I have got a basic registration and login forms and when the user registers then their information is sent to the database and when the user uses the same username and password then they can login into the site. Upon logging in, the user is directed to the account pages at where I am trying to get the logged in users information, like first name and surname.
account.PHP
<?php
require("classes/functions.php");
if (!isset($_SESSION["user"])) {
header("location: login.php");
exit();
}
?>
<div class="container">
<div class="row justify-content-center">
<div class="col-md-7 col-lg-4 mb-5 mb-lg-0 wow fadeIn">
<div class="card border-0 shadow">
<img src="" alt="...">
<div class="card-body p-1-9 p-xl-5">
<div class="mb-4">
<h3 class="h4 mb-0"><?php echo $_SESSION["user"];?></h3>
<span class="text-primary">CEO & Founder</span>
</div>
<ul class="list-unstyled mb-4">
<li class="mb-3"><a href="#!"><i class="far fa-envelope display-25 me-3 text-secondary"></i>[email protected]</a></li>
<li class="mb-3"><a href="#!"><i class="fas fa-mobile-alt display-25 me-3 text-secondary"></i>+012 (345) 6789</a></li>
<li><a href="#!"><i class="fas fa-map-marker-alt display-25 me-3 text-secondary"></i>205 Main Street, USA</a></li>
</ul>
<ul class="social-icon-style2 ps-0">
<li><a href="#!" class="rounded-3"><i class="fab fa-facebook-f"></i></a></li>
<li><a href="#!" class="rounded-3"><i class="fab fa-twitter"></i></a></li>
<li><a href="#!" class="rounded-3"><i class="fab fa-youtube"></i></a></li>
<li><a href="#!" class="rounded-3"><i class="fab fa-linkedin-in"></i></a></li>
</ul>
</div>
<a class="btn btn-primary" href="#" role="button">Edit Profile</a>
</div>
</div>
register
function registerUser($fname, $surname, $email, $password, $confirm_password, $username){
$mysqli = connect();
$args = func_get_args();
$args = array_map(function($value){
return trim($value);
}, $args);
foreach ($args as $value) {
if (empty($value)) {
return "All fields are required";
}
}
foreach ($args as $value) {
if (preg_match("/([<|>])/", $value)) {
return "<> characters are not allowed";
}
}
$stmt = $mysqli->prepare("SELECT email FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
$data = $result->fetch_assoc();
if ($data != NULL) {
return "Email already exists";
}
if (strlen($username) > 50) {
return "Username is to long";
}
$stmt = $mysqli->prepare("SELECT username FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$data = $result->fetch_assoc();
if ($data != NULL) {
return "Username already exists, please use a different username";
}
if (strlen($fname) > 50) {
return "First name is to long";
}
if (strlen($surname) > 50) {
return "Surname is to long";
}
if (strlen($password) > 50) {
return "Password is to long";
}
if ($password != $confirm_password) {
return "Password don't match";
}
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $mysqli->prepare("INSERT INTO users(fname, surname, email, password, username) VALUES(?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $fname, $surname, $email, $hashed_password, $username);
$stmt->execute();
if ($stmt->affected_rows != 1) {
return "An error occurred. Please try again";
}else{
return "success";
}
}
Login
function loginUser($username, $password){
$mysqli = connect();
$username = trim($username);
$password = trim($password);
if ($username == "" || $password == "") {
return "Both fields are required";
}
$username = filter_var($username, FILTER_SANITIZE_STRING);
$password = filter_var($password, FILTER_SANITIZE_STRING);
$sql = "SELECT username, password FROM users WHERE username = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$data = $result->fetch_assoc();
if ($data == NULL) {
return "Wrong username or password";
}
if (password_verify($password, $data["password"]) == FALSE) {
return "Wrong username or password";
}else{
$_SESSION['user'] = $username;
header("location: account.php");
exit();
}
}
I have attempted many methods, including google searches and searching on here, but nothing seams to work. I am expecting to display the logged in users first name, surname, email address ect
Thanks in advance.
2
Answers
You would have to fetch the data from the database. You can find the user from the
$_SESSION["user"]
(but as mentioned in the comments, remember to callsession_start()
at the top of account.php) that you store on the login.php page.Here’s a rough example:
and then use
$data
in your HTML to show the user information.Put the user data into the session when you auth, there’s no need to query the database again on every page hit, it’s just unnecessary expense. In your
loginUser
function, select every field instead of just the username and password:And then if authentication succeeds, put the desired fields into the session:
Then on any page where
$_SESSION['username']
is set, you know you’ll also have$_SESSION['fname']
and$_SESSION['surname']
already available.