Hi All:

I have an extensive website in which I would like to echo the name of the company various pages after the user logs in. I think I should be using the $_SESSION global, but I'm having difficulty implementing it, placing it in my code, and knowing what php code to place in the pages where I want the company name to appear. From what I understand, I need to fetch the company name and assign it to the session while the user name and password are being authenticated.

For purposes of this question, the MySQL table is laid out as follows:

[LIST]
[*]id
[*]username
[*]password
[*]usergroup (not being used yet)
[*]company
[*]last_login
[/LIST]

Here's my check-login code:

<?php

  $host = "---";
  $username = "---";
  $password = "---";
  $db = "---";
  $tbl_name = "---";

// Connect to server and select database.
mysql_connect($host, $username, $password) or die("Unable to connect to database.");
mysql_select_db($db) or die("Unable to connect to database.");


// Username and password sent from form.
$myusername = mysql_real_escape_string($_POST['myusername']);
$mypassword = mysql_real_escape_string($_POST['mypassword']);


$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
  if($count==1) {

// Register $myusername, $mypassword and redirect to file "login_success.php"
  session_register("myusername");
  session_register("mypassword");

// Update the last_login field of the MySQL database
$lastlogin = mysql_query("UPDATE $tbl_name SET last_login=now() WHERE username='$myusername'");

// Redirect good login attempt
  header("location:login_success.php");
  }

// Redirect bad login attempt
  else {
    header("location:login_retry.php");
    }
?>

If you'd like to do it in a session variable, do this.

<?php

  $host = "---";
  $username = "---";
  $password = "---";
  $db = "---";
  $tbl_name = "---";

// Connect to server and select database.
mysql_connect($host, $username, $password) or die("Unable to connect to database.");
mysql_select_db($db) or die("Unable to connect to database.");

// If no magic quotes, add slashes
if(!get_magic_quotes_gpc()) {
$myusername = addslashes($_POST['myusername']);
$mypassword = addslashes($_POST['mypassword']);
}

// Username and password sent from form.
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
  if($count==1) {

// Register $myusername, $mypassword and redirect to file "login_success.php"
  session_register("myusername");
  session_register("mypassword");
  session_register("mycompany");
  
// Assign the mycompany variable from user table
  $_SESSION['mycompany'] = $row['company'];

// Update the last_login field of the MySQL database
$lastlogin = mysql_query("UPDATE $tbl_name SET last_login=now() WHERE username='$myusername'");

// Redirect good login attempt
  header("location:login_success.php");
  }

// Redirect bad login attempt
  else {
    header("location:login_retry.php");
    }
?>

I'm not completely certain you need to register the username and password with the session, but I may be wrong. It's be a while since I wrote my own session handler.

Oh, and if magic_quotes_gpc is enabled, you should use stripslashes() on the submitted form data and visa versa.

Comments
Great work, appreciate the help!

Also, you shouldn't be using session_register() as this is registering a global variable. You will find that in most hosts, register globals is turned off and in php 6.0 it is completely removed. You shouldn't be using register globals anyway. You only need to use $_SESSION[].

So, unless you really feel like revisiting everything you've done with sessions, I recommend not doing this.

Also, you shouldn't be using session_register() as this is registering a global variable. You will find that in most hosts, register globals is turned off and in php 6.0 it is completely removed. You shouldn't be using register globals anyway. You only need to use $_SESSION[].

So, unless you really feel like revisiting everything you've done with sessions, I recommend not doing this.

Ah see, news to me R0b. I haven't messed with session in forever. So maybe this is what he should use.

<?php

  $host = "---";
  $username = "---";
  $password = "---";
  $db = "---";
  $tbl_name = "---";

// Connect to server and select database.
mysql_connect($host, $username, $password) or die("Unable to connect to database.");
mysql_select_db($db) or die("Unable to connect to database.");

// If no magic quotes, add slashes
if(!get_magic_quotes_gpc()) {
$myusername = addslashes($_POST['myusername']);
$mypassword = addslashes($_POST['mypassword']);
}

// Username and password sent from form.
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
  if($count==1) {

// Assign session variables from user table
 $_SESSION['mycompany'] = $row['company'];
 $_SESSION['myusername'] = $row['username'];

// Update the last_login field of the MySQL database
$lastlogin = mysql_query("UPDATE $tbl_name SET last_login=now() WHERE username='$myusername'");

// Redirect good login attempt
  header("location:login_success.php");
  }

// Redirect bad login attempt
  else {
    header("location:login_retry.php");
    }
?>

Not a problem, I've just heard horror stories about php 4.2 when developers had to go back through the scripts that they wrote in the past because register globals was turned off. The less of that we have in the future the better off we'll be.

Yes, that would be the best way to go.

Thank you for the replies. I will have to continue this Friday or next Monday due to other web obligations.

With regard to the php version, we are self-hosting. I can reconfigure Apache if need be, but what I'm doing works--and if it aint broke, don't fix it! Right?

One more thing: I have to try out the code you both provided to see how it goes, but if I want to echo the company name on any page while the session is active, what do I need to do?

Thank you again for helping me here. I'll return the favor as often as I can.

GP

Update: This worked. Thank you for the help. FYI, here's what I did to echo the company name on the appropriate pages:

<?php
if (!session_register(company));
{
echo $_SESSION['company'];
}
?>

Update: This worked. Thank you for the help. FYI, here's what I did to echo the company name on the appropriate pages:

<?php
if (!session_register(company));
{
echo $_SESSION['company'];
}
?>

Well if you shouldn't use session_register, maybe you should use this:

if ($_SESSION['company']) {
 echo $_SESSION['company'];
}

Well if you shouldn't use session_register, maybe you should use this:

if ($_SESSION['company']) {
 echo $_SESSION['company'];
}

I usually go a step further and do this:

if (isset($_SESSION['company']) && trim($_SESSION['company']) != "") {
 echo $_SESSION['company'];
}

which will also ensure that it is not blank

As I continued to play with the code, I added "Welcome, " to the echo() statement. I noticed that if the person was not logged in, "Welcome," printed without the company name. What type of else statement will keep this from happening?

As I continued to play with the code, I added "Welcome, " to the echo() statement. I noticed that if the person was not logged in, "Welcome," printed without the company name. What type of else statement will keep this from happening?

So you have this?

if (isset($_SESSION['company']) && trim($_SESSION['company']) != "") {
 echo "Welcome, ".$_SESSION['company'];
}
This question has already been answered. Start a new discussion instead.