PHP login and get user information

2018-06-24 22:16:16

Question: How can I get the user information when the user successfully login?

Here is my login.php code

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
  $username = $_POST['username'];
  $password = $_POST['password'];
  // mysql connect function here....
  // mysql query here....
  $sql = "SELECT * FROM user_accounts WHERE username = '$username' and password = '$password'";
  $result = mysql_query($sql);
  $count = mysql_num_rows($result);

  if($count == 1) {
    session_register(username);
    session_register(password);
    header('location: index.php');
  }
  else {
    $error = "Invalid Username or Password Please Try Again";
  }

}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?=$error=?>
Username : <input type="text" name="username">
Password : <input type="password" name="password">
<input type="submit" />
</form>

and here is my index.php code

<?
  session_start();
  if(!session_is_registered(username)){
  header("location:login.php");
  }
$username = session_is_registered(username);
  $password = session_is_registered(password);
echo $username;
  echo $password;
  ?>

Example: This is the database info.

User ID  --> 001
Username --> admin
Password --> admin

When I echo $username and $password the result for username = 1 and for password = 1. I wanted the result is username = admin and password = admin.

How can I get the username and password that logs? cause I need it to be query so I can get his/her eg First Name, Last Name.
I already get this but I forgot on how to do it. =)

Thank You so much for your replies. =)

You already have username and password coming from the POST array, you can store them in session like this:

session_start(); // this will go on top of the page
.........

if($count == 1) {
    session_register(username);
    session_register(password);

    $_SESSION['username'] = $_POST['username']; // store username
    $_SESSION['password'] = $_POST['password']; // store password

    header('location: index.php');
  }
  else {
    $error = "Invalid Username or Password Please Try Again";
  }

Later you can get them like:

echo $_SESSION['username'];
echo $_SESSION['password'];

Note that you should destroy them in session logout file.

Note 2 session_register has been DEPRECATED as of PHP 5.3.0. Simply use $_SESSION array for storing your values.

You're using the old session functions and you're using them wrong. Let me show you how to do it only with the $_SESSION array. Note that session_register() and session_is_registered() are deperecated functions as of PHP 5.3, which means that they could get removed later. Also you should always escape input coming from the user, when you want to use it in queries. You might want to use prepared statements, PDO or mysqli.

<?php
    // login.php
    session_start();
    if($_SERVER['REQUEST_METHOD'] == 'POST') {
        // mysql connect function here.... (moved up here)
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['password']);
        $sql = "SELECT * FROM user_accounts WHERE username = '$username' AND password = '$password'";
        $result = mysql_query($sql) or die( "MySQL Error: ".mysql_error() );
        $user = mysql_fetch_assoc($result);
        if($user !== false) {
            $_SESSION['username'] = $user['username'];
            $_SESSION['password'] = $user['password'];
            header('Location: index.php');
        } else {
            $error = "Invalid Username or Password Please Try Again";
        }
    }
?>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?=$error=?>
Username : <input type="text" name="username">
Password : <input type="password" name="password">
<input type="submit" />
</form>

Note the mysql_real_escape_string() function and the use of the $_SESSION superglobal in the above example.

<?php
    // index.php
    session_start();
    if(!isset($_SESSION['username'])) {
        header("Location: login.php");
    }
    $username = $_SESSION['username'];
    $password = $_SESSION['password'];
    echo $username;
    echo $password;
?>

You can use isset() instead of session_is_registered() to check if a session value has been set or not.

session_is_registered is boolean so it would check if it was set not get it.

You would want $username = $_SESSION['username']; and

$password= $_SESSION['password'];

Try not to use username and password as session names though.

I've found that it is already by mysql and stores the mysql username and password in sessions

Edit :

Also session_register is deprecated

链接地址: http://www.djcxy.com/p/69802.html

上一篇: 获取当前脚本文件名称

下一篇: PHP登录并获取用户信息