Redirected page detect logged in user_id

r1nk · September 24, 2013, 10:15am

When a user login, he/she will be redirected to his/her page based on the user type. I’ve accomplished that.

Right now what i need is to make the page recognize the user_id(auto-increment in user table) of the logged in user.

function.php

<?php
function checkUserType($type)
{
	switch($type)
	{
		case 'admin':
		$page = 'admin.php';
		break;
		
		case 'student':
		$page = 'student.php';
		break;
		
		case 'lecturer':
		$page = 'lecturer.php';
		break;
		
		case 'parents':
		$page = 'parents.php';
		break;
	}
	
	header('Location: '.$page); //You may need to edit the path to suit your folder structure.
	exit();
}

function checkUserStatus($actual_page)
{
	//First check to make sure the $_SESSION['type'] is set, if it's not then they haven't logged in so redirect back to login screen
	if(!isset($_SESSION['type']))
	{ header('Location: index.php'); }
	else
	{
		if($actual_page == $_SESSION['type']){}
		else{ checkUserType($_SESSION['type']); }
	}
}
?>

index.php (login page)

<?php session_start(); ?>
<html>
	<head>
		<title> Login Form </title>
	</head>

<body>
<form method='post' action='index.php'>
	<table width='400' border='5' align='center'>
	<tr>
		<td align='center'
		colspan='5'><h1>Member Login</h1></td>
	</tr>
	
	<tr>
		<td align='center'>Username:</td>
		<td><input type='text' name='username' /></td>
	</tr>
	
	<tr>
		<td align='center'>Password:</td>
		<td><input type='password' name='pass' /></td>
	</tr>
	
	<tr>
		<td colspan='5' align='center'><input type='submit' name='login' value='Log In' /></td>
	</tr>
	
	</table>
</form>
</body>
</html>
<?php
mysql_connect("localhost","root","");
mysql_select_db("class_attendance");

if(isset($_POST['login'])){
        require_once('function.php');
	$username = $_POST['username'];
	$password = $_POST['pass'];
	
	$check_user = "select * from user where username='$username' AND pass='$password'";
	
	$run = mysql_query($check_user);
	
	if(mysql_num_rows($run)>0){
	$results = mysql_fetch_assoc($run);
		$_SESSION['user_id']=$id;
        $_SESSION['type'] = $results['type'];
	checkUserType($results['type']);
	}
	else {
	echo "<script>alert('Username or Password is incorrect!')</script>";
	}
}

?>

student.php

<?php
session_start();
require_once('function.php'); //Set this to what ever page you include that holds all your functions so that we can use the checkUserStatus()
checkUserStatus('student');
?>
<!DOCTYPE html>
<html>
	<head>
		<title> Student Page </title>
	</head>

<body>
<h2 align='right'><a href='logout.php'>Logout</a></h2>
</body>
</html>

cpradio · September 24, 2013, 11:18am

This line doesn’t look right (in index.php):

$_SESSION['user_id']=$id;

I think you want it to read

$_SESSION['user_id']=$results['user_id'];

cpradio · September 24, 2013, 11:19am

As an aside:

Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.

Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.

r1nk · September 24, 2013, 11:30am

Ok i fixed to this one…

$_SESSION['user_id']=$results['user_id'];

but how to define it at function.php or student.php in order to grab the user_id from the index.php?

cpradio · September 24, 2013, 11:31am

After index.php has been processed, you will use $_SESSION[‘user_id’] to get to it for the other pages.

r1nk · September 24, 2013, 11:39am

hmm ok i added this part to the student.php…

$studentId = !empty($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
 $studentInfo = getStudentInfoFromId($studentId);

still not working… do i need to add something to the function.php page or something?

cpradio · September 24, 2013, 11:43am

Put var_dump($_SESSION); in your student.php and provide me with the output of that call. My guess is ‘user_id’ still isn’t set. Did you logout and then log back in after making the changes to the login piece?

r1nk · September 24, 2013, 11:52am

this is the error when i login…

Fatal error: Call to undefined function getStudentInfoFromId() in D:\\wamp\\www\\class_attendance\\student.php on line 7

sorry im just learning php like 2 weeks ago, so kind of weak with calling functions and so on…

cpradio · September 24, 2013, 11:59am

Have you defined that function any where? Is it in your functions.php file or a different file?

r1nk · September 24, 2013, 12:06pm

no… so i must define it 1st?

if yes, where should i define it?

cpradio · September 24, 2013, 12:10pm

Yes, otherwise, you have nothing to call (hence the error)

That’s really an organizational question that you could only answer. Being new to PHP, I’d be remiss not to suggest a few books that may help you with your endeavor into the language (and would teach you good practices in the process)

Then there are these courses:
https://learnable.com/courses/php-mysql-web-development-for-beginners-13
https://learnable.com/courses/object-oriented-php-2734 (do this one after the php/mysql web development for beginners course)