I am having trouble with sending variable with session. Goal is to automaticaly add user id in tree menu item, after successfull login.
Login code:
in if clause when login is success
$data['login']=true;
$row = $db->fetchAssoc($res);
$data['username'] = $row['username'];
$_SESSION['id'] = $row['id_user'];
$data['id_user']=$row['id_user'];
}
else {
$data['login']=false;
}
$data['success']=true;
echo json_encode($data);
Function for adding tree node code bellow:
$_POST['action'] == "addNode"){
$uid= $_SESSION['id'];
$id = clean($_POST['id']);
$leaf = clean($_POST['leaf']);
if($leaf == "true"){
..insert clause
}
...insert clause(inserting in database)
}
When I try to add new item in tree node, the user id is read correctly once and doesn't work until I dont refresh page(checked with firebug).
If someone can help me I will apreciate.
Related
I have a php blog linked to an ecommerce developped with Code Igniter. I can login both in the blog or in the ecommerce with the same credentials, and if I log in I am logged both on the blog and on the ecommerce part.
In the blog, in the config.php file there is:
// Check connection
$sql = "SELECT `data` FROM `ci_sessions` WHERE id="."'".$_COOKIE['ci_session']."'";
$result = $conn->query($sql);
$first_arr = '';
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$first_arr = explode(';',$row['data']);
}
$res = '';
foreach($first_arr as $v){
if (strpos($v, 'customer_id') !== false) {
$res = explode('|',$v);
}
}
$conn->close();
$_SESSION['customer_id'] = session_decode($res[1]);
}
else{
$_SESSION['customer_id'] = '';
}
if(isset($_SESSION['login_id']) && !empty($_SESSION['login_id'])){
$_SESSION['customer_id'] = $_SESSION['login_id'];
}
I previously used unserialize() function instead session_decode(), but I wasn't able to login in the blog part.
I fix this with the session_decode() function, but now the scenario is: when I am on the blog (not logged) and I go on the ecommerce I am rightly redirected on the login page, but if I don't login and I come back to the previous page I see the blog page like I'm logged in!
I tried to cancel cache or using an anonymous session, but this happens always!
What could be the problem?
Please i want logged in user to be able to view and edit their previous details in a mysql database..here is my code so far
<?php session_start(); include 'dpconfig.php';
if (isset($_SESSION['uid']))
{
echo $_SESSION['uid'];
}
else
{
echo "You are not Logged In!"; header("Location: header.php");
}
$n = mysqli_query($conn,"Select * from user");
$run = mysqli_query($conn,"Select * from user");
$row = mysqli_fetch_array($run, MYSQLI_BOTH);
{
$showid = $row[0];
$showfirst = $row[1];
$showlast = $row[2];
$showuid = $row[3];
echo $showid;
echo $showfirst;
}
?>
Thanks
What you need to do when your user have log in you then need to have links in the dashboard to profile page then you need to have a query string in your link
eg
<?php
session_start();
include 'dpconfig.php';
if (isset($_SESSION['uid']))
{
echo $_SESSION['uid'];
echo "<a href=\"profile.php?id=".$_SESSION['uid']."&action=view\">View Profile<a/>";
echo "Edit Profile";
}else{
// not allowed redirect
}
?>
The above code is just a basic dashboard after the user have loggedin, we display to links to profile.php with two query string parameters, namely id we will use this to identify the current user, and action, this one will help us to know what action the user is doing(viewing/editing) their profile
Then once they on any of the link, it will go to the profile.php page with url params. then we use GET method to do our proccessing
Read about Get method here
profile.php
<?php
session_start();
include 'dpconfig.php';
if(isset($_GET['id']) && isset($_GET['action'])){
if($_GET['action'] === "view"){
// show user profile
}
if(isset($_GET['action']) ==="edit"):?>
show html form with profile info to edit then process
<?php
endif;
}else{
// not allowed do something
}
?>
Hope this will atleast point you to the correct direction.
I am passing a variable fprs thru the URL and i can't seem to get it past the submit event. My Variable $userID which is from the URL becomes out of scope when I hit my submit button. How can I pass this variable to my query successfully?
As you can see, i am getting the fprs from the URL, transfering it to the $userID, then when I submit, the $userID becomes empty.
$userID ="";
$usID="";
if(isset($_GET['fprs'])){
$usID = substr($_GET['fprs'], 8);
}
$userID = intval($usID);
if(isset($_POST['btnChange'])){
if($Validate == true){
$link = mysqli_connect($servername,$username,$password,$database);
var_dump($userID);
$updatePassStr= "Update User set Pass='$hashPass' WHERE UserID='$userID'";
if($update = mysqli_query($link, $updatePassStr)){
echo "good";
}
else{
$Error = "Some error occured with the database, please wait a little and try again.";
}
}
Create a hidden field userIDin your form and store $userID there. After submit, retrieve the value with $userID=$_POST['userID'].
I am trying to create two separate sessions- one for if the user is admin and another if the user is author. $type stored type as enum (can be either author or admin). But my code is creating author session even for admin. I am new to PHP and MySQL . can somebody tell me where the error is in my code.
<?php
include("dbconnect.php");
$con= new dbconnect();
$con->connect();
//create and issue the query
$sql = "SELECT type FROM users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";
$result = mysql_query($sql);
//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
$type_num=0;
//if authorized, get the values
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
}
if($type == "admin")
{
$_SESSION['type']=1;
$u = 'welcome.php';
header('Location: '.$u);
}
else
{
$_SESSION['type']=$type_num;
$u = 'welcome.php';
header('Location: '.$u);
}
}
else {
//redirect back to loginfailed.html form if not in the table
header("Location: loginfailed.html");
exit;
}
?>
My welcome.php is as below
<?php
session_start();
?>
<html>
<body>
<h2>Welcome.</h2>
<?
if($_SESSION['type']==1){
echo "You are of the usertype Admin and your session id is ";
echo session_id();
}
else {
echo "You are of the usertype Author and your session id is ";
echo session_id();
}
?>
</body>
</html>
Thank You so much in advance.
Try to use roles for your permissions.
In general you have just one session. I mean you don't have two variables called _SESSION.
With the concept of roles you can simply check if a user has the permission to do something.
You have to call session_start() in the first part of the code, before register the var $_SESSION['type'] in the session
No your code seams fine, I think.
I don't see where you are calling the database
And what you have in there
So here is how you trouble shoot
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
echo $type . '<br />';
}
OR
echo '<pre>';
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
print_r($info);
}
echo '</pre>';
If you never see admin in there, and it must be 'admin' not Admin or ADMIN; then the problem is in your database. You don't have admin as admin defined, or spelled right.
By the way. see how nicely I formatted that. It's easier to read that way.
Coders wont look at your code if you don't do that.
Try using session_regenerate_id(); method to create different session ids.
I am creating a login script that stores the value of a variable called $userid to $_SESSION["userid"] then redirects the user back to the main page (a side question is how to send them back where they were?).
However, when I get back to that page, I am echoing the session_id() and the value of $_SESSION["userid"] and only the session id shows up. It had occurred to me that maybe my redirect page needs to have at the top, but if this were true, then the session_id I'm echoing would change each time I end up on the page that is echoing it. Here is the script:
<?php
session_start();
include_once("db_include.php5");
doDB();
//check for required fields from the form
if ((empty($_POST['username']) && empty($_POST['email'])) || empty($_POST['password'])) {
header("Location: loginform.php5");
exit;
} else if($_POST["username"] && $_POST["password"]){
//create and issue the query
$sql = "SELECT id FROM aromaMaster WHERE username='".$_POST["username"]."' AND password=PASSWORD('".$_POST["password"]."')";
$sql_res =mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));
//get the number of rows in the result set; should be 1 if a match
if(mysqli_num_rows($sql_res) != 0) {
//if authorized, get the userid
while($info = mysqli_fetch_array($sql_res)) {
$userid = $_info["id"];
}
//set session variables
$_SESSION['userid'] = $userid;
mysqli_free_result($sql_res);
//redirect to main page
header("Location: loginredirect.php5");
exit; }
} else if($_POST["email"] && $_POST["password"]) {
//create and issue the query
$sql = "SELECT id FROM aromaMaster WHERE email='".$_POST["email"]."' AND password=PASSWORD('".$_POST["password"]."')";
$sql_res =mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));
//get the number of rows in the result set; should be 1 if a match
if(mysqli_num_rows($sql_res) != 0) {
//if authorized, get the userid
while($info = mysqli_fetch_array($sql_res)) {
$userid = $_info["id"];
}
//set session variables
$_SESSION['userid'] = $userid;
mysqli_free_result($sql_res);
//redirect to main page
header("Location: loginredirect.php5");
exit;}
} else {
//redirect back to login form
header("Location: loginform.php5");
exit;
}
mysqli_close($mysqli);
?>
You're doing this:
while($info = mysqli_fetch_array($sql_res)) {
$userid = $_info["id"];
}
Where you should do this:
while($info = mysqli_fetch_array($sql_res)) {
$userid = $info["id"];
}
Make sure:
<?php
session_start();
Is at the top of each page.
Additionally, you can test by commenting out your redirects and echo'ing the value you're setting with to make sure you're retrieving/storing the correct value to begin with.
You need to call session_write_close() to store the session data changes.
Side answer: you can use the $SERVER["HTTP REFERER"] to redirect back, if it was filled by the browser