Problem!

MBK

All, I have the following problem, any help or suggestions would be appreciated.

I have a login page that requires a user name and password, if all is correct then the user starts a session and is passed to a secure page.
I then need there to be an option for the user to edit the details that they have registered, i.e name address etc.

I am having a problem finding a way to get their username or any information from either the login page or anywhere without them re-entering it so I can let them edit their info.

Any ideas? Would posting the script help any further?

Thanks. MBK

stuartc1

Usually when you do the validation, you check there username and password against the records in the database, if found then start the session. When you start the session you set a session variable with the database records unique id as the value. You can now use this variable to retrieve all the users details from the database.
Hope this is what you are looking for.

MBK

I registered the session, and then I registered the session using the users username.

How then do I retrieve the variable, as it isn't posted on in any way?

<?

$f_user=$_POST['f_user'];
$f_pass=$_POST['f_pass'];

//login.php - performs validation.

//authenticate using form variables
$status = authenticate($f_user, $f_pass);

// if user/pass combination is correct
if ($status == 1)
{
//initiate session
session_start();

//register some session variables
session_register("SESSION");

//including the username
session_register("SESSION_UNAME");
$SESSION_UNAME = $f_user;

//redirect to protected page
header("Location: /secure.php");
exit();
}
else
// user/pass check failed
{
//redirect to error page
header("Location: /secure/error.php?e=$status");
exit();
}

// authenticate username/password against a database
// returns: 0 if username and password is incorrect
// 1 if username and password are correct

function authenticate($user,$pass)
{
$db_host = "localhost";
$db_user = "root";
$db_name = "dbname";

$connection = mysql_connect($db_host, $db_user) or die("unable to connect");

$query="SELECT id from user where user = '$user' and pass = MD5('$pass')";

mysql_select_db($db_name);

$result=mysql_query($query, $connection) or die("error in query: $query. " . mysql_error());

if (mysql_num_rows($result) == 1)
{
return 1;
}
else
{
return0;
}
}

?>

This is the script that checks the users login and password and then if all is correct redirects them to the secure page.
Once on the secure page, how do I then retrieve the username or user details?

Wave

at first, about user details.

somethink like this in secure.php :

session_start();

$user = $HTTP_SESSION_VARS['SESSION_UNAME'];

$db_host = "localhost";
$db_user = "root";
$db_name = "dbname";

$connection = mysql_connect($db_host, $db_user) or die("unable to connect");

mysql_select_db($db_name);

$user_data = mysql_fetch_assoc(mysql_query("SELECT  * from user where user = '$user'"));

you have all your user data in $user_data assoc. array.

and at second - what if user type http://www.yoursite.com/secure.php in browser addres bar?

MBK

Wave,
Thanks for that, the thing I didn't know was how to transfer the Session_name from one page into another.

I now understand that,

If the user types the address into the browser bar, then the page secure.php checks to see if the session is already registered, if so it will allow connection, otherwise it will return to the login page.

Thanks.

MBK

OK!

So now I have my info stored in an array, how do I extract certain parts of it? say I wanted to extract data from a column labelled password, how would I do it?

Wave

you can do this

echo $user_data['password'];

or this, if you need check entire array structure

echo "<pre>";
print_r($user_data);
echo "</pre>";

btw, using arrays can save you a lot of time. it's easy, really easy.