How to retrieve information from a MYSQL DB based on currently logged user credentials
Question
I'm sorry if the title for this question is a bit ridiculous but I really couldn't come up with anything better.
Now then, what I'm essentially attempting to do is the following:
Have a user log in and be re-directed to a page with a form in it, once the user fills out the form, an email is sent to both the user and a mailing list.
Now, in the database I obviously have username and password, and along with those two rows I also have a corresponding email.
I don't want the user to type in his email, I want to somehow access the database row containing the email and have the email sendscript automatically fill in the from field with the user's email.
I'm really sorry if the order I posted the code in has you jump around a lot, I'm not really sure what order makes the most sense.
Code that validates the log-in:
require 'Mysql.php';
class Membership {
function validate_user($un, $pwd) {
$mysql = New Mysql();
$ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);
if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
header("location: index.php");
} else return "Please enter a correct username and password";
}
function log_User_Out() {
if(isset($_SESSION['status'])) {
unset($_SESSION['status']);
if(isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time() - 1000);
session_destroy();
}
}
function confirm_Member() {
session_start();
if($_SESSION['status'] !='authorized') header("location: login.php");
}
}
Code accessing the database to retrieve the username and password:
require_once 'includes/constants.php';
class Mysql {
private $conn;
function __construct() {
$this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or
die('There was a problem connecting to the database.');
}
function verify_Username_and_Pass($un, $pwd) {
$query = "SELECT *
FROM members
WHERE usr = ? AND pass = ?
LIMIT 1";
if($stmt = $this->conn->prepare($query)) {
$stmt->bind_param('ss', $un, $pwd);
$stmt->execute();
if($stmt->fetch()) {
$stmt->close();
return true;
}
}
}
}
In the email script: mail ( "$row", "test", $messagebody, "From: Website@site.com");
And finally below is the code I currently have sitting above the page that holds the form:
<?php
require_once 'classes/Membership.php';
require_once 'includes/constants.php';
$membership = New Membership();
$membership->confirm_Member();
session_start();
if (isset($_SESSION['username']));
$username = $_SESSION['username'];
$dbc = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME);
$query = "SELECT email FROM members";
$result = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($result);
?>
I have the actual log-in system functioning, it rejects incorrect user and pass combinations, accepts correct ones and redirects to the form, it's just the mailing part that I have literally no idea how to do. The code I have for it has literally been pieced together from hours of googling, which really shouldn't surprise me when it doesn't work.
Any help would be greatly appreciated. (Please pretend I'm as simple as possible when posting replies, programming literally makes my head hurt)
1 answers
solution1
0 2012-08-30 22:25:49
You did it partially right. You used session. But keeping "authorized" is (as you can see) pretty useless. Why not keep profile of logged in user? In general you check if you got "profile" in session. If you do, then it means it is authorised used. If not, then it isn't. Same effect, but now it is more useful. So keep user referecen (usually his unique Id or even whole profile fetched from DB, so you save yourself some queries), so on other pages you could simply fetch his profile based on id you got from session and prefill form with email or his name or whatever
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.