Track User Activity Using Login Table

salientanimal

Hi everyone.

I'm really hoping someone can help me here as I have search all over for a solution but no luck.

I have a php website the runs off of a MySQL database. There is a login screen where all users login and get autenticated by the user table. Once logged in users capture various types of information on forms that get submitted to different tables within the database. I would like the login to be carriered through the session and automatically be captured into the form and saved to the table that the form is beig submitted to so that I will be able to track user activity on certain forms. I'm not sure what additional information you require me to provide to help with the solution.

bradgrafelman

What have you tried? It sounds as if all you're wanting is a simple session value to be included in the forms, so when the user logs in simply call [man]session_start/man and store whatever value(s) you want in the $_SESSION array, using that same array later in your INSERT queries.

salientanimal

Hi Bradgrafelman

Yes I do believe I am looking for the simple $SESSION array however I can not seem to get the Insert query to work correctly. I have tried the $SESSION as well as $_COOKIE, but I think I might be using the quiery incorrectly.

bradgrafelman

salientanimal;10969273 wrote:
I have tried the $SESSION as well as $COOKIE, but I think I might be using the quiery incorrectly.

Can you show us the code you're using to both store the required information into the session as well as the code you're using to execute the INSERT query?

salientanimal

I have removed most of the code relating to the sessions storage as I just couldn't get it to work. So the code below is what I am currently using as I couldn't find anything that worked
This is my code that currently authoises the user against the userinfo table:

<?php
        session_start();
		$_SESSION['id'] = $id; 
        include "mysql.php";
		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection
        $_POST['password'] = addslashes($_POST['password']); // same ^^
        $password = ($_POST['password']); // encrypt the password
        $userrow = mysql_query("SELECT * FROM `userinfo` "
		. "WHERE `username` = '" . $_POST['username'] . "'"
		. " AND `password` = '" . $password . "';",$mysql);
        if(mysql_num_rows($userrow) != "1"){


            // no rows found, wrong password or username
            echo "<font color='red' face='Tahoma' size='2'><b>Please verify the username and/or password entered!</b></font>";
            include "login.php";
    } else {
            // 1 row found exactly, we have the user!

			$_SESSION['id'] = $id; 
			echo "<font color='red' face='Tahoma' size='2'><b>$id</b></font>";
            header("Location: home.php");
    }
?>

The form is a basic php file which then uses an external php file to write to the other table. Below is an example of the code of one of th forms:

<?php
$con = mysql_connect("localhost","root","U$3r");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("mydatabase", $con);

$sql="INSERT INTO billing_tracker 
(champ
,customer_name
,customer_email_address
,case_number
,id_number
,msisdn
,route_cause
,escalatedto
,province
,comments)

VALUES
('$_POST[champ]'
,'$_POST[customer_name]'
,'$_POST[customer_email_address]'
,'$_POST[case_number]'
,'$_POST[id_number]'
,'$_POST[msisdn]'
,'$_POST[route_cause]'
,'$_POST[escalatedto]'
,'$_POST[province]'
,'$_POST[comments]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "<b><font color='red' face='segoe' size='2'>1 record added</b></font>";
include "billing_tracker.php";

mysql_close($con)

?>