-3

first hand thanks so much for the help you could give, i´m trying to create a login section with a porfile section, the login work great, but i want to get all the information of the user that just login in to the page and display it on the profile section, how can i do that. Here are the file for the index.php(just get language of the page and redirect to a the correcto version and check if the user is login or not), gallery.php(profile section) and login.php(check the user on the DB), home-de.php(just where loging form is).

The data base is simple just one table call users and fields id, first_name, last_name, email, password.

index.php

<?php
        session_start();
    $accept_language = explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']);
    $lang = $accept_language[0];
    echo $lang;
    switch ($lang)
    {
        case 'en':
                    if (isset($_SESSION['users'])) {
                        header('Location: en/gallery_en.php');
                    }else{
                        header('Location: en/home-en.php');
                    }
            break;
        default:
                if (isset($_SESSION['users'])) {
                    header('Location: de/gallery_de.php');
                }else{
                    header('Location: de/home-de.php');
                }
    }
?>

login.php

<?php
  session_start();
  function login($location){
    if (isset($_SESSION['users'])) {
      header('Location: '. $location . '');
    }

    $errores = '';

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
      $user_email = strtolower($_POST['email']);
      $user_pass = $_POST['password'];

      try {
        $connection = new PDO('mysql:host=localhost;dbname=user_login', 'root', '');
      } catch (PDOException $e) {
        echo "Error:" . $e->getMessage();;
      }

      $statement = $connection->prepare('SELECT * FROM users WHERE user_email = :email AND user_pass = :password');
      $statement->execute(array(':email' => $user_email,':password' => $user_pass));

      $result = $statement->fetch();

      if ($result !== false) {
        $_SESSION['users'] = $user_email;
        header('Location: '. $location . '');
      } else {
        $errores .= '<li>Datos Incorrectos</li>';
      }
    }
  }

?>

de/home-de.php

<?php
    require ('../login.php');
    login('../de/gallery.php');
?>
          <form id="login-form" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="POST" name="login">
            <div class="login-field">
              <label for="email_login">Email</label>
              <input type="text" name="email" id="email_login">
              <div class="message text-center"><p>This field is required</p></div>
              <div class="pattern text-center"><p>Enter a valid email.</p></div>
            </div>
            <div class="login-field">
              <label for="pass_login">Password</label>
              <input type="password" name="password" id="pass_login">
              <div class="message text-center"><p>This field is required</p></div>
            </div>
            <input type="submit" value="Login">
          </form>

de/gallery_de.php

<?php
  session_start();
  if (isset($_SESSION['users'])) {

  } else {
    header('Location: ../index.php');
  }
?>

<h1 class="title-bar">Willkommen <?php echo '(here will put the first name of the user)'?></h1>
Miguel Frias
  • 2,544
  • 8
  • 32
  • 53
  • 3
    _“how can i do that”_ – you make a query that selects the data, and then you display it …? The question here is rather - what specific parts of that are you having trouble with? Please go read [ask]. – CBroe Mar 22 '17 at 13:17
  • 3
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Mar 22 '17 at 13:17
  • 1
    use `$_SESSION['users']` to get the current users's detaisl – Masivuye Cokile Mar 22 '17 at 13:18
  • You could always make a users class and assign the session to the `userid` or `id` – Option Mar 22 '17 at 13:20
  • @JayBlanchard jejejej oh yes i know is just im just making some test first, but thank for reminding me to use `password_hash()` :D – Miguel Frias Mar 22 '17 at 13:25
  • @MiguelAngelFrias you have answers below evaluate them and comemnt on them – Masivuye Cokile Mar 22 '17 at 14:13

2 Answers2

-2

in login.php:

$_SESSION['users'] = $user_email;
$_SESSION['user_id'] = $result['id'];
$_SESSION['user_first_name'] = $result['first_name'];
$_SESSION['user_last_name'] = $result['last_name'];

in de/gallery_de.php

<?php echo $_SESSION['user_first_name'];?>
Maciej__
  • 159
  • 7
-2

In Login.php

after this $result = $statement->fetch();

do this

 if ($result !== false) {
    $_SESSION['users'] = $user_email;
    $_SESSION['user_name'] = $result->firstName;  //you have change the field name 
    header('Location: '. $location . '');
  } else {
    $errores .= '<li>Datos Incorrectos</li>';
  }

then in de/gallery_de.php

replace

<?php echo '(here will put the first name of the user)'?>

with

<?php echo $_SESSION[user_name] ?>

Muhammad Sajjad
  • 18
  • 1
  • 5