php Question posted in
Official manual can be found here.

Php – Display logged in user information

I have got a basic registration and login forms and when the user registers then their information is sent to the database and when the user uses the same username and password then they can login into the site. Upon logging in, the user is directed to the account pages at where I am trying to get the logged in users information, like first name and surname.

account.PHP

<?php
  require("classes/functions.php");
  if (!isset($_SESSION["user"])) {
    header("location: login.php");
    exit();
  }

?>
<div class="container">
              <div class="row justify-content-center">
                  <div class="col-md-7 col-lg-4 mb-5 mb-lg-0 wow fadeIn">
                      <div class="card border-0 shadow">
                          <img src="" alt="...">
                          <div class="card-body p-1-9 p-xl-5">
                              <div class="mb-4">
                                  <h3 class="h4 mb-0"><?php echo $_SESSION["user"];?></h3>
                                  <span class="text-primary">CEO &amp; Founder</span>
                              </div>
                              <ul class="list-unstyled mb-4">
                                  <li class="mb-3"><a href="#!"><i class="far fa-envelope display-25 me-3 text-secondary"></i>[email protected]</a></li>
                                  <li class="mb-3"><a href="#!"><i class="fas fa-mobile-alt display-25 me-3 text-secondary"></i>+012 (345) 6789</a></li>
                                  <li><a href="#!"><i class="fas fa-map-marker-alt display-25 me-3 text-secondary"></i>205 Main Street, USA</a></li>
                              </ul>
                              <ul class="social-icon-style2 ps-0">
                                  <li><a href="#!" class="rounded-3"><i class="fab fa-facebook-f"></i></a></li>
                                  <li><a href="#!" class="rounded-3"><i class="fab fa-twitter"></i></a></li>
                                  <li><a href="#!" class="rounded-3"><i class="fab fa-youtube"></i></a></li>
                                  <li><a href="#!" class="rounded-3"><i class="fab fa-linkedin-in"></i></a></li>
                              </ul>
                          </div>
                          <a class="btn btn-primary" href="#" role="button">Edit Profile</a>
                      </div>
                  </div>

register

function registerUser($fname, $surname, $email, $password, $confirm_password, $username){
        $mysqli = connect();
        $args = func_get_args();

        $args = array_map(function($value){
            return trim($value);
        }, $args);

        foreach ($args as $value) {
            if (empty($value)) {
                return "All fields are required";
            }
        }

        foreach ($args as $value) {
            if (preg_match("/([<|>])/", $value)) {
                return "<> characters are not allowed";
            }
        }

        $stmt = $mysqli->prepare("SELECT email FROM users WHERE email = ?");
        $stmt->bind_param("s", $email);
        $stmt->execute();
        $result = $stmt->get_result();
        $data = $result->fetch_assoc();
        if ($data != NULL) {
            return "Email already exists";
        }

        if (strlen($username) > 50) {
            return "Username is to long";
        }

        $stmt = $mysqli->prepare("SELECT username FROM users WHERE username = ?");
        $stmt->bind_param("s", $username);
        $stmt->execute();
        $result = $stmt->get_result();
        $data = $result->fetch_assoc();
        if ($data != NULL) {
            return "Username already exists, please use a different username";
        }

        if (strlen($fname) > 50) {
            return "First name is to long";
        }

        if (strlen($surname) > 50) {
            return "Surname is to long";
        }

        if (strlen($password) > 50) {
            return "Password is to long";
        }

        if ($password != $confirm_password) {
            return "Password don't match";
        }

        $hashed_password = password_hash($password, PASSWORD_DEFAULT);

        $stmt = $mysqli->prepare("INSERT INTO users(fname, surname, email, password, username) VALUES(?, ?, ?, ?, ?)");
        $stmt->bind_param("sssss", $fname, $surname, $email, $hashed_password, $username);
        $stmt->execute();
        if ($stmt->affected_rows != 1) {
            return "An error occurred. Please try again";
        }else{
            return "success";
        }
    }

Login

function loginUser($username, $password){
        $mysqli = connect();
        $username = trim($username);
        $password = trim($password);

        if ($username == "" || $password == "") {
            return "Both fields are required";
        }

        $username = filter_var($username, FILTER_SANITIZE_STRING);
        $password = filter_var($password, FILTER_SANITIZE_STRING);

        $sql = "SELECT username, password FROM users WHERE username = ?";
        $stmt = $mysqli->prepare($sql);
        $stmt->bind_param("s", $username);
        $stmt->execute();
        $result = $stmt->get_result();
        $data = $result->fetch_assoc();
        if ($data == NULL) {
            return "Wrong username or password";
        }

        if (password_verify($password, $data["password"]) == FALSE) {
            return "Wrong username or password";
        }else{
            $_SESSION['user'] = $username;
            header("location: account.php");
            exit();
        }
    }

I have attempted many methods, including google searches and searching on here, but nothing seams to work. I am expecting to display the logged in users first name, surname, email address ect

Thanks in advance.

Tags:

2

Answers


  1. 0

    You would have to fetch the data from the database. You can find the user from the $_SESSION["user"] (but as mentioned in the comments, remember to call session_start() at the top of account.php) that you store on the login.php page.

    Here’s a rough example:

    <?php
  session_start();
  require("classes/functions.php");
  if (!isset($_SESSION["user"])) {
    header("location: login.php");
    exit();
  }

  $mysqli = connect();
  $sql = "SELECT * FROM users WHERE username = ?";
        $stmt = $mysqli->prepare($sql);
        $stmt->bind_param("s", $_SESSION["user"]);
        $stmt->execute();
  $result = $stmt->get_result();
  $data = $result->fetch_assoc();
?>

    and then use $data in your HTML to show the user information.

    Login or Signup to reply.
  2. 0

    Put the user data into the session when you auth, there’s no need to query the database again on every page hit, it’s just unnecessary expense. In your loginUser function, select every field instead of just the username and password:

    $sql = "SELECT * FROM users WHERE username = ?";

    And then if authentication succeeds, put the desired fields into the session:

    if (password_verify($password, $data['password'])) {
    $_SESSION['username'] = $data['username'];
    $_SESSION['fname'] = $data['fname'];
    $_SESSION['surname'] = $data['surname'];
    header("location: account.php");
    exit();
}

    Then on any page where $_SESSION['username'] is set, you know you’ll also have $_SESSION['fname'] and $_SESSION['surname'] already available.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search