'retrieve data from database using session
Hi I had read topics here and tried doing it in different ways but my problem still not solved. I tried storing session and use it to retrieve data again from the database. I used the session idmember and set it to a variable then used it to a query to echo his/her first and last name. I can get to the main page but the user's name doesn't echo it. To summarize here how it works. index > authenticate(validate) > student/index.php
functions.php
<?php
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = true; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(); // regenerated the session, delete the old one.
}
?>
index.php (Main Page)
<?php
include ('include/functions.php');
sec_session_start();
include ('header.php');
?>
<title>Students Portal</title>
<div id="upper_row"><b>Announcement:</b></div>
<div id="l_column"></div>
<div id="r_column">
<form action="authenticate.php" method="POST" name="loginform">
<table width="100%">
<tr>
<th colspan="3" align="left">USER LOGIN<br /><hr /></th>
</tr>
<tr>
<td width="72">Username:</td>
<td width="212">
<script type="text/javascript">
function blank(a) { if(a.value == a.defaultValue) a.value = ""; }
function unblank(a) { if(a.value == "") a.value = a.defaultValue; }
</script>
<input type="text" value="Enter your School ID here" onfocus="blank(this)" onblur="unblank(this)" name="id" />
</td>
</tr>
<tr>
<td>Password:</td>
<td><script type="text/javascript">
function blank(a) { if(a.value == a.defaultValue) a.value = ""; }
function unblank(a) { if(a.value == "") a.value = a.defaultValue; }
</script>
<input type="password" value="Password" onfocus="blank(this)" onblur="unblank(this)" name="password" /></td>
</tr>
<tr>
<td></td>
<td rowspan="3" align="center"><input type="submit" name="login" value="Login" /></td>
</tr>
</table>
</form>
</div>
<?php
include "footer.php";
?>
authenticate.php
<?php
include ('include/conn.php');
include ('include/functions.php');
sec_session_start();
// username and password sent from form
if(isset($_POST['login'])) {
$user=$_POST['id'];
$pass=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$crypt_pass=md5($pass);
//query from database
$result=mysql_query("SELECT username,user_pass,user_id FROM tbl_user WHERE username ='$user' and user_pass='$crypt_pass'");
$result2=mysql_fetch_row($result);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
//First Step of Validation
//get the ip address of the user then the attempts
$iptocheck = $_SERVER['REMOTE_ADDR'];
$iptocheck = mysql_real_escape_string($iptocheck);
$resultip = mysql_query("SELECT ip_address,login_attempts,username FROM tbl_sec_login WHERE ip_address = '$iptocheck' AND username='$user'");
$ipcount = mysql_num_rows($resultip);
$rowx = mysql_fetch_row($resultip);
if(mysql_num_rows($resultip) > 1) {
//Already has some IP address records in the database
//Get the total failed login attempts associated with this IP address
if ($rowx['1'] > 3) {
header("Location: index.php");
}
}
//If none then insert it to the table
else if ($ipcount == 0) {
$loginattempts = 0;
mysql_query("INSERT INTO tbl_sec_login (ip_address,login_attempts,username) VALUES ('$iptocheck','$loginattempts','$user')");
}
//Second step of validation
//if count is equal to 1 then proceed to next condition
if($count==1){
//Third Step of Validation
// If result matched $user and $crypt_pass, table row must be 1 row
if ($user==$result2[0] AND $crypt_pass==$result2[1]){
$_SESSION['idmember'] = $_POST['id'];
$loginattempts = 0;
mysql_query("DELETE FROM tbl_sec_login WHERE ip_address = '$iptocheck' AND username='$user'");
if($result2[2]==3) {
header("Location: student/index.php?id=$user");
}elseif ($result2[2]==2) {
header("Location: epersonnel/index.php");
}elseif ($result2[2]==1) {
header("Location: admin/index.php");
}
}else{
$loginattempts = $rowx['1'] + 1;
mysql_query("UPDATE tbl_sec_login SET login_attempts = '$loginattempts' WHERE ip_address = '$iptocheck' AND username='$user'");
header("Location: login.php");
}
}
else {
$loginattempts = $rowx['1'] + 1;
mysql_query("UPDATE tbl_sec_login SET login_attempts = '$loginattempts' WHERE ip_address = '$iptocheck' AND username='$user'");
header("Location: login.php");
}
}
else {
header("Location: index.php");
}
?>
student/index.php
<?php
session_start();
if(!empty($_SESSION['idmember'])){
header("Location: login.php");
}
require 'include/conn.php';
$id = $_SESSION['idmember'];
$query="SELECT first_name,last_name FROM tbl_studentmasterlist WHERE sid ='$id'";
$result=mysql_query($query);
$row = mysql_fetch_array($result);
include "header.php";
?>
<div id="s_l_column">
<div id="i_location">
Welcome, <br />
<center><img name="" src="" width="185" height="135" alt=""> <br />
» <?php echo $row['first_name']." ".$row['last_name'];?> </center>
<hr />
</div>
<div id="side_menubar">
</div>
</div>
<div id="s_r_column">
<div class="menubar">
<ul>
<li><a href="#" class="leftEdge clearBorder">Home</a></li>
<li><a href="#">Account Setting</a></li>
<li><a href="#">Enrollment Guide</a></li>
<li><a href="#">Enroll</a></li>
<li><a href="#" class="rightEdge">Logout</a></li>
</ul>
</div>
<div id="b_contianer">
</div>
</div>
<?php
include "footer.php";
?>
Solution 1:[1]
Why do you redirect to the login.php page, when you already have set the $_SESSION['idmember'] variable? That doesn't make much sense.
Your code does the following:
When you call the index.php site the first time your session variable 'idmember' isn't set and thus the first and last name isn't displayed, because your query doesn't return any results.
The problem here lies in the following lines of code (index.php):
if(!empty($_SESSION['idmember'])){
header("Location: login.php");
}
Here you check, if your session variable 'idmember' is NOT empty. So, every time you call index.php with 'idmember' set you will be redirected to login.php.
To fix this just replace your code with the following one:
if (!isset($_SESSION['idmember'])){
header("Location: login.php");
}
This checks, if the session variable 'idmember' is NOT set and redirects the user to the login.php page, if it is so. After the user logged in successfully, and the user calls index.php again your query will return a result (provided that a user with the 'idmember' value actually exists...). And finally, the first and last name should be displayed.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |