1

When you log in by my login form authentication.php will check if the data from the inputs excists in the database. When there is a match the user will be directed to a page for his role so lets say the user is a admin he will be directed to admin.php. When the user is successfully logged in i want to show a message like welcome firstname lastname. In my database i have a field called firstname and a field called lastname. I hope someone can help me with this since i cannot seem to figure it out :(

authentication.php

<?php
    session_start();
    // Making a connection with the database.
    $mysqli=new MySQLi("localhost", "root", "root", "portfolio"); 
    $role=""; 

    // Declaring the username and password input.
    $username=filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); 
    $password=filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); 

    // If role from members where username and password from inputs exicts in database bind parameters.
    // If given parameters not excists in database die
    if($query=$mysqli->prepare("SELECT `role` FROM members WHERE username=? AND password=?")) {
        $query->bind_param("ss", $username, $password);                                         
        $query->execute();                                                                
        $query->bind_result($role);
        $query->fetch();
    } else {                                                                                    
        echo "Errors in the Query. ".$mysqli->error;                                            
        die();
    }

    // If $role is filled make session for username to check if logged in and session role for redirect page.
    // If $role and $username is not filled invalid password, username combination.
    if($role!="") {                                                                           
        $_SESSION['ingelogt']=$username;                                                        
        $_SESSION['user_role']=$role;                                                 
        $location="$role.php";                                                                  
        header("location: $location");                                                          
    } else {                                                                                   
        echo "Invalid password, username combination";
        echo "<br/><a href='login.html'>Click to go back</a>";                                          
    }
?>

The page the admin will be directed to called admin.php

<?php
    session_start();
    // If session is not ingelogt lead back to index.php.
    if(!isset($_SESSION['ingelogt'])) {
        header("location: index.php"); 
    }

    // The role that has access to this page.
    $page_role="admin"; 
    $role=$_SESSION['user_role'];
    // If a user with a different role visits wrong page.
    if($role!=$page_role)
    {
        echo "You are not supposed to be here.";
        die();
    }

    // Start new DOMDocument and load html file.
    $dom = new DOMDocument();
    libxml_use_internal_errors(true);
    $dom->loadHTMLFile("admin.html");
    libxml_use_internal_errors(false);

    // If user is logged in add logg out icon in the menu.
    if($_SESSION['ingelogt']) {
        $oUl = $dom->getElementById('navUl');
            $oList = $dom->createElement('li');

                $oLink = $dom->createElement('a');
                $oLink->setAttribute('href','logout.php');

                    $oI = $dom->createElement('i');
                    $oI->setAttribute('class','icon-logout');

                    $oLink->appendChild($oI);

                $oList->appendChild($oLink);

            $oUl->appendChild($oList);
    }
    // Save DOMDocument with html document.
    echo $dom->saveHTML();
?>
Improve this question
2
  • 1
    Notice that a Location header can be skipped by the clients in the HTTP-response... It's just a way of "asking" the browsers to redirect, but that doesn't mean they have to "listen". Always use die() or exit() after a header("Location: some_uri"), if you want to be sure that the user can't get past that point in the code. Commented Jul 12, 2014 at 19:57
  • Ok! Ill use that in the future :-) Commented Jul 12, 2014 at 20:03

1 Answer 1

Reset to default
1

If I'm misunderstanding you in any way, just give me a hint, and I will delete this answer. Although what I assume that you want to do is to print the greeting somewhere on the page, based off the user's first name and surname.

Basically, once you have declared a $_SESSION-element, you can access it at different pages (similar to $_COOKIE, but not identical). So the best solution for this is to initialize $_SESSION variables with the first- and last name you receive from the database, and then print those variables on the desired pages (same method as you've used with the role).

Firstly, you need to fetch the names in the database, which can be done by changing the if-statement in authentication.php to the following:

if($query=$mysqli->prepare("SELECT `role`, `firstname`, `lastname` FROM members WHERE username=? AND password=?")) //assuming that your columns are called `firstname` and `lastname`

To fetch these, you also need to change the row further down to:

$query->bind_result($role, $first, $last);

When using fetch on the next row, your variables will be put into their appropriate bound ones. So after that statement, you can do the following (preferably after the $_SESSION['user_role']=$role;):

$_SESSION["firstname"] = $first;
$_SESSION["lastname"] = $last;

After that point, you can echo the first- and last name wherever you want (it depends on where you want it to be put...). If you want it to appear at the top of admin.php, for instance, you can simply put this before $dom = new DOMDocument();:

echo "Hello " . $_SESSION["firstname"] . " " . $_SESSION["lastname"] . "!";

If you're confused where to put something, then try re-reading the given instructions. Most of my examples are simply things to replace (in which case, you just need to find the corresponding code), and if not that, I've tried to redirect you. Although realize that things like these are important to know without getting the code right in your hand, so I advice you to try to understand.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thankyou so much @max! I am gonna try this when im home again im watching the netherlands vs brazillie now! I totaly understand how it works now! If something goes wrong ill post it down here but for now thanks allot!
It works :) but do you have any idea if it is possible to put the echo in the value of a H1 in domdocument? $oDiv = $dom->getElementById('ttWelcomeText'); $oH1 = $dom->createElement('h1','echo "Hello " . $_SESSION["firstname"] . " " . $_SESSION["lastname"] . "!";'); $oDiv->appendChild($oH1); then it just shows the echo as plain text @Max
@KingMike Glad to hear it works (also, if it does, you can accept the answer to save some other people's time). For the other question, try: $oH = $dom->createElement('h1'); $oGreeting = $dom->createTextNode("Hello " . $_SESSION["firstname"] . " " . $_SESSION["lastname"] . "!"); $oH->appendChild($oGreeting);, then append that to the element you want (of course, you should use linebreaks between the statements, I just can't do that in comments).
@KingMike No problems, at all. You click the little check-thingy under the voting-arrows next to my answer.
Ahh haha i totaly did not see the aprove sign :P im really glad its working now! ive been working with DOMDocument quite allot on my spot i had to work for school but they had their own cms system so they made functions to make the $_SESSIONS way easier so i did not learn the way i have to do it :P that kinda sucks.. and when i wanna generate a form lets say to edit profile data i just use a foreach for the data from the database and create a label and input with DOMDocument and fill the value of the input with the data from database i guess? pretty roughly told now hope u understand xD
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.