Session data-How can i use it for stuff??

TimmacJa_k

Hi!

I've got this checklogin.php script (below). It uses a session with no cookies.

And was wondering what the best way to access this data, from other pages, would be?

As once the user has logged in, I would like to display their username on all other pages.
Do I need to set a cookie?
Is there a way I can do it without a cookie?

Script:

$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="acm_members"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$myusername=htmlentities($_POST['myusername']);
$mypassword=htmlentities($_POST['mypassword']);

$encrypted_mypassword=md5($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:ACM_NEWBEG_loginsuccess.php");
}
else {
header( "location:ACM_NEWBEG_loginWRONG.php" );
}

Thanks in advance. This is really slowing me down, any help would be sweet.

Take care,
Tim

TimmacJa_k

Oops
It was not my intention to double post. I had passwords displayed, but alas I discovered they could be edited as too this message could.

Carry on,
Thanks

stolzyboy

first of all, stay away from session_register... simply(once you've created a session with session_start()), use $_SESSION['myusername'] = "whatever_from_mysql";

after that, if you start the session on any other pages and echo out $_SESSION['myusername'], it'll display their username

TimmacJa_k

Thanks heaps stolzyboy for the fast reply.

I'm grasping most of what you are saying. 😉

simply(once you've created a session with session_start()), use $_SESSION['myusername'] = "whatever_from_mysql";

It's just a bit hazy as to how I implement this structurly...
Also to, how do I pull out the username from mysql...

Thanks I'll have a go at this anyway in the morning,
Cheers mate,

rulian

Well, you you basically pull the information first from the database and then regiser it

for example

<?PHP
//// starting the session
session_start(); 

/// connect to DB
include("connect.php"); 

/// if user submitted a username and password 
/// just an example, this is by no means a secure script
if ((isset($_POST["user"])) && (isset($_POST["pass"]))) { /// execute whats in this bracket
	/// pull info based on username/password combo
	$info=mysql_query("SELECT * FROM `myusers` WHERE `user` = '".$_POST["user"]."' AND `pass` = ''".$_POST["pass"].""); 
	/// check to see if it found the login info
		if (mysql_num_rows($info) == 1){ if it found only 1 entry, execute this bracket
		/// SETTING the SESSION Variables
		$_SESSION["name"]=mysql_result($info, 0, 'MyName');
		$_SESSION["email"]=mysql_result($info, 0, 'MyEmail');
		}
}



?>

Now, on any other page, you can simply go echo $_SESSION["name"]; to display the users name or any other information

TimmacJa_k

Thanks for the coded reply Rulian this should no doubt help.
regards,
tim