Forum Moderators: coopster
I have to apologise first off if this is a dumb question but here goes.
I am working on a memebship section for a website and I am trying to set session variables from records in a MySql database when the user logs in. I think I am missing something because try as I might the just don't work!
The sever I use had Glabal variables turned on, dont know if thats anissue in this case.
Heres the code on the check user page:
<?php
session_start();
include '../Connections/db.php';
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM tblUsers WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('fName');
$_SESSION['fName'] = $first_name;
session_register('lName');
$_SESSION['lName'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('user_level');
$_SESSION['user_level'] = $user_level;
mysql_query("UPDATE users SET last_login=now() WHERE password='$password'");
header("Location: login_success.php");
}
} else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
Please try again!<br />";
include 'user_login.htm';
}
?>
The login is fine and the last_login is set ok, but is the sessionas that done work.
Any ideas?
Thanks
Welcome to WebmasterWorld (where there are NO dumb questions)!
Well to address your question I think you need something like this for all your sessions variables.
$_SESSION['fName'] = $row['first_name'];
$$key = stripslashes( $val );
Get rid of the session_register lines (I see four of them in there) and you should be good to go...
While I'm making dumb comments...
- I would imagine the select statement will always only return 1 row or nothing (as long as username is unique) so why use a while loop to get the row?
- Wouldn't it be better to use stripslashes before you put the info in the database and therefore you wouldn't need to use it (more often) when pulling it out?
Just some minor thoughts...
I would imagine the select statement will always only return 1 row or nothing (as long as username is unique) so why use a while loop to get the row?
Good point, I noticed that too, but forgot to comment. extract() [php.net] would work nicely here:
// Replace all of this:
// while($row = mysql_fetch_array($sql)){
// foreach( $row AS $key => $val ){
// $$key = stripslashes( $val );
// }
// ... with this:
extract(mysql_fetch_array(mysql_query($sql)));
Wouldn't it be better to use stripslashes before you put the info in the database and therefore you wouldn't need to use it (more often) when pulling it out?
It's not quite that easy. Certain characters often need to be escaped when writing to the table so the slashes are often necessary. It all comes down to the configuration setup. There was a good discussion on Magic Quotes [webmasterworld.com] a bit back that should clarify things...
I was wondering, in the line
$$key = stripslashes( $val );
should $$key have 2 x $?
Thanks
Variable variables [php.net]
I have replaced the original code section with this:
if($login_check > 0){
extract(mysql_fetch_array(mysql_query($sql)));
// Register some session variables!
$_SESSION['userId'] = $userId;
$_SESSION['fName'] = $fName;
$_SESSION['lName'] = $lName;
$_SESSION['email_address'] = $email_address;
$_SESSION['user_level'] = $user_level;
}
But I am now gerring the following error messages
Warning: Supplied argument is not a valid MySQL result resource /test_html/login/checkuser.php on line 30
Warning: extract() expects first argument to be an array in /test_html/login/checkuser.php on line 30
Any ideas?
Thanks again
$login_check = mysql_num_rows($sql);
if($login_check > 0){
extract(mysql_fetch_array($sql));
// Register some session variables!
...
}
