directed page retrieve user_id from login page

#1

When a user login, he/she will be directed to the page based on his/her user type… I’ve already accomplished that.

Now, how to make the page recognize the user_id(auto-increment from user table) so that i can post some of the user information and so on?

function.php

[CODE]<?php
function checkUserType($type)
{
switch($type)
{
case ‘admin’:
$page = ‘admin.php’;
break;

	case 'student':
	$page = 'student.php';
	break;
	
	case 'lecturer':
	$page = 'lecturer.php';
	break;
	
	case 'parents':
	$page = 'parents.php';
	break;
}

header('Location: '.$page); //You may need to edit the path to suit your folder structure.
exit();

}

function checkUserStatus($actual_page)
{
//First check to make sure the $_SESSION[‘type’] is set, if it’s not then they haven’t logged in so redirect back to login screen
if(!isset($_SESSION[‘type’]))
{ header(‘Location: index.php’); }
else
{
if($actual_page == $_SESSION[‘type’]){}
else{ checkUserType($_SESSION[‘type’]); }
}
}
?>[/CODE]

index.php (login page)

[CODE]<?php session_start(); ?>

Login Form
<tr>
	<td align='center'>Username:</td>
	<td><input type='text' name='username' /></td>
</tr>

<tr>
	<td align='center'>Password:</td>
	<td><input type='password' name='pass' /></td>
</tr>

<tr>
	<td colspan='5' align='center'><input type='submit' name='login' value='Log In' /></td>
</tr>

</table>
<?php mysql_connect("localhost","root",""); mysql_select_db("class_attendance");

if(isset($_POST[‘login’])){
require_once(‘function.php’);
$username = $_POST[‘username’];
$password = $_POST[‘pass’];

$check_user = "select * from user where username='$username' AND pass='$password'";

$run = mysql_query($check_user);

if(mysql_num_rows($run)>0){
$results = mysql_fetch_assoc($run);
	$_SESSION['user_id']=$id;
    $_SESSION['type'] = $results['type'];
checkUserType($results['type']);
}
else {
echo "<script>alert('Username or Password is incorrect!')</script>";
}

}

?>

[/CODE]

student.php

[CODE]<?php
session_start();
require_once(‘function.php’); //Set this to what ever page you include that holds all your functions so that we can use the checkUserStatus()
checkUserStatus(‘student’);
?>

Student Page

Logout

[/CODE]

Member Login

#2

Line 48 in index.php
[php]$_SESSION[‘user_id’]=$id;[/php]

So in student.php you could just do something like this
[php]
$studentId = !empty($_SESSION[‘user_id’]) ? $_SESSION[‘user_id’] : null;
$studentInfo = getStudentInfoFromId($studentId);[/php]

the function must of course fetch and return the data from the DB.

Be warned that your code is highly vulnerable to sql injection.

#3

thanx for replying…

so what do you mean by the function must of course fetch and return the data from the DB?

and i think i need to set this getStudentInfoFromId 1st right because $studentInfo couldnt read it…

#4

That you should make a function/method that accepts a user id, does a sql query and returns the user data.

No it should be in the order I wrote it.

#5

ok i will try… so this function i must make it in the index.php?
and i dont need to edit something in the function.php right as its for detecting my user type?

#6

You are going to call the function in student.php so you need it in the scope there, if you have it in student.php or functions.php is irrelevant :slight_smile:

#7

ok i have no idea how to write it… =,=

Well if u dont want to spoon-fed me, giving me just the format also i’ll be appreciated…

#8

Just started PHP/programming? ^^

you have already written a function in functions.php, and you have a sql query in index.php, it’s just a matter of combing them :slight_smile:

#9

yeah… self learning… =,=

ok lets make this clearer… so the sql query in index.php is this one right…

[php] $_SESSION[‘user_id’]=$id;[/php]

but the function in function.php is about checking user type right?

so, in student.php i need to combing them using mysql_fecth_assoc or something?

#10

Nope, you’ve got an example of a (vulnerable) query in index.php:
[php]$check_user = “select * from user where username=’$username’ AND pass=’$password’”;[/php]

The rest sounds right :slight_smile:

#11

trying to experiment… and still got error… anyway, am i near to achieve it?

[php]<?php
session_start();
require_once(‘function.php’); //Set this to what ever page you include that holds all your functions so that we can use the checkUserStatus()
checkUserStatus(‘student’);

$check_user = function checkUserType($type)
mysql_fetch_assoc( $check_user);
$studentId = !empty($_SESSION[‘user_id’]) ? $_SESSION[‘user_id’] : null;
$studentInfo = getStudentInfoFromId($studentId);

?>

Student Page

Logout

[/php]
#12

Not really, you should read up on php functions and mysql usage