        <input type="text" class="login-input" name="phone" placeholder="Phone Number" required />
       
        <input type="submit" name="submit" value="Register" class="login-button">
        <p class="link">Already have an account? <a href="login.php">Login here</a></p>
    </form>
<?php
    }
?>

</div>
 <script type="text/javascript" src="js/script.js"></script>

</body>
</html>

login.php

<?php
session_start();
?>

<!DOCTYPE html>
<html>
<head>
  <title>KTS</title>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.4.3/css/mdb.min.css">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css">
    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
    <link rel="stylesheet" type="text/css" href="css/youtube.css">
</head>

        
<body>

<nav class="navbar fixed-top navbar-expand-sm " style="background-color: #f1f1f1">
<button class="navbar-toggler custom-toggler" type="button" data-toggle="collapse" data-target="#nav-content" aria-controls="nav-content" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>





<div class="g-ytsubscribe" data-channelid="UCds5d45OsiuCkxSKjBy9UMQ" data-layout="full" data-theme="light" data-count="hidden"></div>

<!-- Links -->
<div class="collapse navbar-collapse" id="nav-content"> 

<ul class="navbar-nav">


<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris/producers.html">To Do</a>
</li>
<li class="nav-item">

<a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris">Maintenance Logs</a>

</li>
<li class="nav-item">

<a class="nav-link navlinkfont active" href="http://lnmco.atspace.cc/lnm/Khris/soundcloud.html"></a>

</li>
</ul>
</div>
 

</nav>
<br>
<br>
<br>
<br>
<div class="card" style="background-color: grey">
<?php
    require('db.php');
   
    // When form submitted, check and create user session.
    if (isset($_POST['username'])) {
        $username = stripslashes($_REQUEST['username']);    // removes backslashes
        $username = mysqli_real_escape_string($con, $username);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con, $password);
           $firstName = stripslashes($_REQUEST['firstName']);
        //escapes special characters in a string
        $firstName = mysqli_real_escape_string($con, $firstName);
        $lastName    = stripslashes($_REQUEST['lastName']);
        $lastName    = mysqli_real_escape_string($con, $lastName);
        $phone = stripslashes($_REQUEST['phone']);
        $phone = mysqli_real_escape_string($con, $phone);   
            
            
        $query    = "SELECT * FROM `users` WHERE username='$username'
                     AND password='" . md5($password) . "'";
        $result = mysqli_query($con, $query) or die(mysql_error());
        $rows = mysqli_num_rows($result);
        if ($rows >= 1) {
            $_SESSION['username'] = $username;
             
              
            // Redirect to user dashboard page
                     echo "<script>window.location.href='/dashboard.php'</script>";
        } else {
            echo "<div class='form'>
                  <h3>Incorrect Username/password.</h3><br/>
                  <p class='link'>Click here to <a href='login.php'>Login</a> again.</p>
                  </div>";
        }
    } else {
?>
    <form class="form" method="post" name="login">
        <h1 class="login-title">Login</h1>
        <input type="text" class="login-input" name="username" placeholder="Username" autofocus="true"/>
        <input type="password" class="login-input" name="password" placeholder="Password"/>
        <input type="submit" value="Login" name="submit" class="login-button"/>
        <p class="link">Don't have an account? <a href="registration.php">Registration Now</a></p>
  </form>
<?php
    }
?>  
            
            
</div>

<script type="text/javascript" src="js/script.js"></script>

</body>
</html>

auth_session.php

<?php
    session_start();
    if(!isset($_SESSION['username'])) {  
            $_SESSION['firstName'] = $firstName;
        header("Location: login/login.php");
        exit();
    }
?>

dashboard.php

<?php
//include auth_session.php file on all user panel pages
include("login/auth_session.php");
?>


<!DOCTYPE html>
<html>
<head>
  <title>KTS</title>
  <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
   <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
 
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css">
  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>

	
    

</head>
<body>

<div class="p-5 bg-primary text-center">
  <h1>User Dashboard</h1>
  
</div>

<nav class="navbar navbar-expand-sm bg-dark">
  <div class="container-fluid">
  
  
      <ul class="navbar-nav me-auto mb-2 mb-lg-0">
        <li class="nav-item">
          <a class="nav-link active text-white active" aria-current="page" href="dashboard.php">Home</a>
        </li>
              <li class="nav-item">
          <a class="nav-link text-secondary" aria-current="page" href="profile.php">Profile</a>
        </li>
        <li class="nav-item">
          <a class="nav-link text-secondary" href="tasks.php">Tasks</a>
        </li>
        
        <li class="nav-item">
          <a class="nav-link link-light text-secondary" href="#">Maintenance Logs</a>
        </li>
              
                <li class="nav-item">
          <a class="nav-link link-light text-secondary" href="login/logout.php">Logout</a>
        </li>
              
      </ul>
            
       <p class="text-end text-white">
               <?php
    date_default_timezone_set('US/Central'); //added line
    $b = time();

    $hour = date("g", $b);
    $m    = date("A", $b);

    if ($m == "AM") {
      if ($hour == 12) {
        echo "Good Evening,";
      } elseif ($hour < 4) {
        echo "Good Evening,";
      } elseif ($hour > 3) {
        echo "Good Morning,";
      }
    }

        elseif ($m == "PM") {
      if ($hour == 12) {
        echo "Good Afternoon,";
      } elseif ($hour < 6) {
        echo "Good Afternoon,";
      } elseif ($hour > 5) {
        echo "Good Evening,";
      }
    }

    ?> 
                <?php echo $_SESSION['username']; 
               ?>
          </p>
    </div>

</nav>
     
        
       

<div class="container mt-5">
  <div class="row">
    <div class="col-sm-4">
            
      
       
        <p>Hey, <?php echo $_SESSION['username']; ?>!</p>
        <p>You have <span class="badge bg-danger">5</span> new tasks</p>
       

      
    </div>
   
  </div>
</div>

<div class="mt-5 p-4 bg-dark text-white text-center">
  <p>some stuff here later</p>
</div>
 <script type="text/javascript" src="js/script.js"></script>

</body>
</html>

Edited November 1, 2023 by vherb

ginerjm · November 1, 2023

Help with what? You didn't specify what part of this (too much) code is giving you difficulty

Strider64 · November 1, 2023

I'd also point out that you aren't using prepared statements. I'd recommend learning PDO over mysqli. Additionally, you seem to rely heavily on sessions when ideally, only the user's ID should be stored in them and maybe a token.

Edited November 1, 2023 by Strider64

Phi11W · November 1, 2023

In your login page, you need to extract the data from the data record you've retrieved and store it into the session, as you do for the username.

$query = 'SELECT username, phone FROM users WHERE username=? AND password=?';
// bind parameters 
$result = mysqli_query($con, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if ($rows >= 1) {
    $_SESSION['username'] = $username;
    $_SESSION['phone'] = $result[ 'phone' ];
    . . .

Learn to use parameterised queries (which is much easier with PDO) to protect against SQL Injection attacks.
Obligatory XKCD reference: Little Bobby Tables

Never use "select *" in Production code.
If somebody [else] adds some multi-Giga-byte columns holding the User's life story in video form, your super-quick login page suddenly slows to a crawl, having to read those massive fields that you've absolutely no interest in.

Kudos for storing hashed passwords.

Regards,
Phill W.

Sign In

session data help

Recommended Posts

vherb

Link to comment

Share on other sites

ginerjm

Link to comment

Share on other sites

Strider64

Link to comment

Share on other sites

Phi11W

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information