[RESOLVED] Using session data to display data

phatpappy

Hello all!

I've been using php now for close to a month, trying to build a website and crazy login and authentication system (learning new stuff is always a blast!). Well, I've followed tutorials, I've read the php manual, at least the parts I can handle and I've done pretty well, I have everything from password encryption to the use of sessions to keep users logged in from the mysql data (not exactly sure how it works) but it all works. My trouble is, I want users to check, and update their registration info. I have the script to display ALL entries, but what I want to do, is have users see only their data, now I don't know if I can call on their session userid to do this, or what steps I have to take, all the info I have found seems t be when the administrater wants to update user info. A point in the right direction would be nice.

Thanks alot! I hope to learn alot while I am here!😃

wilku

phatpappy wrote:
(not exactly sure how it works)

There is your problem. Try to understand what the code does and the solution will present yourself. To point you into the right direction: when your script displays data for all users it probably queries your database similar to

SELECT * FROM users

For only the user that is logged in, this should be changed to

SELECT * FROM users WHERE user_id='user_id_stored_in_a_session'

The rest of the code depends on what you already have.

phatpappy

Well, being a learning experience, I'd love to understand the code perfectly right off the bat, but I'd guess its more of the syntax. I understand how to query, and I understand the code used to query, but what you said

For only the user that is logged in, this should be changed to

Code:
SELECT * FROM users WHERE user_id='user_id_stored_in_a_session'

The only problem with that, I do not see the term 'stored_in_a_session' in php.net, google, or anything.

This is more along the lines of what I have where the login creates the session

function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $query = "select salt from user where username='$username' limit 1";
     $result = mysql_query($query);

 if (mysql_num_rows($result) > 0)
 { 
      // Get the user
      $user = mysql_fetch_array($result);

      // Using the salt, encrypt the given password to see if it 
      // matches the one in the database
      $encrypted_pass = md5(md5($password).$user['salt']);

      // Try and get the user using the username & encrypted pass
      $query = "select userid, username from user where username='$username' and password='$encrypted_pass'";
      $result = mysql_query($query);

      if (mysql_num_rows($result) > 0)
      {
           $user = mysql_fetch_array($result);

           // Now encrypt the data to be stored in the session
           $encrypted_id = md5($user['userid']);
           $encrypted_name = md5($user['username']);

           // Store the data in the session
           $_SESSION['userid'] = $userid;
           $_SESSION['username'] = $username;
           $_SESSION['encrypted_id'] = $encrypted_id;
           $_SESSION['encrypted_name'] = $encrypted_name;

           // Return ok code
           return 'Correct';
      }
      else
      { 
           return 'Invalid Password';
      }
 }
 else
 {
      return 'Invalid Username';
 } 
}

I understand the salt as the encryption, I understand how it works to match the username and encrypted password. What it comes down to is, I am not sure how to call on the session userid to have it display only those results. I don't know if i call on the userid or encrypted userid, or if I have to unencrypt the session data to call against mysql, and the implications of doing any of those choices.

wilku

'user_id_stored_in_a_session' is an apparently not so descriptive way of saying 'use your own userid stored in a session'. In your example it would be $_SESSION['userid'], although I don't see where it is set in the code you have provided ($userid is empty - $user['userid'] is what you'd want to use instead).
You have written, that you have a script that shows all users - use the above sql statement in that script to show logged user data only.

phatpappy

Awesome! I got this going! Thank you for a little brain juice...between Finals week and php/html syntax I needed that. Thank you for your help Wilku