Table for specific user

Question

This is a concept question. Right now I have a registration/login and a profile page system built using php and mysql, but I have one question.

I want a user to be able to make their own specific todos. So when they login they can see their todo and create their todo for them selves. Only their login can access their todo. But I don't understand how to do that in php/mysql.

Here is my login page:

<?php
session_start();
require_once('PhpConsole.phar');
require_once('connection.php');
ob_start();
require('index.php');
$data = ob_get_clean();
ob_end_clean();
?>
<!DOCTYPE html>
<html lang="en-US">
<head>
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
  <link rel="stylesheet" href="https://rawgit.com/marcoceppi/bootstrap-glyphicons/master/css/bootstrap.icon-large.css">
  <link rel="stylesheet" href="main.css">
  <link rel="stylesheet" href="lib/sweetalert.css">
  <script src="lib/sweetalert-dev.js"></script>
</head>

<body>

    <div id="page">

    <form method = "post" role = "form" id = "form">
      <h1 style = "position:relative; left:60px; font-family: Impact;">Login </h1>
      <div class="col-xs-2">
          <div class="inner-addon left-addon">
            <i class="glyphicon glyphicon-envelope"></i>
            <input type="text" class="form-control" id = "email" name = "loginemail" placeholder="Email"  />
          </div>
        </div>
        <br>
          <div class="col-xs-2">
          <div class="inner-addon left-addon">
            <img src = "http://i.imgur.com/GqkLI3z.png" id = "imgLock"/>
            <input type="text" class="form-control" name = "loginpassword" placeholder="Password" id = "password" />

          </div>
        </div>

        <br>
        <br>
        <div id = "buttons">
        <div class="col-xs-2">
        <div class="inner-addon left-addon">
          <i class="glyphicon glyphicon-ok-sign" ></i>
          <input type = "submit" class="btn btn-info" name = "loginsubmit" id = "submit"/>
        </div>
        <div>
        </div>

    </form>
    </div>
<?php
  if(isset($_POST["loginsubmit"])){

  $loginEmail = $_POST["loginemail"];
  $loginPassword = $_POST["loginpassword"];
  if ($query = mysqli_query($connection, "SELECT * FROM `authe` WHERE Email = '".$loginEmail."' AND Password = '".$loginPassword."' ")) {

  $rows = mysqli_num_rows($query);

  if($rows>0){
      echo "<script> swal('Good job!', 'Sucessfully Authenticated', 'success')</script>";
      $_SESSION['email'] = $loginEmail;
      $_SESSION['password'] = $loginPassword;
      if(true){
        // header("Location: http://localhost:8012/phpForm/Profile.php");

        if ($queryTwo = mysqli_query($connection, "SELECT Username FROM `authe` WHERE Email = '".$loginEmail."'")) {
          $rowsTwo = mysqli_num_rows($queryTwo);
          if($rowsTwo>0){
            printf($rowsTwo);
            while($roww = mysqli_fetch_array($queryTwo))
              {
                $_SESSION["username"] =  $roww['Username'];
              }
          }
        }
       echo "<script> window.location.href = 'http://localhost:8012/phpForm/Profile.php' </script>";
      }

    }
   else {
     echo "<script>sweetAlert('Oops...', 'Authentication Failed', 'error');</script>";
   }
  }
 }
?>


</body>
  </html>

  <!-- <br>

<input  type = "text" class="form-control" name = "loginemail" style = "width = 20px;" id = "input" placeholder = "Enter Email" required/>
<i class="glyphicon glyphicon-user form-control-feedback"></i>
  <br> -->

And my profile page:

<?php
session_start();
require_once('PhpConsole.phar');
require_once('connection.php');
ob_start();
require('index.php');
$data = ob_get_clean();
ob_end_clean();

  ?>
<!DOCTYPE html>
<html lang="en-US">
<head>
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
  <link rel="stylesheet" href="https://rawgit.com/marcoceppi/bootstrap-glyphicons/master/css/bootstrap.icon-large.css">
  <link rel="stylesheet" href="main.css">
  <script src="https://code.angularjs.org/1.4.9/angular.js"></script>
  <link href='https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz:700' rel='stylesheet' type='text/css'>
  <script src = "page.js"></script>
  <link rel="stylesheet" href="lib/sweetalert.css">
  <script src="lib/sweetalert-dev.js"></script>
  <style>
  #toDoButton {
    position: relative;
      color: rgba(255,255,255,1);
      text-decoration: none;
      background-color: rgba(219,87,5,1);
      font-family: 'Yanone Kaffeesatz';
      font-weight: 700;
      right:550px;
      bottom:70px;
      font-size: 3em;
      display: block;
      padding: 4px;
      -webkit-border-radius: 8px;
      -moz-border-radius: 8px;
      border-radius: 8px;
      -webkit-box-shadow: 0px 9px 0px rgba(219,31,5,1), 0px 9px 25px rgba(0,0,0,.7);
      -moz-box-shadow: 0px 9px 0px rgba(219,31,5,1), 0px 9px 25px rgba(0,0,0,.7);
      box-shadow: 0px 9px 0px rgba(219,31,5,1), 0px 9px 25px rgba(0,0,0,.7);
      margin: 100px auto;
    width: 160px;
    text-align: center;

    -webkit-transition: all .1s ease;
    -moz-transition: all .1s ease;
    -ms-transition: all .1s ease;
    -o-transition: all .1s ease;
    transition: all .1s ease;
  }

  #toDoButton:active {
      -webkit-box-shadow: 0px 3px 0px rgba(219,31,5,1), 0px 3px 6px rgba(0,0,0,.9);
      -moz-box-shadow: 0px 3px 0px rgba(219,31,5,1), 0px 3px 6px rgba(0,0,0,.9);
      box-shadow: 0px 3px 0px rgba(219,31,5,1), 0px 3px 6px rgba(0,0,0,.9);
  }

  </style>
</head>

<body>

    <div id="page" ng-app = "pageApp" ng-controller="pageController">
      <h1>Welcome <?php  echo $_SESSION['username']; ?></h1>
      <h5>Here is one cool feauture. Type in the box :)</h5>
      <div class = "coolFeauture" id = "CoolFeauture1">
      <input type = "text" ng-model = "CoolFeauture"/>
      <div ng-bind = "CoolFeauture"></div>
    </div>
<div class = "todoMain">
    <h4>Click on the button for a TODO App! Check it out!</h4>
      <a href="javascript:void(0);" id = "toDoButton">Todo</a>
    </div>
    </div>
  <?php
  ?>


</body>
  </html>

  <!-- <br>

<input  type = "text" class="form-control" name = "loginemail" style = "width = 20px;" id = "input" placeholder = "Enter Email" required/>
<i class="glyphicon glyphicon-user form-control-feedback"></i>
  <br> -->

Answer 1

Since it is a concept question, and you mentioned that the login / register system is already done, what you need to do is:

• Log them in saving a unique $_SESSION['id'], or an expirable unique key.
  • Additionally you may save cookies to identify their account

In the todo.php page:

• Make sure that they are logged in by checking $_SESSION['id'] (if it has been set, else redirect somewhere or pop up a message).
• Query their current stored TODOs by something like SELECT * FROM todo WHERE user='id'
• Display a <textarea> or similar to store new TODO (which you can do by a POST to the same page).
• If the page gets a POST request:
  • Store new TODOs by INSERT INTO todo('id', 'sanitized $_POST["text"]')

Also, always make sure to sanitize variables before doing any of these queries.