PHP - Accessing my user class from the whole app

Question

I am currently writing a login script because I am trying to learn PDO using OOP. I have a index.php page which only contain a login form. Then I have a User class, it looks like this:

<?php
include_once('database.php');
session_start();
class User{
public $id;
public $username;
public $password;
public $firstname;
public $lastname;

public function Login($username, $password) {
    $db = new Database;
    $db = $db->dbConnect();

    $query = "SELECT * FROM users WHERE username = ? AND password = ?";

    $statement = $db->prepare($query);
    $statement->bindParam(1, $username);
    $statement->bindParam(2, $password);
    $statement->execute();

    $rows = $statement->rowCount();
    $data = $statement->fetchAll();

    if( $rows == 1 ) {
        $this->id = $data[0]['id'];
        $this->username = $data[0]['username'];
        $this->password = $data[0]['password'];
        $this->firstname = $data[0]['firstname'];
        $this->lastname = $data[0]['lastname'];

        $_SESSION['SESSID'] = uniqid('', true);
        header("location: dashboard.php");
    }
}
}
?>

When the user is signed-in he/she goes to dashboard.php. I want to access the current User class from there, so I can use echo $user->username from there. But in dashboard.php, I have to declare the User class as new, so it doesn't keep all the variables.

Do you have any ideas on how i can access the User class variables in Dashboard.php which was declared in the Login-function?

Sorry for the bad explanation, but I hope you understand. Thank you in advance!

Answer 1

You have 2 options:

a) You store all the login info in a session. b) You only store the user ID and some sort of identifier that the user has / is logged in, and create another method that will load the information from the database each time you load the page (bad idea really)

For example, you could add the following methods to your class in order to implement the above mentioned functionality and some more:

function createUserSession(array $userData) {
   // Create / save session data 
}

function readActiveUserSession() {
   // Read current user information
}

function destroyActiveUserSession() {
   // Call to destroy user session and sign out
}

Of course, you will have to add the appropriate code to the methods.

Answer 2

First off put your user class definition in another file and load it in like you do your database.php. In there you want only your class definition none of the session start business... <?php class User {....} ?> (the closing ?> is optionial).

so what you have now on your pages that need access to the user object is

<?php
include_once('database.php');
include_once('user.php');
session_start();

Then after a user has successfully logged you tuck the user in the session.

$_SESSION["user"] = $user;

Then when you want to get at it just say

$user = $_SESSION["user"];
echo $user->username;

Answer 3

What you could do is, put your user object into the session:

$obj = new Object();    
$_SESSION['obj'] = serialize($obj);    
$obj = unserialize($_SESSION['obj']);

or you could create a singleton, check out this link: Creating the Singleton design pattern in PHP5