PHP, Only select logged in username from database

Question

I basically want it to select only the current user thats logged in and then display there username and points instead it displays ALL users in the database

This is the code that displays it

    <?php
include("connect.php"); // Includes the file connect.php to connect to database
session_start(); // Starting session cookies
if($_SESSION['LOGGEDIN'] == 1)  //Checking if they have the session cookie
{


$result = mysql_query("SELECT * FROM userdata");

echo "<table border='1'>
<tr>
<th>Username</th>
<th>Points</th>
</tr>";

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['username'] . "</td>";
  echo "<td>" . $row['points'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
}

else
{
    echo "<title>Error!</title>";
    //Doesn't have session cookie
    echo "YOU ARE NOT LOGGED IN!";
}
?>

Answer 1

Well you are selecting the entire table.

Simply change it to

$result = mysql_query("SELECT * FROM `userdata` WHERE `username`='".$_SESSION["LOGGEDIN"]."' LIMIT 1");

Note that you should change your session variable LOGGEDIN to contain the username of the logged in user, or use another session variable and replace my reference to LOGGEDIN in my above line of code.

For instance, in your login script, rather than doing something like this:

if($_POST["user"] == $user and $_POST["password"] == $pass)
$_SESSION["LOGGEDIN"] = 1;

Do this:

if($_POST["user"] == $user and $_POST["password"] == $pass)
$_SESSION["LOGGEDIN"] = $user;

If you do use LOGGEDIN , you will need to update your initial if clause so that it doesn't check to see if it equals one, but instead checks if it is set:

if(isset($_SESSION["LOGGEDIN"]))

So your file should look something like this:

<?php
include("connect.php"); // Includes the file connect.php to connect to database
session_start(); // Starting session cookies
if(isset($_SESSION['LOGGEDIN']))  //Checking if they have the session cookie
{


$result = mysql_query("SELECT * FROM `userdata` WHERE `username`='".$_SESSION["LOGGEDIN"]."' LIMIT 1");

echo "<table border='1'>
<tr>
<th>Username</th>
<th>Points</th>
</tr>";

while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['points'] . "</td>";
echo "</tr>";
}
echo "</table>";

mysql_close($con);
}

else
{
    echo "<title>Error!</title>";
    //Doesn't have session cookie
    echo "YOU ARE NOT LOGGED IN!";
}
?>

Answer 2

<?php 

        include("connect.php");
        $email= $_POST['userid'];
        $password= $_POST['password1']; 
        $papas=base64_encode($password);
        $check = $_POST['rememberme'];      
            $tablename="userdata";
        $select_qry = $jeob->SqlQuery("SELECT * FROM ".$jeob->dbprefix.$tablename." WHERE email ='$email' AND password ='$papas' AND active_link='1' ");
            if($jeob->SqlRows($select_qry) == "0"){                 
             echo "Invalid Username and Password";
            } else {

            $getuser = $jeob->SqlFetch($select_qry);
            $_SESSION['userid'] = $getuser['user_id'];  
            $_SESSION['oauth_provider'] = "normal";
            $_SESSION['email'] = $getuser['email']; 
            }
                if($_SESSION['userid'] == ""
                {
                echo "You are not logged in";
                }
                else
                {
                Welcome "Fetch username using the session id or emial"
                }
    ?>

Hope this is useful to you