homepage Welcome to WebmasterWorld Guest from 54.145.252.85
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
user data from session and login
PHP sessions
roclimb

5+ Year Member



 
Msg#: 4419867 posted 4:40 am on Feb 21, 2012 (gmt 0)

Hi all,

I have a login script with a session. I want to get user data like email, username, first name to echo in paragraphs on a members page.

How can I detect what user is logged in and retrieve their individual data from their member name in my database? Do I get it from the session some how? I assume I have to get their unique id from the database from the session somehow?

thanks
Rob

 

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4419867 posted 12:28 pm on Feb 21, 2012 (gmt 0)

You could use the PHP sessions, a cookie with an identifier etc for keeping track of a visitor. When the user is registered or logs in, you can setup an identifier with the session/cookie following validation and after creating a database record. When the visitor's browser makes a new request to your pages it will send the cookie which you can cross reference the info with the database record. You will need a db sessions table in your case or some other storage medium.

The basic steps for processing a request are:

1. Check if the cookie is set and valid
2. Check if the cookie value exists in the sessions db table
3. Process the request taking into account it's a registered visitor when applicable

If you use a custom cookie/session you will need to create and send the cookie header yourself, expire sessions, write the session identifiers to the db etc.

You can see the php session functions here along with various examples.
[php.net...]

roclimb

5+ Year Member



 
Msg#: 4419867 posted 7:40 am on Feb 23, 2012 (gmt 0)

Thanks,

What if I dot want to use a cookie and just want to retrieve the session data from the DB somehow? Is that possible?

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4419867 posted 9:04 am on Feb 23, 2012 (gmt 0)

Yes it is possible, but not used often. You create a unique identifier which is appended with the URLs and stored in the db. When a page request is made you check the identifier against the db record for a match. The db record contains the session data which you can then process.

This was used in the past on hosts with a shared SSL as during the transition between secure and non-secure pages the domain is different and another cookie needs to be sent for the secure domain. It's not a preferred method as the identifier is exposed with the links for the session lifetime, thus it can be hijacked.

roclimb

5+ Year Member



 
Msg#: 4419867 posted 10:29 pm on Feb 23, 2012 (gmt 0)

good to know, I won't be using that method then.

Thanks a bunch for the help
Rob

Mr_Cat

5+ Year Member



 
Msg#: 4419867 posted 10:42 pm on Feb 29, 2012 (gmt 0)

Why bother referenceing the database whenever you want the info and stashing extra info in it for the purpose?

I do this all the time with a simple script I nicked from a tutorial and don't profess to be any kid of expert as said script has casued me grief (sorted now) but if you require a person to log in then your login script will check the members table for username, user email, ID etc etc

once that's done you can pass all that to session variables with


$row = mysql_fetch_array($query_result);

$username = $row['username'];...

$_SESSION['user_name'] = $username
$_SESSION['user_email'] = $...
$_SESSION['member_ID'] = $...


then every time you use 'session start' on a page this will work provided the user is logged in...

you can say echo "Hi " . $_SESSION['user_name'] . ", your email is" ect

or have I missed something?

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4419867 posted 9:58 am on Mar 1, 2012 (gmt 0)

or have I missed something?

Yes first of all you need the session identifier somewhere stored after you generate it. If you neglect it, the default PHPSESSIONID can contain any identifier let alone the name is well known. For instance the browser can set a cookie of PHPSESSIONID to 1 and your code will accept it as it stands. So you need to validate the identifier with each request especially if your domain holds personalized info. You could use session_regenerate_id right after the login is processed to create a new identifier right after the login takes place and store the new one.

And because the sessions have quite some differences between PHP versions and host environments I use totally custom ones.

Mr_Cat

5+ Year Member



 
Msg#: 4419867 posted 6:28 pm on Mar 1, 2012 (gmt 0)

Blimey, that all went right over my head, back to school for me. now I'm really worried how (and why!) my login script works! :)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved