i have a couple of questions.

I am learning php and i built a log in and a register page. When u register it auto-increments the id row and the user name goes to row "user" in a mySQL database. now how would i make it so it says you are logged in as "user name"?

now once they are logged in, how do i call their user id? example: i want to let them change their password. How do i call their id to make sure i have the write table row?

last question, how do i make people be able to do their own thing without other people seeing what they do? example:lets say i need to make a notes program. How do i make it, so the logged in person can make their own notes that nobody else can view? and then someone else can log-in and still make their won notes that nobody else can view? what do i need to do in mySQL to be able to do that?

6 Years
Discussion Span
Last Post by TySkby

Try using cookies (but make sure it's secure!).

When the user logs in, have this in your php's login script:

setcookie('username','$user');//Basic cookie called 'username' with a value of $username that expires when the browser is closed

And when you have a page that needs to show user-specific data:

$user = $_COOKIE['username'];
$query_userID = mysql_query("SELECT id FROM users WHERE user='$user'"); //Queries mysql table 'users' for the id key that corresponds to $user value
$userID = mysql_result($query_userID, 0);

This isn't very secure- anybody who knows how to edit cookies could go into their 'username' cookie and just change it to whatever they please. So if you use cookies, it's best to use two- one cookie to store the username, and another to store the password hash of the user (NOT the actual password).

So for secure cookies:


And to use them to access the DB:

$user = $_COOKIE['username'];
$pass = $_COOKIE['password'];

$query_userID = mysql_query("SELECT id FROM users WHERE user='$user' AND password='$pass'");
$userID = mysql_result($query_userID, 0);

NOTE that this only works if you are using md5() to encrypt the password when gets stored in the database (either on registration or if you update the password later).

Another way is to use the $_SESSION global array, but I don't have much experience using that, so if you're interested, there are probably some folks on here who can give you some advice using that.

Edited by TySkby: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.