Reputation: 209
How to define the current users ID from MYSQL?
If your site enables the sign up of multiple users then the chances are they will be able to update, delete or view their information. Now, how does one define the id of the current user for them to access only their information/mysql row?
For example: If you take the db structure below and bob is online, how can I tell the page that bob is the current user and his id = "1" and it do this for every user that is online.
Example db structure:
ID | name | Email
1 | bob | [email protected]
2 | john | [email protected]
please note these are depreciated functions This is my login script, which just sends me in a loop of redirects. This was written with depreciated functions, how can I update it to use PDO?
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['user_id'])!="")
{
header("Location:login.php");
}
if(isset($_POST['btn-login']))
{
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['upass']);
$email = trim($email);
$upass = trim($upass);
$res=mysql_query("SELECT user_id, user_name, user_pass FROM users WHERE user_email='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if($count == 1 && $row['user_pass']==md5($upass))
{
$_SESSION['user_id'] = $row['user_id'];
header("Location:index.php");
}
else
{
echo '<div class="invalid-message text-center">Email or password is invalid</div>';
}
}
?>
Upvotes: 0
Views: 56
Answers (1)
Reputation: 15509
You need to approach this question from a different perspecitve - ratherthan simply saying there is a user with an id and a name, you need to back it up a couple of steps to think about how that user got that id and how did he/she log in.
You need to create a login page that will take the name / password and check it against the stored data in the database and if it is correct - allow the user to proceed with their use of the page. If it is not correct - you need to allow them to reenter the details (if they mis-typed the p/w for example) or to sign up if they do not have an account (and therefore no id).
Note that the password MUST NOT be stored as plain text in the DB and should be hashed (for example with SHA 256 encryption) and salted and it is this hashed and salted version of the P/W that you check upon login.
It is upon the successful login that you start the session and assign the database row of content related to that signed in user to the new session and it is from that session that the id and name will then be used from the session_start() as i have it here.
So in summary- when they log in, assuming that the login is correct, you then assign the details to the session and include session_start() to every page that you want included in the session, you can then reference the user by that $userID or $userName.
once you get your session, you can use something like this to identify the name and id of the user, which will be available on every page that you have session_start():
if(!empty($_SESSION['user']) )
{
$userID=$_SESSION['user']['id'];
$userName=$_SESSION['user']['name'];
}....
When the user wants to logout or you want to delete the session details related to that user's activity, you can use :
unset($_SESSION['user']);
and then you can redirect them to another page
header("Location: index.php");
Upvotes: 1
Related Questions
- How do I use PHP to get the current year?
- How can I get the sizes of the tables of a MySQL database?
- How to reset AUTO_INCREMENT in MySQL
- How can I output MySQL query results in CSV format?
- How to import an SQL file using the command line in MySQL?
- How do I get a YouTube video thumbnail from the YouTube API?
- How can I get a list of user accounts using the command line in MySQL?
- How do I connect to a MySQL Database in Python?
- Should I use the datetime or timestamp data type in MySQL?
- Retrieving the last record in each group - MySQL