如何从已登录用户的数据库中提取数据？

Question

I will try to keep this post as simple as possible while including as much information as I can to assist you in helping me. Just as a forewarning, I am extremely new to PHP/Mysqli and over the course of the last week put together an internal data site for our company to make our jobs easier.

I have completed the user login process and it seems to be working quite well. If the user is not logged in, they can not see the PHP pages of the site and are redirected accordingly. Now that I have this part working. I am trying to incorporate a site identifier that shows their first and last name as well as a photo of them. The placeholders are already setup but I have not been very successful in getting this to work. I did, however, add a "Welcome "Email" message at the time by pulling the session data.

I will list the code that I am currently using below:

LOGIN PAGE:

<?php
require('../inc/db.inc.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['user_email'])){

    $email = stripslashes($_REQUEST['user_email']); // removes backslashes
    $email = mysqli_real_escape_string($con,$email); //escapes special characters in a string
    $password = stripslashes($_REQUEST['user_pwd']);
    $password = mysqli_real_escape_string($con,$password);

//Checking is user existing in the database or not
    $query = "SELECT * FROM `users` WHERE user_email='$email' and user_pwd='".md5($password)."'";
    $result = mysqli_query($con,$query) or die(mysql_error());
    $rows = mysqli_num_rows($result);
    if($rows==1){
        $_SESSION['user_email'] = $email;
        header("Location: ../index.php"); // Redirect user to index.php
        }else{
            echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
            }
}else{
?>

DB PAGE:

<?php

$con = mysqli_connect("localhost","root","","dbadmin");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
?>

SECURITY ON EACH PAGE:

<?php
include("pages/auth.php"); //include auth.php file on all secure pages
?>

AUTH PAGE:

<?php
session_start();
if(!isset($_SESSION["user_email"])){
header("Location: login.php");
exit(); }
?>

CODE USED TO DISPLAY EMAIL: ( only code I was able to get working)

<p>Welcome <?php echo $_SESSION['user_email']; ?> 

I hope that one of you Guru types see that and know exactly how to get what I am looking for, or at least point me in the right direction. I have been searching the internet fir what seems like days reading all of the tutorials that I can find but I have not been able to successfully make anything work. I have found the following code but each time I try to add it to my code, it breaks the site.

$row = mysql_fetch_array($result);

Please assist if you are able. Thanks in advance.

Answer 1

Go to your login page where you check if row is equal 1, do this, change this

$_SESSION['user_email'] = $email;

To this

$_SESSION['user'] = $result->fetch_assoc();

Then do this

<p>Welcome <?php echo  $_SESSION['user']['firstname']; ?></p>

Answer 2

Not a direct answer to your questions, but if are new to php, I would advise you to use one of the popular framework of php that already provide what you are looking for, and more, in a secure way, with secured libraries.

for example laravel or symfony.

Those are very well documented, and you will learn much more checking their documentation and tutorial than trying to reinvent the wheel here.