SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,656
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    my login system woes

    I am using php/mysql to create a login system. I have the following users table

    CREATE TABLE `users` (
    `id` smallint unsigned NOT NULL auto_increment,
    `username` varchar(100) NOT NULL default '',
    `password` varchar(100) NOT NULL,
    `session_id` varchar( 32 ) NULL,
    `email` varchar(75) NOT NULL default '',
    `regdate` date NOT NULL,
    `regip` varchar(30) NOT NULL default '',
    `active` tinyint NOT NULL,
    `isAdmin` tinyint NOT NULL default '0',
    UNIQUE (`email`),
    PRIMARY KEY (`id`)
    );

    to hold the data of each registered user (who fills out)
    http://fixmysite.us/masterasp/register.php
    Once the form is filled out, the database is updated. I want a welcome message so the user is welcomed by name once they are logged in, This is t he code I have so far, but I dont know how to retrieve the username
    PHP Code:
    <?php
    // Run a quick check to see if we are an authenticated user or not  
    // First, we set a 'is the user logged in' flag to false by default.  
    $isUserLoggedIn false;  
    $session session_id();
    $query "SELECT * FROM users WHERE session_id = '".$session."' LIMIT 1";  
    $userResult mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
    if(
    mysql_num_rows($userResult) == 1){  
        
    $_SESSION['user'] = mysql_fetch_assoc($userResult);  
        
    $isUserLoggedIn true;
        echo 
    "Welcome";
        echo 
    "<ul>";
        echo 
    "<li><a href=\"/masterasp/logout.php\">Logout</a></li>";
        echo 
    "</ul>";
    } else {  
        echo 
    "<ul>";
        echo 
    "<li><a href=\"/masterasp/login.php\">Login</a></li>";
        echo 
    "<li><a href=\"/masterasp/register.php\">Register</a></li>";
        echo 
    "</ul>";
    }
    ?>
    "Oh, and Jenkins--apparently your mother died this morning."

  2. #2
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,506
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    If the users table contains the username, then you already retrieved it.
    Do a var_dump of $_SESSION['user'] and see what it contains.

  3. #3
    SitePoint Zealot
    Join Date
    Jun 2010
    Location
    Arizona
    Posts
    109
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That code seems ripe for abuse. You should look into using PDO for its input sanitization features. Dumping SQL queries onto the wire is also not a good idea except on a temporary basis to quickly diagnose an issue.

    var_dump($_SESSION["user"]) will output what you have stored in the variable, but I'd wager a guess that you want to output htmlspecialchars($_SESSION["user"]["username"]). Don't forget to sanitize output to the browser from the database just in case something bad gets in your database like Javascript.
    Thomas Hruska

    Single Sign-On Server/Client - The PHP login system that rocks.

  4. #4
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,656
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    ok, thanks
    "Oh, and Jenkins--apparently your mother died this morning."

  5. #5
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    930
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by thruska View Post
    That code seems ripe for abuse. You should look into using PDO for its input sanitization features.
    There's no need switch to PDO for any 'sanitization' features since the standard mysql library also has them. It's correct that the OP doesn't use them but in this particular case his query is pretty safe because there's no need to sanitize session_id().


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •