#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    22
    Rep Power
    0

    Use table ID from Session Variable?


    Ok. I have finally figured out how to store a session variable as the username of the user who has logged in. But my question is, is there a way to set the $_SESSION['username'] as a certain row on my users table? (such as the id_user) Basically, I am starting to join tables together and it would be much easier if the id_user was the variable I was using to join the tables rather than the username.

    I think something like this could possibly work, but it's not working and I'm not sure how to write it:


    PHP Code:
    <?PHP
    session_start
    ();
    $_SESSION['username']=$_POST['username'];
    if(isset(
    $_SESSION['username'])){
    $_SESSION['username']=$row['id_user'];
    }
    ?>
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    You can store almost anything you want in a session. Your code probably isn't working because you don't create a variable called $row.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    22
    Rep Power
    0
    I guess my question is, I'm trying to grab the "id_user" from the $row in a table in my database. I'm not trying to make "$row" a variable, I'm trying to say, when the username logs in, it matches the username with the id_user from the table and then from then on I can recall the "id_user" as the variable (basically a number rather than a username)... Make sense?


    Originally Posted by E-Oreo
    You can store almost anything you want in a session. Your code probably isn't working because you don't create a variable called $row.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    I don't really understand what you're trying to do, but the correct way of using sessions is to store the user ID (taken from the primary key of the users table), not the name or something else.

    The login steps are as follows:
    1. The user tries to login with his user name (or email address) and the password
    2. You check if this combination is correct and store the corresponding user ID in the session
    3. On every page that requires a login you check if the sessions contains the user ID; if that's the case, the user is logged in, and you can look up any of their data
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    22
    Rep Power
    0
    Definitely understand that. And that is what is happening. I can lookup whatever, but what I'm wanting to do is store another variable from the table that corresponds with the username. For instance:

    Login username=joe
    on the user table, there it has column id_user, username
    the id_user for joe is 42

    so then, I have the variable "joe" saved already. Instead of having "joe" saved, I want "42" to be saved, because 42 is the user_id of joe. How do I get "42" to be stored instead of "joe"?

    Originally Posted by Jacques1
    Hi,

    I don't really understand what you're trying to do, but the correct way of using sessions is to store the user ID (taken from the primary key of the users table), not the name or something else.

    The login steps are as follows:
    1. The user tries to login with his user name (or email address) and the password
    2. You check if this combination is correct and store the corresponding user ID in the session
    3. On every page that requires a login you check if the sessions contains the user ID; if that's the case, the user is logged in, and you can look up any of their data
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by derektoews
    Instead of having "joe" saved, I want "42" to be saved, because 42 is the user_id of joe. How do I get "42" to be stored instead of "joe"?
    By looking up the ID in the database, obviously. What's your actual question? Are you familiar with databases and SQL in general? Do you know how to query the database with PHP? Where exactly are you stuck?

    Generally, the code will look something like this:
    PHP Code:
    <?php

    try {
        
    $database = new PDO('mysql:host=127.0.0.1;dbname=YOUR_DB''YOUR_USER''YOUR_PASSWORD');
    } catch (
    PDOException $e) {
        
    // !! remove this before you put the code online!
        
    die( 'Connection failed: ' $e->getMessage() );        // REMOVE THIS
    }

    $user_query $database->prepare('
        SELECT
            user_id
            , password
        FROM
            users
        WHERE
            name = :name
    '
    );
    $user_query->execute( array('name' => $_POST['name']) );
    $user $user_query->fetch();
    if (
    $user /* && <CHECK PASSWORD HERE> */) {
        
    $_SESSION['user_id'] = $user['user_id'];
        echo 
    'successfully logged in';
    } else {
        die(
    'Invalid username and/or password');
    }
    Some notes:

    Do not use the old mysql_ functions (mysql_connect, mysql_query etc.), which are still being suggested by many bad tutorials. They're outdated and lack several important features.

    Do not use MD5 to hash the passwords. The MD5 algorithm can be "cracked" fairly easy by simply trying out different passwords. Modern CPUs or GPUs can do that in no time. Use PHPass instead.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2007
    Posts
    4
    Rep Power
    0
    I'm only debugging your original code to help you understand it:

    PHP Code:
    $_SESSION['username']=$_POST['username'];
    if(isset(
    $_SESSION['username'])){ 
    isset($_SESSION['username']) will always be TRUE because you are setting it just before the condition (see above).

    PHP Code:
    <?php
        
        session_start
    ();
        
        
    //see if the username has already been set
        
    if ( ! isset($_SESSION['username'])) {
            
    $_SESSION['username'] = "";
        }
        
        
    //see if not logged in
        
    if (empty($_SESSION['username'])) {
            
            
    //see if a new username has been posted to login with
            
    if (isset($_POST['username']) {
                
                
    //perform the DB lookup, the requested username is in $_POST['username'] 
                //and if successfully found, store in session like this: 
                //$_SESSION['username'] = $db_result->username;
                
                //a previous users post contains the code...
                
            
    }
            
        }
        
    ?>
    Regarding the sessions, you may want to take a look at coderprofile.com/coder/VBAssassin/source-codes/17/php-session-manager

    However, i have only added an APC session handler, still need to add a MySQL one using either PDO or mysqli. Unless you want to create one? Just extend the abstract class and you can plug it in...
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    22
    Rep Power
    0
    Maybe I'm not being clear, or something...

    From what I know about php sessions, I am only able to set a session variable based on content that has been put on a webpage. (I know you can set other session variables besides what's on a webpage but I don't know how) For instance, you can store a
    PHP Code:
    $_SESSION['username']=$_POST['username']; 
    or you could just say
    PHP Code:
    $_SESSION['username']='color' 
    in which case, you could echo the session variable "username" and it would output the "username" (first example) or "color" (second example). Got all that, that's easy. How I have my login.php setup, when you login, it only stores the username as a session variable after it has been authenticated. That's what should happen so that you don't have unauthorized usernames being stored in a session variable. Anywho, I know how to access my table too...

    PHP Code:
    ("SELECT id_user FROM users WHERE username ='".$_SESSION['username']."'"
    Easy. Ok, but how can I, if you will, match the "id_user" column and the user that has logged in and then store the "id_user" as a session variable instead of the username. I know how to match them because of the code above, it selects the "id_user" where the username matches.

    So, in non-php format

    1. I enter username "Joe"
    2. Once authenticated, "Joe" is stored as session variable
    3. I call to the table where "Joe" and user_id match
    4. I retrieve the user_id of "Joe"
    5. I then store the user_id of "Joe" as session variable

    I can do the first 4
  16. #9
  17. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Please read my reply above. It's the complete code for properly fetching and storing the user ID based on the login data (username and password).

    With "properly" I mean that the code won't turn your server into a playground for skript kiddies -- like many "tutorials" out there unfortunately do. There's a big difference between "It somehow works" and "It works, and it is secure".

IMN logo majestic logo threadwatch logo seochat tools logo