CODEWITHSUNDEEP
phphtmlmysqldatabase
Thomas farley
Thomas farley

Reputation: 51

PHP Displaying user info when logged in

Alright, I have tried and searched everywhere to fix this but no luck.

All I am trying to do is display a users username and email (Who are logged in) and then print their details to thier account page. The problem is that all of the users in the database are being logged, I only want the users who is logged in to be displayed.

Db.php

<?php
$myConnection= mysqli_connect("localhost","root","") or die ("could not connect to mysql");

mysqli_select_db($myConnection, "register") or die ("no database");
>

Auth.php

<?php
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
?>

Login.php

<?php
  require('db.php');
    session_start();
    // If form submitted, insert values into the database.
    if (isset($_POST['username'])){
        $username = $_POST['username'];
        $password = $_POST['password'];
        $username = stripslashes($username);
        $username = mysqli_real_escape_string($myConnection, $username);
        $password = stripslashes($password);
        $password = mysqli_real_escape_string($myConnection, $password);
    //Checking is user existing in the database or not
        $query = "SELECT * FROM `users` WHERE username='$username' and password='".md5($password)."'";
        $result = mysqli_query($myConnection, $query) or die(mysqli_error());
        $rows = mysqli_num_rows($result);
        if($rows==1){
            $_SESSION['username'] = $username;
      $_SESSION['user_id'] = $row['user_id'];
            header("Location: index.php"); // Redirect user to index.php
            }else{
                echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
                }
    }else{
?>

Register.php 

<?php
    require('db.php');
    // If form submitted, insert values into the database.
    if (isset($_POST['username'])){
        $username = $_POST['username'];
        $email = $_POST['email'];
        $password = $_POST['password'];
        $username = stripslashes($username);
        $username = mysqli_real_escape_string($myConnection, $username);
        $email = stripslashes($email);
        $email = mysqli_real_escape_string($myConnection, $email);
        $password = stripslashes($password);
        $password = mysqli_real_escape_string($myConnection, $password);
        $trn_date = date("Y-m-d H:i:s");
        $query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
        $result = mysqli_query($myConnection, $query);
        if($result){
            echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
?>

Account.php //Where I want user data to be displayed on page

<?php
    // SQL query
    $strSQL = "SELECT * FROM users";

    // Execute the query (the recordset $rs contains the result)
    $rs = mysqli_query($myConnection, $strSQL);

    // Loop the recordset $rs
    // Each row will be made into an array ($row) using mysqli_fetch_array
    while($row = mysqli_fetch_array($rs)) {

       // Write the value of the column FirstName (which is now in the array $row)
      echo $row['username'] . "<br />";
      echo $row['email'] . "<br />";
      }

    // Close the database connection
    mysqli_close($myConnection);
    ?>

Upvotes: 1

Views: 8013

Answers (1)

Professor Zoom
Professor Zoom

Reputation: 349

$strSQL = "SELECT * FROM users";

Why that query? if you say you wanted to display only the info about users logged in, you are getting all users without conditions

Do the query for the user who is logged in at the moment, something like

$strSQL = "SELECT * FROM users WHERE username = '".$_SESSION['username']."'";

or somethinbg like this

  <?php

  session_start(); //Add this

  //Also you have to add your connection file before your query
  require('db.php');

  // SQL query
  $strSQL = "SELECT username, email FROM users WHERE user_id = '".$_SESSION['user_id']."'";

  // Execute the query (the recordset $rs contains the result)
  $rs = mysqli_query($myConnection, $strSQL);

  // Loop the recordset $rs
  // Each row will be made into an array ($row) using mysqli_fetch_array
  while($row = mysqli_fetch_array($rs)) {

    // Write the value of the column FirstName (which is now in the array $row)
    echo $row['username'] . "<br />";
    echo $row['email'] . "<br />";

  }

  // Close the database connection
  mysqli_close($myConnection);

  ?>

I think it should have to work, tell me if it worked for you

Upvotes: 2

Related Questions