The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Use table ID from Session Variable?
Discuss Use table ID from Session Variable? in the PHP Development forum on Dev Shed.
Use table ID from Session Variable? PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
January 6th, 2013, 10:40 AM
|
|
Registered User
|
|
Join Date: Dec 2012
Posts: 22
Time spent in forums: 3 h 52 m 53 sec
Reputation Power: 0
|
|
|
Use table ID from Session Variable?
Ok. I have finally figured out how to store a session variable as the username of the user who has logged in. But my question is, is there a way to set the $_SESSION['username'] as a certain row on my users table? (such as the id_user) Basically, I am starting to join tables together and it would be much easier if the id_user was the variable I was using to join the tables rather than the username.
I think something like this could possibly work, but it's not working and I'm not sure how to write it:
PHP Code:
<?PHP
session_start();
$_SESSION['username']=$_POST['username'];
if(isset($_SESSION['username'])){
$_SESSION['username']=$row['id_user'];
}
?>
|
January 6th, 2013, 11:24 AM
|
 |
Lost in code
|
|
|
|
|
You can store almost anything you want in a session. Your code probably isn't working because you don't create a variable called $row.
|
January 6th, 2013, 12:07 PM
|
|
Registered User
|
|
Join Date: Dec 2012
Posts: 22
Time spent in forums: 3 h 52 m 53 sec
Reputation Power: 0
|
|
I guess my question is, I'm trying to grab the "id_user" from the $row in a table in my database. I'm not trying to make "$row" a variable, I'm trying to say, when the username logs in, it matches the username with the id_user from the table and then from then on I can recall the "id_user" as the variable (basically a number rather than a username)... Make sense?
Quote: | Originally Posted by E-Oreo You can store almost anything you want in a session. Your code probably isn't working because you don't create a variable called $row. |
|
January 6th, 2013, 12:44 PM
|
 |
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Hi,
I don't really understand what you're trying to do, but the correct way of using sessions is to store the user ID (taken from the primary key of the users table), not the name or something else.
The login steps are as follows: - The user tries to login with his user name (or email address) and the password
- You check if this combination is correct and store the corresponding user ID in the session
- On every page that requires a login you check if the sessions contains the user ID; if that's the case, the user is logged in, and you can look up any of their data
|
January 6th, 2013, 02:14 PM
|
|
Registered User
|
|
Join Date: Dec 2012
Posts: 22
Time spent in forums: 3 h 52 m 53 sec
Reputation Power: 0
|
|
Definitely understand that. And that is what is happening. I can lookup whatever, but what I'm wanting to do is store another variable from the table that corresponds with the username. For instance:
Login username=joe
on the user table, there it has column id_user, username
the id_user for joe is 42
so then, I have the variable "joe" saved already. Instead of having "joe" saved, I want "42" to be saved, because 42 is the user_id of joe. How do I get "42" to be stored instead of "joe"?
Quote: | Originally Posted by Jacques1 Hi,
I don't really understand what you're trying to do, but the correct way of using sessions is to store the user ID (taken from the primary key of the users table), not the name or something else.
The login steps are as follows: - The user tries to login with his user name (or email address) and the password
- You check if this combination is correct and store the corresponding user ID in the session
- On every page that requires a login you check if the sessions contains the user ID; if that's the case, the user is logged in, and you can look up any of their data
|
|
January 6th, 2013, 05:00 PM
|
|
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Quote: | Originally Posted by derektoews Instead of having "joe" saved, I want "42" to be saved, because 42 is the user_id of joe. How do I get "42" to be stored instead of "joe"? |
By looking up the ID in the database, obviously. What's your actual question? Are you familiar with databases and SQL in general? Do you know how to query the database with PHP? Where exactly are you stuck?
Generally, the code will look something like this:
PHP Code:
<?php
try {
$database = new PDO('mysql:host=127.0.0.1;dbname=YOUR_DB', 'YOUR_USER', 'YOUR_PASSWORD');
} catch (PDOException $e) {
// !! remove this before you put the code online!
die( 'Connection failed: ' . $e->getMessage() ); // REMOVE THIS
}
$user_query = $database->prepare('
SELECT
user_id
, password
FROM
users
WHERE
name = :name
');
$user_query->execute( array('name' => $_POST['name']) );
$user = $user_query->fetch();
if ($user /* && <CHECK PASSWORD HERE> */) {
$_SESSION['user_id'] = $user['user_id'];
echo 'successfully logged in';
} else {
die('Invalid username and/or password');
}
Some notes:
Do not use the old mysql_ functions (mysql_connect, mysql_query etc.), which are still being suggested by many bad tutorials. They're outdated and lack several important features.
Do not use MD5 to hash the passwords. The MD5 algorithm can be "cracked" fairly easy by simply trying out different passwords. Modern CPUs or GPUs can do that in no time. Use PHPass instead.
|
January 6th, 2013, 05:26 PM
|
|
Registered User
|
|
Join Date: Jul 2007
Posts: 4
Time spent in forums: 1 h 7 m 15 sec
Reputation Power: 0
|
|
I'm only debugging your original code to help you understand it:
PHP Code:
$_SESSION['username']=$_POST['username'];
if(isset($_SESSION['username'])){
isset($_SESSION['username']) will always be TRUE because you are setting it just before the condition (see above).
PHP Code:
<?php
session_start();
//see if the username has already been set
if ( ! isset($_SESSION['username'])) {
$_SESSION['username'] = "";
}
//see if not logged in
if (empty($_SESSION['username'])) {
//see if a new username has been posted to login with
if (isset($_POST['username']) {
//perform the DB lookup, the requested username is in $_POST['username']
//and if successfully found, store in session like this:
//$_SESSION['username'] = $db_result->username;
//a previous users post contains the code...
}
}
?>
Regarding the sessions, you may want to take a look at coderprofile.com/coder/VBAssassin/source-codes/17/php-session-manager
However, i have only added an APC session handler, still need to add a MySQL one using either PDO or mysqli. Unless you want to create one? Just extend the abstract class and you can plug it in...
|
January 6th, 2013, 05:55 PM
|
|
Registered User
|
|
Join Date: Dec 2012
Posts: 22
Time spent in forums: 3 h 52 m 53 sec
Reputation Power: 0
|
|
Maybe I'm not being clear, or something...
From what I know about php sessions, I am only able to set a session variable based on content that has been put on a webpage. (I know you can set other session variables besides what's on a webpage but I don't know how) For instance, you can store a
PHP Code:
$_SESSION['username']=$_POST['username'];
or you could just say
PHP Code:
$_SESSION['username']='color'
in which case, you could echo the session variable "username" and it would output the "username" (first example) or "color" (second example). Got all that, that's easy. How I have my login.php setup, when you login, it only stores the username as a session variable after it has been authenticated. That's what should happen so that you don't have unauthorized usernames being stored in a session variable. Anywho, I know how to access my table too...
PHP Code:
("SELECT id_user FROM users WHERE username ='".$_SESSION['username']."'")
Easy. Ok, but how can I, if you will, match the "id_user" column and the user that has logged in and then store the "id_user" as a session variable instead of the username. I know how to match them because of the code above, it selects the "id_user" where the username matches.
So, in non-php format
1. I enter username "Joe"
2. Once authenticated, "Joe" is stored as session variable
3. I call to the table where "Joe" and user_id match
4. I retrieve the user_id of "Joe"
5. I then store the user_id of "Joe" as session variable
I can do the first 4
|
January 6th, 2013, 11:49 PM
|
|
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Please read my reply above. It's the complete code for properly fetching and storing the user ID based on the login data (username and password).
With "properly" I mean that the code won't turn your server into a playground for skript kiddies -- like many "tutorials" out there unfortunately do. There's a big difference between "It somehow works" and "It works, and it is secure".
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
