i want insert data to current logged in user i changed 4 to session id but error please help me how to store id in session and use here
login.php
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
home.php
<?php
//Get current user ID from session
$userId = 4;
//Get user data from database
$result = $db->query("SELECT * FROM user WHERE id = $userId");
$row = $result->fetch_assoc();
?>
Try this.Directly add the value to session array.It will updated with session
session_start();
$_SESSION['user_id'] = 4;
$userId =$_SESSION['user_id']
executing the function call 'session_id()' returns the id of the session for the vistor, the session is actually a file kept in a directory of your server, the session_id will point to this file in all instances that I've personally seen.
to actually access the session you need to use $_SESSION to set and read data :) Happy Coding!
Related
good evening. I am developing a website in which there is a constraint wherein it is not allowed to have multiple login in different computers with the same account. Can i achieve this using codeigniter? if not? How can i address this issue. Thank you!
How I approached that problem in a project was:
I grabbed the session id of the user once they logged in and stored it in the database.
Whenever the user logs in you grab the session id stored in the database and destroy it.
This will ensure that whenever they log in from another browser or computer their previous session is destroyed.
Here's some example code on the login page I did this:
session_commit();
session_id(session_create_id());
session_start();
//followed by other code
Using session_create_id function will create a unique session id because it checks if the one it's creating exists.
Next:
$query = "UPDATE user_table SET sess_id = ? WHERE id = ? AND sess_id = '0'";
$query_run = $database->prepare($query);
if($query_run->execute([session_id(), $user_id])):
if($query_run->rowCount() < 1){
$query = "SELECT sess_id FROM user_table WHERE id = ?";
$query_run = $database->prepare($query);
if($query_run->execute([$user_id])){
//custom session destroy function
session_destroy_client($query_run->fetchAll()[0]['sess_id']);
$query = "UPDATE user_table SET sess_id = ? WHERE id = ?";
$query_run = $database->prepare($query);
$query_run->execute([session_id(), $user_id]);
}
}
endif;
Let the default value of the sess_id be zero. Whenever the user logs out set it to zero. But whenever they log in you still need to check if they have a session id stored in the database then destroy that session. This is what the custom destroy session looks like:
function session_destroy_client(string $id){
// 1. commit session if it's started.
if (session_status() != \PHP_SESSION_ACTIVE) {
session_write_close();
}
ini_set('session.use_strict_mode', 0);
// 2. store current session id
session_start();
$cid = session_id();
session_write_close();
// 3. hijack then destroy session specified.
session_id($id);
session_start();
session_destroy();
session_write_close();
// 4. restore current session id. If you don't restore it, your current session will refer to the session you just destroyed!
session_id($cid);
session_start();
}
That should work. You can add your custom function to a class if you would like and add features that would suit your need.
On my website, there is a function for logging in and logging out. Upon login, I set the session variables pass (which is hashed password), uid which is the ID of the user logged in and loggedIn (boolean):
$hashedpass = **hashed pass**;
$_SESSION['pass'] = $hashedpass or die("Fel 2");
$_SESSION['uid'] = $uid or die("Fel 3");
$_SESSION['loggedIn'] = true or die("Fel 4");
header("Location:indexloggedin.php");
On every page, I check if the visitor is logged in by
Checking the status of $_SESSION['loggedIn'],
Searching the database for the user with the ID $_SESSION['uid'],
Checking if the hashed password in the database matches the hashed password in the session variable:
$sespass = $_SESSION['pass'];
$sesid = $_SESSION['uid'];
$sql2 = "SELECT * FROM `users` WHERE `id` = '$sesid'";
$result2 = mysqli_query($db_conx, $sql2);
$numrows2 = mysqli_num_rows($result2);
if ($numrows2 != 1) {
$userOk = false;
}
while ($row = mysqli_fetch_array($result2,MYSQLI_ASSOC)) {
$dbpass = $row['pass'];
}
if ($sespass != $dbpass) {
$userOk = false;
} else {
$userOk = true;
}
My problem is that this seems to be working on some pages, while it doesn't work at others. For example, when I log in, I am instantly logged in to the homepage, but not to the profile page. However, after a few reloads, I am logged in to the profile page as well. The same thing happens when logging out.
For testing purposes, I tried to var_dump the password variables as well as the userOk status on the index page, and this is where I noticed something interesting. When I log out, the password variables are set to be empty, and $userOk is false, according to what that is shown at index.php?msg=loggedout. But when I remove the ?msg=loggedout (and only leave index.php), the password variables are back to their previous value, and I am no longer logged out... After a few reloads, I am once again logged out.
Why is my session variables not working as expected? It feels like as if it takes time for them to update, which is very weird. I have tried with caching disabled (both through headers and through the Cache setting in my browser).
Just tell me if you need more info.
You have initialization session_start() on every Site?
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
After contacting my hosting provider, it was actually a hosting issue. It is now resolved!
Thanks,
Jacob
I know I can't use two session start codes in a same php page but for the sake of updating user account, I need the below code and I need to use session_start twice. One, to check if the user is not logged in, then redirect them and banned them from seeing the update info page and also the other session start has to be there so that my session variables could be set automatically in the update info page if the user is logged in.
anyways, I am getting this error can you guys please show me a work around way? if there's any?
thanks.
Notice: A session had already been started - ignoring session_start() in ....
<?php session_start();
if(isset($_SESSION['userid'])) {
} else {
header('Location: login.php');
}
?>
<?php
$user = $_SESSION['userid'];
$myquery = "SELECT * FROM our_users WHERE `userid`='$user'";
$result = mysqli_query($conn, $thequery);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
session_start(); /* Basically this right here gets ignored. */
$_SESSION["user_first_name"] = $row['fn'];
$_SESSION["user_last_name"] = $row['ln'];
$_SESSION["user_email"] = $row['em'];
$_SESSION["user_password"] = $row['pw'];
?>
I have script with a session login system. After user log, i store User ID, name and level.
if (!isset($_SESSION)) session_start();
$_SESSION['user_id'] = $result['user_id'];
$_SESSION['user_name'] = $result['user_name'];
$_SESSION['user_level'] = $result['user_level'];
// Redirect
header("Location: dashboard.php"); exit;
Now, I need to have a second script installation on same server
SCRIPTA
SCRIPTB
If user log in SCRIPTA and change URL to SCRIPTB, i'ts able to login o B installation.
A way to solve this problem is add a unique ID to each session.
But how to forward and check ID between pages?
You may wont to try
if (!isset($_SESSION))
{
session_start();
$_SESSION['user_id'] = $result['user_id'];
$_SESSION['user_name'] = $result['user_name'];
$_SESSION['user_level'] = $result['user_level'];
}
create a new php file with the above in it.
include this file in every page that requires the session data.
Solved with Sable Foste suggestion.
I have added a column with a unique ID for user and check this one when page is loaded.
Query DB:
// Verify hash
$result = mysql_query("SELECT user_hash FROM users WHERE user_id =".$_SESSION['user_id']);
$row = mysql_fetch_array($result, MYSQL_BOTH);
$user_hash = $row['user_hash'];
Compare hash:
if ($_SESSION['user_hash'] != $user_hash) {
header("Location: index.php?error=1"); exit;
}
I have a database set up and I use 'user_id' for example to displays the name, age, address etc. I want to display all information with just the id in php. This then echos in another page. Currently i have to do this:
$row=mysql_fetch_array($result);
$_SESSION['Name'] = $row['Name'];
$_SESSION['Address'] = $row['Address'];
Store just the user ID and a token that you set when the user logged in:
if (isset($_SESSION['user_id']) && $_SESSION['logged_in']) {
$user_id = $_SESSION['user_id'];
$user = // Query your database to get the user with that ID.
} else {
// Not logged in.
}
Alternatively, you could use secure sessions and serialize the user's profile object into a string, but you will need to keep it updated in case the user changes their information.