jaylow Posted July 16, 2014 Share Posted July 16, 2014 I have a session running after someone registers and log into my page and i want to use that session ID How can i use the session id to store new information into a other mysql database and when the same user logs in retrieve it again from that database? I want that the user log into the page and then create a character. I just don't know how to bind it together. I made a new page where you need to create/select Character name, $ex, Race, Home world and a new table called "players" with those 4 in it plus id and User_id how would i code it so that the users session ID from the register page combines with the info he/she filled in the player creation form ? if some one could shove me into the right direction it would make my day This is the session function and log in function. function sec_session_start() { $session_name = 'sessionName'; // Set a custom session name $secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); // regenerated the session, delete the old one. } function login($email, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT id, username, password, salt, accdate FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_id, $username, $db_password, $salt, $accdate); $stmt->fetch(); // hash the password with the unique salt. $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { // If the user exists we check if the account is locked // from too many login attempts if (checkbrute($user_id, $mysqli) == true) { // Account is locked // Send an email to user saying their account is locked return false; } else { // Check if the password in the database matches // the password the user submitted. if ($db_password == $password) { // Password is correct! // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // XSS protection as we might print this value // everything works! //so i could add more to the table and get the info from here $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; $_SESSION['email'] = $email; $_SESSION['username'] = $username; $_SESSION['accdate'] = $accdate; // XSS protection as we might print this value $username = preg_replace("/[^a-zA-Z0-9_-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); // Login successful. return true; //TEST if Login successful add to email and username from members and add to players table } else { // Password is not correct // We record this attempt in the database $now = time(); $mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', '$now')"); return false; } } } else { // No user exists. return false; } }} Link to comment Share on other sites More sharing options...
birbal Posted July 16, 2014 Share Posted July 16, 2014 If you are using php 5.4 and up you can use http://php.net/SessionHandlerInterface in conjugation with http://php.net/session_set_save_handler (one of its version takes callback style parameter which are used prior to php 5.4 Link to comment Share on other sites More sharing options...
justsomeguy Posted July 21, 2014 Share Posted July 21, 2014 The session_id function will return the current session ID if you don't send it a parameter, but I don't see the point of storing the session ID in a database. Every time a user comes back they will have a different session ID. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now