I have created a session of which a user is using email and password to log in, and the session is capturing his/her email, I want to use the email to fetch her other data like first name and last name, I tried to get it but due to my newbie I ended up getting error, here is my login code:
// LOGIN A USER INTO HIS/HER ACCOUNT
if (isset($_POST['login_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$email' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong Email or Password combination");
}
}
}
and I figured it to be like the following code below:(which is not actually working)
if($result) {
if(mysqli_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$user = mysqli_fetch_assoc($result);
$_SESSION['id'] = $user['user_id'];
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
session_write_close();
header("location: user_index.php");
exit();
else {
$sql = "SELECT first_name FROM users WHERE email = '" .
$_SESSION['email'] . "'";
$result = mysqli_query($sql);
$user = mysqli_fetch_array($result);
echo "Hello, " . $user['first_name']";
}
I found this way to be working, thank you all who tried to help
<?php
include'db.php';
if(isset($_SESSION['email'])){
$query = "SELECT first_name FROM users WHERE email= '".$_SESSION['email']."'";
$result = mysqli_query($db, $query) or
die(mysql_error($db));
if (!$result) die('Query failed: ' . mysqli_error($db));
while($row = mysqli_fetch_array($result)){
echo $row['first_name'];
}
}
?>
Related
I have problem with PHP $_SESSION.
I see only "username" in index page after successfull login/register.
When I change $_SESSION['username'] to $_SESSION['password'] is also displayed.
I need to display "points" value, which is not defined by user during login/register (5 points is auto added to user after register)
How to echo values from database, which are not inserted by users?
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Please write username");
}
if (empty($password)) {
array_push($errors, "Please write password");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "Logged in ";
header('location: index.php');
}else {
array_push($errors, "Something went wrong");
}
}
}```
Try with :
...
if (mysqli_num_rows($results) == 1) {
$row=mysqli_fetch_assoc($result);
//check the data you get from the BD
var_dump($row);die;
// you'll get an array with you data where you'll find the points
// then just assign it to a session
$_SESSION['user_points'] = $row['user_points']; // for example
$_SESSION['username'] = $username;
$_SESSION['success'] = "Logged in ";
header('location: index.php');
}
...
This is my code
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM admin WHERE username='".$_POST['username']."' AND passcode='".$_POST['password']."'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) >0) {
$_SESSION['username'] = $username;
$_SESSION['username2'] = "gfgf";
$_SESSION['username3'] = $row['column_name'];
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
I want to use $_SESSION['username3'] .But it is not work. what is the problem with my code. $_SESSION['username2'] is finely work.
there is a matching data in this Table too.
Try this code. You missed this line while ($row = $results->fetch_assoc()) and $password = md5($_POST['password']);
if (count($errors) == 0) {
$password = md5($_POST['password']);
$query = "SELECT * FROM admin WHERE username='".$_POST['username']."' AND passcode='".$_POST['password']."'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) >0) {
while ($row = $results->fetch_assoc()){
$_SESSION['username'] = $username;
$_SESSION['username2'] = "gfgf";
$_SESSION['username3'] = $row['column_name'];
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}else {
array_push($errors, "Wrong username/password combination");
}
}
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM register WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
}
$qry = "SELECT * from register";
$result = mysqli_query($qry);
$row = mysqli_fetch_array($result);
$id = $row[0];
if (mysqli_num_rows($results) == 1) {
//here i want to change session from username to id
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
?>
This code is also working but i want to replace the username session to id session. Please help me how i get replace it by id.
Here i want to set session as id from username. so please help me how i have to get the solution of my code.
Just copy this Code :
replace your code
$_SESSION['username'] = $username;
to
$_SESSION['id'] = $username;
look like :
if (mysqli_num_rows($results) == 1) {
//here i want to change session from username to id
$_SESSION['id'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
You can get the value like this, because we are get result into an array
$row = mysqli_fetch_array($result);
$id = $row[0];
Correct method is below
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM register WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
}
$qry = "SELECT * from register";
$result = mysqli_query($qry);
$row = mysqli_fetch_array($result);
// $id = $row[0];
$id = $row['id']; //this is the primary key
if (mysqli_num_rows($results) == 1) {
$_SESSION['id'] = $id;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
?>
Just set the $_SESSION['id'] = $id.
I have a login page where user insert their username and password.
I create a session which will display the username of the user at the main page using below code.
However, instead of the username, I want to display the user's full name. How do I display the full name using $_SESSION['username']?
My table name is users and consist of column fullname, username and password.
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
Use db query like mysqli_fetch_assoc to get data from db
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$row = mysqli_fetch_assoc($results );
$_SESSION['fullname'] = $row['fullname'];
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
for more : https://www.w3schools.com/php/func_mysqli_fetch_row.asp
I am struggling to display a user's profile after logging in. I can only display the user email in the session.
below is my login script
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($db , $_POST['email']);
$password = mysqli_real_escape_string($db , $_POST['password']);
$query = "select * from users where email='$email' and password='$password'";
$result = $db->query($query);
if($row = $result->fetch_assoc()){
if($row['status'] == 1){
$_SESSION['user_email'] = $email;
if(isset($_POST['remember_me'])){
setcookie("user_email" , $email , time()+60*5);
}
header("Location:myaccount.php");
exit();
}else {
header("Location:index.php?err=" . urlencode("The user account is not activated!"));
exit();
}
} else {
header("Location:index.php?err=" . urlencode("Wrong Email or Password!"));
exit();
}
}
After the user logins, they get redirected to this page "myaccount.php"
This displays only the user email only, I need to pull more user data from the table.
You can set any data to session
like this
$_SESSION['username'] = $row['username'] ;
$_SESSION['name'] = $row['name'] ;
$_SESSION['family'] = $row['family'] ;
so
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$query = "select * from users where email='$email' and password='$password'";
$result = $db - > query($query);
if ($row = $result - > fetch_assoc()) {
if ($row['status'] == 1) {
$_SESSION['user_email'] = $email;
$_SESSION['name'] = $row['name'];
$_SESSION['family'] = $row['family'];
if (isset($_POST['remember_me'])) {
setcookie("user_email", $email, time() + 60 * 5);
}
header("Location:myaccount.php");
exit();
} else {
header("Location:index.php?err=".urlencode("The user account is not activated!"));
exit();
}
} else {
header("Location:index.php?err=".urlencode("Wrong Email or Password!"));
exit();
}
}