By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,678 Members | 1,146 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,678 IT Pros & Developers. It's quick & easy.

database values to $_SESSION array

P: 14
Hi Im trying to do something a little more complex with my login script at the moment it works fine, checks the username and password with the database if its wrong it echo's a error and if its right redirects the user to the main page with the session variable logged_in = true

but what i have done now is added more feileds into the user table name company email ect.

what i want to do is on successful login pull the users information and set those variables as session variables

heres what i got.....(but its not working could you look at it sometime please)
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3.         session_register ("userid");
  4.         session_register ("username");
  5.         session_register ("email");
  6.         session_register ("password");
  7.         session_register ("accesslevel");
  8.         session_register ("account");
  9.         session_register ("firstname");
  10.         session_register ("lastname");
  11.         session_register ("company");
  12.         session_register ("enabled");
  13.         session_register ("active");
  14.         session_register ("rep");
  15.         session_register ("fail");
  16. $errorMessage = '';
  17. if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
  18.     include 'include/database/config.php';
  19.     include 'include/database/opendb.php';
  20.     $userId   = $_POST['txtUserId'];
  21.     $password = $_POST['txtPassword'];
  22.     // check if the user id and password combination exist in database
  23.     $sql = "SELECT * 
  24.             FROM users
  25.             WHERE username = '$userId' AND password = '$password' ";
  26.     $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
  27.  
  28.     if (mysql_num_rows($result) == 1) {
  29.         // the user id and password match, 
  30.     $sql2 = "SELECT * 
  31.             FROM users
  32.             WHERE username = '$userId' AND password = '$password' ";
  33.         $result2 = mysql_query($sql2) or die('Query failed. ' . mysql_error());
  34.          while($_row = mysql_fetch_array($result2))
  35. {    
  36. $userid=$_row["id"];
  37. $username=$_row["username"];
  38. $email=$_row["email"];
  39. $password=$_row["password"];
  40. $accesslevel=$_row["accesslevel"];
  41. $account=$_row["account"];
  42. $firstname=$_row["firstname"];
  43. $lastname=$_row["lastname"];
  44. $company=$_row["company"];
  45. $enabled=$_row["enabled"];
  46. $active=$_row["active"];
  47. $rep=$_row["rep"];
  48. $fail=$_row["fail"];
  49.         $HTTP_SESSION_VARS ['userid'] = $userid;
  50.         $HTTP_SESSION_VARS ['username'] = $username;
  51.         $HTTP_SESSION_VARS ['email'] = $email;
  52.         $HTTP_SESSION_VARS ['password'] = $password;
  53.         $HTTP_SESSION_VARS ['accesslevel'] = $accesslevel;
  54.         $HTTP_SESSION_VARS ['account'] = $account;
  55.         $HTTP_SESSION_VARS ['firstname'] = $firstname;
  56.         $HTTP_SESSION_VARS ['lastname'] = $lastname;
  57.         $HTTP_SESSION_VARS ['company'] = $company;
  58.         $HTTP_SESSION_VARS ['enabled'] = $enabled;
  59.         $HTTP_SESSION_VARS ['active'] = $active;
  60.         $HTTP_SESSION_VARS ['rep'] = $rep;
  61.         $HTTP_SESSION_VARS ['fail'] = $fail;
  62.         }
  63. if ($fail >= 5)
  64. {
  65. session_destroy (); 
  66.         header('Location: user.php?|$fail|$active|$enabled| errorMessage2=Too%20Many%20Failed%20Atempts%20please%20call%20phonenumber%20to%20have%20your%20account%20varified%20and%20reset');
  67.         exit;
  68.         }
  69.         elseif ($active = 0)
  70.         {
  71.         session_destroy (); 
  72.  
  73.         header('Location: user.php?errorMessage2=|$fail|$active|$enabled|Your%20account%20is%20either%20new%20and%20has%20not%20been%20activated%20or%20has%20been%20locked%20by%20the%20accounts%20department%20please%20call%phonenumber%20to%20resolve%20this%20matter');
  74.         exit;
  75.         }
  76.         elseif ($enabled == 0)
  77.         {
  78.         session_destroy (); 
  79.  
  80.         header('Location: user.php?errorMessage2=|$fail|$active|$enabled|Your%20account%20is%20not%20enabled%20please%20call%20<br>phonenumber<br>%20to%20resolve%20this%20matter');
  81.         exit;
  82.         }
  83.         else
  84.         {
  85.         $_SESSION['db_is_logged_in'] = true;
  86.  
  87.  
  88.  
  89.         header('Location: index.php');
  90.         exit;
  91.     } 
  92. }
  93. else 
  94. {
  95.         $errorMessage = 'Sorry, wrong user id / password ';
  96.     }
  97.  
  98.     include 'include/database/closedb.php';
  99. }
  100. ?>
  101.  
there is also this for the form
Expand|Select|Wrap|Line Numbers
  1.  <form  name="frmLogin" id="frmLogin" style="padding-left:25px;padding-top:15px" action="" method="post">
  2.        <h2 style="padding-top: 5px">Login to your account.</h2>
  3.        <p align="center"><strong><font color="#990000">
  4.        <?php 
  5.        $errorMessage2 = $_GET['errorMessage2'];
  6.        if ($errorMessage2 =='')
  7.        {
  8.        echo $errorMessage;
  9.        }
  10.        else
  11.        {
  12.        echo " $errorMessage2 ";
  13.        }
  14.        ?>
  15.        </font></strong></p>
  16.          <br />
  17.          <span class="red_text" style="font-weight: bold">Username</span>         <br />
  18.          <input name="txtUserId" type="text" id="txtUserId" class="inputbg_big">
  19.          <p>
  20.         <br />
  21.         <span class="red_text" style="font-weight: bold">Password</span> (<a href="#" class="graytext">forgot your password?</a>)<br />
  22.         <input name="txtPassword" type="password" id="txtPassword" class="inputbg_big">
  23.         </p>
  24.       <p>
  25.         <input name="btnLogin" type="submit" id="btnLogin" value="Login" class="submitbg">
  26.       </p>
  27.       <p>&nbsp;</p>
  28.      </form>
the result i get is im moved to
http://domain.com/user.php?|$fail|$active|$enabled|%20errorMessage2= Too%20Many%20Failed%20Atempts%20please%20call%phon enumber%20to%20have%20your%20account%20varified%20 and%20reset

so the authertication is working in this example i purposfully used a user that had database value set to 5 as you see the variable is comming thought as the code not he value $fail|$active|$enabled| should have been 5|1|1|



Thnaks for any help
Apr 18 '08 #1
Share this Question
Share on Google+
7 Replies


ronverdonk
Expert 2.5K+
P: 4,258
To start: do not use $HTTP_SESSION_VARS (it is PHP < 4.1.0 stuff deprecated and will disappear soon) but use $_SESSION. So your statements will be like[php] $_SESSION['userid'] = $userid;[/php]

When you use this, session_register() is not necessary.

Ronald
Apr 18 '08 #2

P: 14
To start: do not use $HTTP_SESSION_VARS (it is PHP < 4.1.0 stuff deprecated and will disappear soon) but use $_SESSION. So your statements will be like[php] $_SESSION['userid'] = $userid;[/php]

When you use this, session_register() is not necessary.

Ronald

Thank you for the tip,however, i anm still getting the |$fail|$active|$enabled| come through rather than the values i set for each

it appears that when i
Expand|Select|Wrap|Line Numbers
  1. $_SESSION ['fail'] = $fail;
it sets the session variable to $fail rather than the value for $fail
Apr 18 '08 #3

P: 14
ok i was looking at the code and now i tried cangeing this



[PHP]$userid=$_row["id"];
$username=$_row["username"];
$email=$_row["email"];
$password=$_row["password"];
$accesslevel=$_row["accesslevel"];
$account=$_row["account"];
$firstname=$_row["firstname"];
$lastname=$_row["lastname"];
$company=$_row["company"];
$enabled=$_row["enabled"];
$active=$_row["active"];
$rep=$_row["rep"];
$fail=$_row["fail"];


$_SESSION['userid'] = $userid;
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['accesslevel'] = $accesslevel;
$_SESSION['account'] = $account;
$_SESSION['firstname'] = $firstname;
$_SESSION['lastname'] = $lastname;
$_SESSION['company'] = $company;
$_SESSION['enabled'] = $enabled;
$_SESSION['active'] = $active;
$_SESSION['rep'] = $rep;
$_SESSION['fail'] = $fail;[/PHP]


to this

[PHP] $_SESSION['userid']=$_row["id"];
$_SESSION['username']=$_row["username"];
$_SESSION['email']=$_row["email"];
$_SESSION['password']=$_row["password"];
$_SESSION['accesslevel']=$_row["accesslevel"];
$_SESSION['account']=$_row["account"];
$_SESSION['firstname']=$_row["firstname"];
$_SESSION['lastname']=$_row["lastname"];
$_SESSION['company']=$_row["company"];
$_SESSION['enabled']=$_row["enabled"];
$_SESSION['active']=$_row["active"];
$_SESSION['rep']=$_row["rep"];
$_SESSION['fail']=$_row["fail"];[/PHP]

but i am still getting $fail instead of 5 when i call the session variable
Apr 18 '08 #4

Atli
Expert 5K+
P: 5,058
Hi.

The reason you are seeing the variable names in your string is that you are using single quote-marks. They will show exactly what is written and not the contents of the variable.

Use double quote-marks instead.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $variable = "Hello";
  3. echo "Variable is: $variable"; // = Variable is: Hello
  4. echo 'Variable is: $variable'; // = Variable is: $variable
  5. ?>
  6.  
Also, you execute the same query twice in your code ($sql and $sql2). You really should remove the second one and just use the result of the first one. They are identical.
Apr 18 '08 #5

ronverdonk
Expert 2.5K+
P: 4,258
Have you thought about that the row could actually have the valye $fail in its column? To be sure dump the $_row after the fetch, like this[php]echo '<pre>'; print_r($_row);[/php] and see what is actually retrieved from the database.

Ronald
Apr 18 '08 #6

P: 14
thank for the responces it was the singel quote problem.

i am so new to using database and sessions i was sure it was a problem there and not a basic php problem.

i feel quite silly now

and ty for the dump solution that will defentily come in handy
Apr 19 '08 #7

ronverdonk
Expert 2.5K+
P: 4,258
Don't feel silly. I also did not notice, just overlooked it and that happens to anyone. Glad it worked out for you. See you around some day.

Ronald
Apr 19 '08 #8

Post your reply

Sign in to post your reply or Sign up for a free account.