retrieve and store session information in databases

[jaylow]

I have a session running after someone registers and log into my page and i want to use that session ID

 

How can i use the session id to store new information into a other mysql database and when the same user logs in retrieve it again from that database?

 

I want that the user log into the page and then create a character.

I just don't know how to bind it together.

 

I made a new page where you need to create/select Character name, $ex, Race, Home world

and a new table called "players" with those 4 in it plus id and User_id

how would i code it so that the users session ID from the register page combines with the info he/she filled in the player creation form ?

 

if some one could shove me into the right direction it would make my day

 

This is the session function and log in function.

function sec_session_start() {    $session_name = 'sessionName';   // Set a custom session name    $secure = SECURE;    // This stops JavaScript being able to access the session id.    $httponly = true;    // Forces sessions to only use cookies.    if (ini_set('session.use_only_cookies', 1) === FALSE) {        header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");        exit();    }    // Gets current cookies params.    $cookieParams = session_get_cookie_params();    session_set_cookie_params($cookieParams["lifetime"],        $cookieParams["path"],         $cookieParams["domain"],         $secure,        $httponly);    // Sets the session name to the one set above.    session_name($session_name);    session_start();            // Start the PHP session     session_regenerate_id();    // regenerated the session, delete the old one. }

function login($email, $password, $mysqli) {    // Using prepared statements means that SQL injection is not possible.      if ($stmt = $mysqli->prepare("SELECT id, username, password, salt, accdate        FROM members       WHERE email = ?        LIMIT 1")) {        $stmt->bind_param('s', $email);  // Bind "$email" to parameter.        $stmt->execute();    // Execute the prepared query.        $stmt->store_result();        // get variables from result.         $stmt->bind_result($user_id, $username, $db_password, $salt, $accdate);        $stmt->fetch();        // hash the password with the unique salt.        $password = hash('sha512', $password . $salt);        if ($stmt->num_rows == 1) {            // If the user exists we check if the account is locked            // from too many login attempts             if (checkbrute($user_id, $mysqli) == true) {                // Account is locked                 // Send an email to user saying their account is locked                return false;            } else {                // Check if the password in the database matches                // the password the user submitted.                if ($db_password == $password) {                    // Password is correct!                    // Get the user-agent string of the user.                    $user_browser = $_SERVER['HTTP_USER_AGENT'];                    // XSS protection as we might print this value                     // everything works!                     //so i could add more to the table and get the info from here                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);                    $_SESSION['user_id'] = $user_id;                    $_SESSION['email'] = $email;                    $_SESSION['username'] = $username;                    $_SESSION['accdate'] = $accdate;                    // XSS protection as we might print this value                    $username = preg_replace("/[^a-zA-Z0-9_-]+/",                                                                 "",                                                                 $username);                    $_SESSION['username'] = $username;                    $_SESSION['login_string'] = hash('sha512',                               $password . $user_browser);                    // Login successful.                    return true;                        //TEST if Login successful add to email and username from members and add to players table                   } else {                    // Password is not correct                    // We record this attempt in the database                    $now = time();                    $mysqli->query("INSERT INTO login_attempts(user_id, time)                                    VALUES ('$user_id', '$now')");                    return false;                }            }        } else {            // No user exists.            return false;        }    }}

 

[birbal]

If you are using php 5.4 and up you can use http://php.net/SessionHandlerInterface in conjugation with http://php.net/session_set_save_handler (one of its version takes callback style parameter which are used prior to php 5.4

[justsomeguy]

The session_id function will return the current session ID if you don't send it a parameter, but I don't see the point of storing the session ID in a database. Every time a user comes back they will have a different session ID.