0

this is my SESSION code i want to make function of it
is this posible?
i am new in php i want your help
please guide me

<?php

include "connection.php";
$result = mysql_query("SELECT * FROM new WHERE Email='" . $_POST['email'] . "' and Password = '". $_POST['pass']."'");
$row  = mysql_fetch_array($result);
if(is_array($row)){
$_SESSION["ID"] = $row['ID'];
$_SESSION["Email"] = $row['Email'];
$_SESSION["Title"] = $row['Title'];
    }
     else {
            echo "Invalid details!";
            }
if(isset($_SESSION["ID"])){
echo"welcome</br>".  $_SESSION["Title"];
echo"</br><a href='logout.php'>Log out</a>";
}

?>
3
Contributors
2
Replies
26
Views
3 Years
Discussion Span
Last Post by diafol
0

Hi,

you can create function like this.

    <?php
    ob_start();
    session_start();
    include "connection.php";
    function loginFunc($username, $password){
        $result = mysql_query("SELECT * FROM new WHERE Email='" . $username . "' and Password = '" . $password . "'");
        $row  = mysql_fetch_array($result);
        if(is_array($row)){
            $_SESSION["ID"] = $row['ID'];
            $_SESSION["Email"] = $row['Email'];
            $_SESSION["Title"] = $row['Title'];
        } else {
            echo "Invalid details!";
        }

        if(isset($_SESSION["ID"])){
            return "welcome</br>".  $_SESSION["Title"] . "<br /><a href='logout.php'>Log out</a>";
        } else {
            return "";
        }
    }
    echo loginFunc($_POST['email'], $_POST['pass'])
    ?>

Edited by katarey

1

This is a pretty broad question as we don't know whether you want to lump in the login routine to the session storing routine. In addition you'd probably do better to make an authentication class. In addition PLEASE DO NOT USE mysql_* functions, they've been deprecated. Use PDO or mysqli instead.

Without going all OOP on you, we can create a halfway house solution with functions.

session_start();

//FROM HERE ----
function PDO_connect($host, $database, $username, $password='')
{
   try {
        $pdo = new PDO("mysql:host=$host;dbname=$database",$username,$password);
        return $pdo;
    } catch (PDOException $e) {
        echo 'Exception: ' . $e->getMessage();
    }
}

function login($pdo, $username, $pw)
{
   $stmt = $pdo->prepare("SELECT `ID`, `Title`, `Password` FROM `new` WHERE `Email` = ? LIMIT 1");
   $stmt->execute($username);
   if($stmt->rowCount())
   {
       $userData = $stmt->fetch(PDO::FETCH_ASSOC); 
       if(password_verify($pw, $userData['Password']))
       {
           if(store_session($userData))
           {
               unset($userData['Password']);
               return $userData;
           }    
       }
   }
   return false;
}

function store_session($data)
{
    $_SESSION['ID'] = $data['ID'];
    $_SESSION['Title'] = $data['Title'];
    return true;
}
// ---- TO HERE can be placed in an include file

Usage:

include('functions.php');
if (isset($_POST['Email']) && isset($_POST['Password']) && $Email = filter_var($_POST['Email'], FILTER_VALIDATE_EMAIL)) 
{
    $pw = password_hash($_POST['Password'], PASSWORD_BCRYPT, array('cost'=>11) );
    //pw field needs to be 60 chars long for BCRYPT algorithm)
    $pdo = PDO_connect('localhost','mydb','root');
    if($ret = login($pdo, $email, $pw)
    {
        "Welcome</br>".  $ret["Title"] . "<br /><a href='logout.php'>Log out</a>";
    }else{
        echo "Invalid details!";
    }
}

Just an idea, not really production code.

Edited by diafol

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.