I have a login page where user insert their username and password.
I create a session which will display the username of the user at the main page using below code.
However, instead of the username, I want to display the user's full name. How do I display the full name using $_SESSION['username']?
My table name is users and consist of column fullname, username and password.
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
Use db query like mysqli_fetch_assoc to get data from db
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$row = mysqli_fetch_assoc($results );
$_SESSION['fullname'] = $row['fullname'];
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
for more : https://www.w3schools.com/php/func_mysqli_fetch_row.asp
Related
How can i upload images as part of registration data to database with sql and get it with php sessions everytime the user logs in
I already have this for saving username,email and password..but i want to add image to serve as profile picture during the registration and should be able to call it everytime a user logs in
<?php
session_start();
$username = "";
$email = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'registration');
if (isset($_POST['reg_user'])) {
$fname = mysqli_real_escape_string($db, $POST['fname']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
if (empty($fname)) { array_push($errors, "Please Enter your full name");}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (fname, username, email, password)
VALUES( '$fname', '$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: /me/home.php');
}
}
________________________LOGIN____________________________
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: /me/home.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
i will assume you have already finished the login authentication.
you will have to include an input of type file in your registration page.
here is the php code you will need to insert the photo:
extract($_POST);
if(isset($upload)) // Upload variable here is the button user clicks when he registers
{
$query = "insert into users (picture)values (?)";
$result = $db->prepare($query);
$target_path = "profilePictures/" . $un . "_";
$target_path = $target_path.basename($_FILES['profilePic']['name']);
if (move_uploaded_file($_FILES['profilePic']['tmp_name'], $target_path))
{
$newPic = "profilePictures/" . $un . "_" . basename($_FILES['profilePic']['name']);
$result->bindParam(1, $newPic);
}
$result->execute();
$db=NULL;
if ($result)
{
$success = true;
success("Information inserted Successfully "); //success here is a function i created you can just echo this message instead.
}
else
{
error("Failed");
}
}
}
now when a user logs in from the login page you will have to do some coding where you need it to be:
session_start();
$username=$_SESSION['activeUser']; //
query="select * from users where username='$username'";
$result = $db->prepare($query);
$result->execute();
$row=$result->fetch();
$userpic=$row['picture'];
$_SESSION['picture'] = $userpic; // here the image will be saved in a session and you
can save it in a variable elsewhere and use it.
I have problem with PHP $_SESSION.
I see only "username" in index page after successfull login/register.
When I change $_SESSION['username'] to $_SESSION['password'] is also displayed.
I need to display "points" value, which is not defined by user during login/register (5 points is auto added to user after register)
How to echo values from database, which are not inserted by users?
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Please write username");
}
if (empty($password)) {
array_push($errors, "Please write password");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "Logged in ";
header('location: index.php');
}else {
array_push($errors, "Something went wrong");
}
}
}```
Try with :
...
if (mysqli_num_rows($results) == 1) {
$row=mysqli_fetch_assoc($result);
//check the data you get from the BD
var_dump($row);die;
// you'll get an array with you data where you'll find the points
// then just assign it to a session
$_SESSION['user_points'] = $row['user_points']; // for example
$_SESSION['username'] = $username;
$_SESSION['success'] = "Logged in ";
header('location: index.php');
}
...
Is there a better way to write this code to where I can pull data from my id, firstname and lastname columns during login?
if (isset($_POST['login_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($email)) {
array_push($errors, "EMAIL is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$email' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM register WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
}
$qry = "SELECT * from register";
$result = mysqli_query($qry);
$row = mysqli_fetch_array($result);
$id = $row[0];
if (mysqli_num_rows($results) == 1) {
//here i want to change session from username to id
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
?>
This code is also working but i want to replace the username session to id session. Please help me how i get replace it by id.
Here i want to set session as id from username. so please help me how i have to get the solution of my code.
Just copy this Code :
replace your code
$_SESSION['username'] = $username;
to
$_SESSION['id'] = $username;
look like :
if (mysqli_num_rows($results) == 1) {
//here i want to change session from username to id
$_SESSION['id'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
You can get the value like this, because we are get result into an array
$row = mysqli_fetch_array($result);
$id = $row[0];
Correct method is below
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM register WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
}
$qry = "SELECT * from register";
$result = mysqli_query($qry);
$row = mysqli_fetch_array($result);
// $id = $row[0];
$id = $row['id']; //this is the primary key
if (mysqli_num_rows($results) == 1) {
$_SESSION['id'] = $id;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
?>
Just set the $_SESSION['id'] = $id.
session_start();
if (isset($_POST['login_user'])) {
$Email = mysqli_real_escape_string($database, $_POST['Email']);
$Password = mysqli_real_escape_string($database, $_POST['Password']);
if (empty($Email)) {
array_push($errors, "Email is required");
}
if (empty($Password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$Password = md5($Password);
$query = "SELECT * FROM Users WHERE Email='$Email' AND Password='$Password'";
$results = mysqli_query($database, $query);
$row = mysqli_fetch_assoc($results);
if (mysqli_num_rows($results) == 1) {
$_SESSION['Email'] = $Email;
$UserID = $row['UserID'];
$_SESSION['UserID'] = $UserID;
header('location: Home.php');
}else {
array_push($errors, "Wrong Email/Password combination");
}
i am able to get the Email stored in sessions but i can not get the UserID. can i also use the userID stored in sessions to add to a form?