Get data from database based on session

Question

When you log in by my login form authentication.php will check if the data from the inputs excists in the database. When there is a match the user will be directed to a page for his role so lets say the user is a admin he will be directed to admin.php. When the user is successfully logged in i want to show a message like welcome firstname lastname. In my database i have a field called firstname and a field called lastname. I hope someone can help me with this since i cannot seem to figure it out :(

authentication.php

<?php
    session_start();
    // Making a connection with the database.
    $mysqli=new MySQLi("localhost", "root", "root", "portfolio"); 
    $role=""; 

    // Declaring the username and password input.
    $username=filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); 
    $password=filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); 

    // If role from members where username and password from inputs exicts in database bind parameters.
    // If given parameters not excists in database die
    if($query=$mysqli->prepare("SELECT `role` FROM members WHERE username=? AND password=?")) {
        $query->bind_param("ss", $username, $password);                                         
        $query->execute();                                                                
        $query->bind_result($role);
        $query->fetch();
    } else {                                                                                    
        echo "Errors in the Query. ".$mysqli->error;                                            
        die();
    }

    // If $role is filled make session for username to check if logged in and session role for redirect page.
    // If $role and $username is not filled invalid password, username combination.
    if($role!="") {                                                                           
        $_SESSION['ingelogt']=$username;                                                        
        $_SESSION['user_role']=$role;                                                 
        $location="$role.php";                                                                  
        header("location: $location");                                                          
    } else {                                                                                   
        echo "Invalid password, username combination";
        echo "<br/><a href='login.html'>Click to go back</a>";                                          
    }
?>

The page the admin will be directed to called admin.php

<?php
    session_start();
    // If session is not ingelogt lead back to index.php.
    if(!isset($_SESSION['ingelogt'])) {
        header("location: index.php"); 
    }

    // The role that has access to this page.
    $page_role="admin"; 
    $role=$_SESSION['user_role'];
    // If a user with a different role visits wrong page.
    if($role!=$page_role)
    {
        echo "You are not supposed to be here.";
        die();
    }

    // Start new DOMDocument and load html file.
    $dom = new DOMDocument();
    libxml_use_internal_errors(true);
    $dom->loadHTMLFile("admin.html");
    libxml_use_internal_errors(false);

    // If user is logged in add logg out icon in the menu.
    if($_SESSION['ingelogt']) {
        $oUl = $dom->getElementById('navUl');
            $oList = $dom->createElement('li');

                $oLink = $dom->createElement('a');
                $oLink->setAttribute('href','logout.php');

                    $oI = $dom->createElement('i');
                    $oI->setAttribute('class','icon-logout');

                    $oLink->appendChild($oI);

                $oList->appendChild($oLink);

            $oUl->appendChild($oList);
    }
    // Save DOMDocument with html document.
    echo $dom->saveHTML();
?>

Answer 1

If I'm misunderstanding you in any way, just give me a hint, and I will delete this answer. Although what I assume that you want to do is to print the greeting somewhere on the page, based off the user's first name and surname.

Basically, once you have declared a $_SESSION-element, you can access it at different pages (similar to $_COOKIE, but not identical). So the best solution for this is to initialize $_SESSION variables with the first- and last name you receive from the database, and then print those variables on the desired pages (same method as you've used with the role).

Firstly, you need to fetch the names in the database, which can be done by changing the if-statement in authentication.php to the following:

if($query=$mysqli->prepare("SELECT `role`, `firstname`, `lastname` FROM members WHERE username=? AND password=?")) //assuming that your columns are called `firstname` and `lastname`

To fetch these, you also need to change the row further down to:

$query->bind_result($role, $first, $last);

When using fetch on the next row, your variables will be put into their appropriate bound ones. So after that statement, you can do the following (preferably after the $_SESSION['user_role']=$role;):

$_SESSION["firstname"] = $first;
$_SESSION["lastname"] = $last;

After that point, you can echo the first- and last name wherever you want (it depends on where you want it to be put...). If you want it to appear at the top of admin.php, for instance, you can simply put this before $dom = new DOMDocument();:

echo "Hello " . $_SESSION["firstname"] . " " . $_SESSION["lastname"] . "!";

If you're confused where to put something, then try re-reading the given instructions. Most of my examples are simply things to replace (in which case, you just need to find the corresponding code), and if not that, I've tried to redirect you. Although realize that things like these are important to know without getting the code right in your hand, so I advice you to try to understand.