tags:

views:

230

answers:

2
Q: 

grab current user id - php class

Hello everone,

I am buidling a small job application website, and i'm using a the basis of a login system taken from a Nettuts.com tutorial. The logging in works fine, but I am having trouble getting the details for the currently logged in user, for example if a user enters their personal details, i can process the data into the database but it's not linked to which user!

I ideally want the id put into a variable called $userID.

I need a way to identify the user currently logged in, so i can update my insert statements to something like ... 'UPDATE cv where userID = $userID'.

class Mysql {
private $conn;

function __construct() {
 $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or
      die('There was a problem connecting to the database.');
}

function verify_Username_and_Pass($un, $pwd) {

 $query = "SELECT *
   FROM users
   WHERE username = ? AND password = ?
   LIMIT 1";

 if($stmt = $this->conn->prepare($query)) {
  $stmt->bind_param('ss', $un, $pwd);
  $stmt->execute();

  if($stmt->fetch()) {
  $stmt->close();
  return true;

  }
 }  
}

}

class Membership {

function validate_user($un, $pwd) {
 $mysql = New Mysql();
 $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd));

 // if above = true
 if($ensure_credentials) {
  $_SESSION['status'] = 'authorized';
  $_SESSION['username'] = $un;
  $_SESSION['password'] = $pwd;
  header("location: ../myIWC.php");
 } else return "Please enter a correct username and password";

}

function log_User_Out() {
 if(isset($_SESSION['status'])) {
  unset($_SESSION['status']);
  unset($_SESSION['username']);
  unset($_SESSION['password']);
  if(isset($_COOKIE[session_name()])) 
   setcookie(session_name(), '', time() - 1000);
   session_destroy();
 }
}

function confirm_Member() {
 session_start();
 if($_SESSION['status'] !='authorized') header("location: ../login.php");
}


$currentUN = $_SESSION['username'];
$currentPWD = $_SESSION['password'];

$mysql = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a     problem connecting to the database');
$stmt = $mysql->prepare('SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1');
$stmt->bind_param('ss',$currentUN, $currentPWD);
$stmt->execute();
$stmt->bind_result($currentID);
}
A: 

Think of rewriting your verify_Username_and_Pass function so it return an array of user data, or writing a new function that gets it. Then in your validate_user function, save this data to session:

$_SESSION['user_data'] = $user_data; // got from database
Deniss Kozlovs  2009-10-13 14:31:04
thx for the reply mate, i a bit of a OOP noob at the mo, how would i accomplish this?
Aaron Bentley  2009-10-13 14:36:19
A: 

Well I would say the code given in the tutorial isn't a very good example. The database class should be just that and only handle database functions it shouldn't really have user functions in there (verify_Username_and_Pass). Also from a security point of view I would strongly recommend against storing unencrypted passwords in the session.

I appreciate however the code snippets you've provided are probably part of a wider implementation and as such you won't be able to play around with it too much. As such the code below will work in your context.

class Mysql {
private $conn;

function __construct() {
        $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or
                                  die('There was a problem connecting to the database.');
}

function verify_Username_and_Pass($un, $pwd) {

        $query = "SELECT id
                        FROM users
                        WHERE username = ? AND password = ?
                        LIMIT 1";

        if($stmt = $this->conn->prepare($query)) {
                $stmt->bind_param('ss', $un, $pwd);
                $stmt->execute();
                $stmt->bind_result($id);

                if($stmt->fetch()) {
                $stmt->close();
                return $id;

                } else {
                    return false;
                }
        }               
}

Then in your user class

if($ensure_credentials !== false) {
                $_SESSION['id'] = $ensure_credentials;
                $_SESSION['status'] = 'authorized';
                $_SESSION['username'] = $un;
                $_SESSION['password'] = $pwd;
                header("location: ../myIWC.php");
        } else return "Please enter a correct username and password";
RMcLeod  2009-11-02 13:22:33

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases