so i have this database along with this code. this codes will enable a user to login to a page with session.
LOGIN FORM(login.php)
<?php
require("common.php");
$submitted_username = '';
if(!empty($_POST))
{
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$login_ok = false;
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password'])
{
$login_ok = true;
}
}
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: private.php");
die("Redirecting to: private.php");
}
else
{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
?>
<h1>Login</h1>
<form action="login.php" method="post">
Username:<br />
<input type="text" name="username" value="<?php echo $submitted_username; ?>" />
<br /><br />
Password:<br />
<input type="password" name="password" value="" />
<br /><br />
<input type="submit" value="Login" />
</form>
<a href="register.php">Register</a>
Session(common.php)
<?php
// These variables define the connection information for your MySQL database
$username = "root";
$password = "";
$host = "localhost";
$dbname = "phplogin";
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
try
{
$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
}
catch(PDOException $ex)
{
die("Failed to connect to the database: " . $ex->getMessage());
}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
function undo_magic_quotes_gpc(&$array)
{
foreach($array as &$value)
{
if(is_array($value))
{
undo_magic_quotes_gpc($value);
}
else
{
$value = stripslashes($value);
}
}
}
undo_magic_quotes_gpc($_POST);
undo_magic_quotes_gpc($_GET);
undo_magic_quotes_gpc($_COOKIE);
}
header('Content-Type: text/html; charset=utf-8');
session_start();
?>
Display page(private.php)
<?php
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: login.php");
die("Redirecting to login.php");
}
?>
<?php
$query = "
SELECT
id,
username,
email,
task,
task_name
FROM users
";
try
{
$stmt = $db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$rows = $stmt->fetchAll();
?>
<h1>Memberlist</h1>
<table border='1'>
<tr>
<th>User</th>
<th>E-Mail Address</th>
<th>Task Name</th>
<th>Task Description</th>
</tr>
<?php foreach($rows as $row): ?>
<tr>
<td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($row['task_name'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($row['task'], ENT_QUOTES, 'UTF-8'); ?></td>
</tr>
<?php endforeach; ?>
</table><br />
what i wanted to do is to display the data of the user who is currently login. for example is when user1 logged in every details in his profile lng username, email, task, and task name will be displayed but in my code it will display everyones detail.
Your select
query is wrong
$query = "
SELECT
id,
username,
email,
task,
task_name
FROM users WHERE username = '".$_SESSION['user']['username']."'
";
no need of foreach
<tr>
<td><?php echo htmlentities($rows['username'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($rows['email'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($rows['task_name'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($rows['task'], ENT_QUOTES, 'UTF-8'); ?></td>
</tr>
In your private.php page change the query something like this :
$query = "
SELECT
id,
username,
email,
task,
task_name
FROM users
WHERE id = '".$_SESSION['user']['id']."'
";
Here $_SESSION['user']['id']
Contains the id of logged in user, So only fetch the details of that user using WHERE
in mysql.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.