user id

[Html]

Hi,

Okay, I'm going to need some pointers, can I setup a profile.php with the code that will use a session to grab the id from a user?

For a change I thought why not view the sessions here on this site php 5 sessions I guess they are good to use, https://www.w3schools.com/php/php_sessions.asp

<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// Set session variables
$_SESSION["favcolor"] = "green";
$_SESSION["favanimal"] = "cat";
echo "Session variables are set.";
?>

So "1" needs an index page,

So home.php

<html>
<body>
<center>
<img src="header2018may15.jpg">
</center>
<?php # DISPLAY COMPLETE LOGGED IN PAGE.

# Access session.
session_start() ; 

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# Set page title and display header section.
$page_title = 'Home' ;
include ( 'includes/header.html' ) ;

# Display body section.
echo "<h1>HOME</h1><p>You are now logged in, {$_SESSION['first_name']} {$_SESSION['last_name']} </p>";

# Create navigation links.
echo '<p><a href="forum.php">Forum</a> | <a href="shop.php">Shop</a> | <a href="goodbye.php">Logout</a></p>';

# Display footer section.
include ( 'includes/footer.html' ) ;
?>
<br />
<br />
<br />
<img src="bottomheader.jpg">
</body>
</html>

As seen there is a session identifier there with name and last name, so this page knows to use what is from the db I would think,

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

This part here is looking to login_tools, so that is where the the logic is,

# On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id, first_name, last_name FROM users WHERE email='$e' AND pass=SHA2('$p',256)" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( @mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
      return array( true, $row ) ; 
    }

This above is from login tools, so I could use that above, <?php

?>

I did read through the sessions in the Learning Php book, and looked at some of the code examples, just no good for me.

[justsomeguy]

so this page knows to use what is from the db I would think,

It's not going to do anything it wasn't told to do.  Computers are not people, computers do not have a concept of "maybe."  They do exactly what they are told to do, nothing more, nothing less.  If you want a value in the session, you need to put it there.  That code is looking for variables in the session called user_id, first_name, and last_name.  So, when someone logs in you need to save those values in the session.

[Html]

<?php
# Access session.
session_start() ; 

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id, first_name, last_name FROM users WHERE email='$e'" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( @mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
      return array( true, $row ) ; 
    }

?>

Well this is for a profile.php so would load the first and last name from the db as seen, obviously to display a new page which is connected with those registered details. I am uncertain where to go with this.

[dsonesuk]

Is it access to users profile page to retrieve and dynamically show info about a specific user only, or a static page you want users only to have access to when authorized?

Usually on authorization. the user will have access to the profile page and the profile details related to that user that is stored on the database, which you can now retrieve using the user_id,  you would then dynamically create html layout to hold these details to show on that profile page, .

 

[Html]

I would like to load an index page for that registered user which accessible via the navigation as seen in the code so instead of shop will be profile index so profile.php, which would display a comment posted from the home.php of that user which I would use from the post comment code from the book. So just a task of trying to get it connected.

I thought the example above is probably the correct step, if so what do I do now? And if not, what can I do to get this linking together.

Lastly the page would be viewable by any user, but not to post a comment, I haven't a clue how I could get that to sort of work out. So far now, i'm just getting something basic, a lot like this forum, view you're own profile, login you know that sort of thing, just really bare bones.

 

 

Edited October 9, 2018 by Html
Added last paragraph

[justsomeguy]

You have a return statement in that code that shouldn't be there.  Instead of returning, after you get the user from the database then do whatever you want to do with that database data.  Like printing a page that has their name on it.  Go from there to add a text box for submitting comments, and then a way to display them.

It looks like that code is 2 parts that you put together.  Your query is trying to use a variable called $e that doesn't exist, and $dbc doesn't exist either.  You're already checking if the session has the user ID, so you should look up the user in the database based on that user ID instead of by email.

[Html]

I used the code from two pages, what seemed like the right step. I wasn't sure what to do.

<?php
# Access session.
session_start() ; 

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id, FROM users WHERE email='user_id'" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( @mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
    }

?>

Would this be a step forward?

As for $dbc, well that is from the code, whether to remove or keep, that is from the Php & MYSQL book, in the php 7 book, which you noted it not really being much of anything to do with php 7, it is also used  for require.php so a connection script. Database connection is what it stands for I guess.

[justsomeguy]

$q = "SELECT user_id, FROM users WHERE email='user_id'" ;

You're telling it to select the user ID from the users table in the database where the email field contains the text "user_id".  Is that what you want to do?  You need to think about what you want to do.

What information do you want to display on the profile page?  You need to get that information from the database.  If you already have the user ID from the session, why is the only thing you're getting from the database the user ID?  You already have the user ID, you don't need to get it again from the database.

You need to think about what you want to do.

If you have the user ID, why are you looking up a database record based on the email field?  Don't you want to look up the record based on the user_id field?

This doesn't need to be difficult.  Figure out what you want to do.  If you say "I want to display the user's name on the page", then doesn't it make sense to get the name from the database?  Why is the only thing you're getting from the database something that you already have?

If it doesn't make sense, then it's probably not correct.

[Html]

As it stands, I want to have the page which is obviously linked with the registered user, well I would want to load a comment from the db, which is posted from the user control panel area, but for the moment, I just simply want the page identified with that user id, and I guess not forgetting the first name and last name of the user can be displayed, top center on that profile index page.

user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,

That is from the db code to make a table.

[dsonesuk]

That just mean it creates a auto increment unique int number, that can't be empty, everytime a new user is added.

[justsomeguy]

 for the moment, I just simply want the page identified with that user id, and I guess not forgetting the first name and last name of the user can be displayed

OK, then get that data from the database using the user ID, and print it.

[Html]

$q = "SELECT user_id, FROM users WHERE email='user_id'" ;

Right, well id is 1, but you are getting at there needs to be some kind of id name for the user_id as is here

<?php
# Access session.
session_start() ; 

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id, FROM users WHERE email='user_id'" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( @mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
    }

?>

So we need print code in this above,

So this below, some of it can be inserted in,

$sql = 'SELECT * FROM USERS' ;
$result = mysqli_query( $dbc, $sql ) ;
if ( mysqli_num_rows( $result ) > 0 )
{
  echo '<table><tr><th>Posted By</th><th id="id">Mes</th></tr>';
  while ( $row = mysqli_fetch_array( $result , MYSQLI_ASSOC ))
  {
    echo '<tr><td>' .
    $row['user_id'] . '</td> </tr>';
  }
  echo '</table>' ;
}
mysqli_close( $dbc ) ;

I took this from the forum code, and made some changes. I don't know where to go from here, with the table removal for a print name?

[dsonesuk]

According to this you have first_name, last_name, email

$q = "SELECT user_id, first_name, last_name FROM users WHERE email='$e'" ;

That is how you retrieve these and any other details stored on the database table by using user_id, that is provided when the user logs in, and stored in session.

The while loop will go through those record details row from that user_id matching id, and using the column names show remaining data from that record row.

$row['first_name'].'<br>';
$row['last_name'].'<br>';
$row['email'].'<br>';

 

[Html]

So it is like this, a lot simpler than I thought then..

<?php
# Access session.
session_start() ; 

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id, first_name, last_name FROM users WHERE email='$e'" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( @mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
      return array( true, $row ) ; 
 {
	echo '<tr><td>' . 
	$row['first_name'] .' '. 
	$row['last_name'] . '<br>'. 
	</td><td>' . 
	</td> </tr>';
  }

  echo '</table>' ;

    }

?>

I did login, and then typed profile.php, nothing is displayed, obviously something with the code, structure problem may be.

Edited October 11, 2018 by Html
Tried.

[dsonesuk]

Obviously the where condition must equal the user id from session, don't! just copy and paste, I never said you should use that! just pointed the column names that existed.

[justsomeguy]

You need to get out of the habit of copying and pasting which is what tutorials teach, and into the habit of understanding and thinking.

Why did you use this query:

$q = "SELECT user_id, first_name, last_name FROM users WHERE email='$e'" ;

Why are you looking up a record based on the email field and not the user_id field?  The user_id is what you have in the session, right?  So, why aren't you using that?  Why are you telling it to look up a user based on the email?  And what is $e?  Where is it defined?  You're telling it to look up a user based on an email with a value that is not defined, why are you doing that?

Stop copying and pasting, and start understanding and thinking.  Programming is not copying and pasting.  You need to look at code and understand how it works, and then think about how you need to change it to make it work for you.

[Html]

Okay everyone,

I used the code from the site, i don't have a book of that exact code I have used, I thought I mentioned in previous posts, I did, but you folks forgot.

I am using the code from the forum of which I have that book to create this profile.php, okay, as shown above.

And yes I do agree copying pasting isn't the way to go about creating code to get a task going and done, but for the page setup I used what there was, as for the code from the forum, yes I did copy and paste, for ease, as when I did the first time, I got the spacing wrong which caused errors as well not having the right words, and characters in certain places.

As for $e I don't know, that is what the code displays. I will check the php 7 book again.

[justsomeguy]

I don't know if you're overthinking it, or what.

You need to get certain data from the database, at least the first name and last name, right?  So, your SQL query needs to specify that data to get.

You have the user ID, right?  So, you use that to look up the appropriate user in the database.  Your SQL query needs to specify that you are looking for a user with a specific user ID, not a specific email.

You should already know where you get the user ID from, because it's been mentioned many times, in this thread and your others.

You really need to make an effort to understand what the existing code is doing and why, what you're trying to do, and then how to modify the existing code to get it to do what you need it to do.

You already have a SQL query where it looks up a user based on certain criteria, all you need to do is change those criteria for your needs.  It's not a difficult solution, and you're probably overthinking it.

[Html]

I thought I made some progress with at least getting what I needed, okay the book I have Php 7 in Easy steps has the forum tutorial, there is no $e, that would be in the Mysql book obviously, which I don't have so I can't state what that means, obviously email or what ever, as I got this from the link the other user posted on here, which solved the whole login problem I was having, since I no longer had to workout what to do, and going nowhere with it.

Okay, getting back to this,

<?php
# Access session.
session_start() ; 

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id, first_name, last_name FROM users WHERE id='$id'" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( @mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
      return array( true, $row ) ; 
 {
	echo '<tr><td>' . 
	$row['first_name'] .' '. 
	$row['last_name'] . '<br>'. 
	</td><td>' . 
	</td> </tr>';
  }

  echo '</table>' ;

    }

?>

May be this might do it?

[dsonesuk]

That would only work if there was a table column with the name 'id' and $id magically came up with single id number that amazingly equals a id number in that column with the name 'id'.

So basically you saw something you thought might be right! and back to copy and paste again! You might as well have pasted "oh, oh paste me! i will work, truly! Trust me!", instead questioning "I know 'user_id, first_name, last_name' are the column names", they must correct! 'id' hmmm i don't have a column name of 'id'? that can't be right and hmmm where is $id variable getting its value from? magic! no that can't be right, programing does not work by magic! It must have a value set to it! what value do i need to match a user id....eureka! the $user_id. Now! I need a column name to match it to? Now what do we have 'user_id, first_name, last_name', first_name is string, so no no that can't be right and the last_name is the same! ahh yes, the column name 'user_id', silly me! its so obvious when you think the code through, instead of copy-> paste and hope it works.

Edited October 12, 2018 by dsonesuk

[Html]

What..😶

So it was user_id but with the symbol.  I learn quite late then.

 

[justsomeguy]

Are you running and testing the code?  You should do that, and make sure you've got error messages enabled:

ini_set('display_errors', 1);
	error_reporting(E_ALL);

[dsonesuk]

1 hour ago, Html said:

What..😶

So it was user_id but with the symbol.  I learn quite late then.

 

Yes! if that is the variable name that holds user_id session value after a login is successful, i seem to remember that the variable name you used from your your vast collection of topics on the same subject. 

[Html]

<?php
ini_set('display_errors', 1); 
error_reporting(E_ALL);
# Access session.
session_start() ; 

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id, first_name, last_name FROM users WHERE email='$user_id'" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( @mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
      return array( true, $row ) ; 
 {
	echo '<tr><td>' . 
	$row['first_name'] .' '. 
	$row['last_name'] . '<br>'. 
	</td><td>' . 
	</td> </tr>';
  }

  echo '</table>' ;

    }

?>

Still nothing as is,  I did try changing the $q to $user_id

[dsonesuk]

You still don't get it! WHERE DOES $user_id get its value? it does not magically get a value, a value has to be applied to it!  NOW think with brain, what currently is storing the required value, once logged on  to use in that SQL statement? AGAIN! plain sight!

AND why are you comparing email address to what is a NUMBER.

EMAIL: example@example.com

user_id: 3

Now seeing that! how can you possibly think that is correct! perhaps you think it counts the number of 'm' in  the email address WRONG!  it should compare number to number A MATCHING user id.

variable $q takes the value of '"SELECT user_id, first_name, last_name FROM users WHERE email='$user_id'"

If you echo $q and it does not show anything after email=' ' , that is what you are comparing with, because its value is blank, because no value has been attached to it. IT should should show something like email='999', but obviously with correct column name to compare to, which i am not going to correct, I'm not giving to chance of the usual copy and paste, think it through and correct it yourself.

Edited October 12, 2018 by dsonesuk