Jump to content
Sign in to follow this  
jaylow

retrieve and store session information in databases

Recommended Posts

I have a session running after someone registers and log into my page and i want to use that session ID

 

How can i use the session id to store new information into a other mysql database and when the same user logs in retrieve it again from that database?

 

I want that the user log into the page and then create a character.

I just don't know how to bind it together.

 

I made a new page where you need to create/select Character name, $ex, Race, Home world

and a new table called "players" with those 4 in it plus id and User_id

how would i code it so that the users session ID from the register page combines with the info he/she filled in the player creation form ?

 

if some one could shove me into the right direction it would make my day

 

This is the session function and log in function.

function sec_session_start() {    $session_name = 'sessionName';   // Set a custom session name    $secure = SECURE;    // This stops JavaScript being able to access the session id.    $httponly = true;    // Forces sessions to only use cookies.    if (ini_set('session.use_only_cookies', 1) === FALSE) {        header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");        exit();    }    // Gets current cookies params.    $cookieParams = session_get_cookie_params();    session_set_cookie_params($cookieParams["lifetime"],        $cookieParams["path"],         $cookieParams["domain"],         $secure,        $httponly);    // Sets the session name to the one set above.    session_name($session_name);    session_start();            // Start the PHP session     session_regenerate_id();    // regenerated the session, delete the old one. }
function login($email, $password, $mysqli) {    // Using prepared statements means that SQL injection is not possible.      if ($stmt = $mysqli->prepare("SELECT id, username, password, salt, accdate        FROM members       WHERE email = ?        LIMIT 1")) {        $stmt->bind_param('s', $email);  // Bind "$email" to parameter.        $stmt->execute();    // Execute the prepared query.        $stmt->store_result();        // get variables from result.         $stmt->bind_result($user_id, $username, $db_password, $salt, $accdate);        $stmt->fetch();        // hash the password with the unique salt.        $password = hash('sha512', $password . $salt);        if ($stmt->num_rows == 1) {            // If the user exists we check if the account is locked            // from too many login attempts             if (checkbrute($user_id, $mysqli) == true) {                // Account is locked                 // Send an email to user saying their account is locked                return false;            } else {                // Check if the password in the database matches                // the password the user submitted.                if ($db_password == $password) {                    // Password is correct!                    // Get the user-agent string of the user.                    $user_browser = $_SERVER['HTTP_USER_AGENT'];                    // XSS protection as we might print this value                     // everything works!                     //so i could add more to the table and get the info from here                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);                    $_SESSION['user_id'] = $user_id;                    $_SESSION['email'] = $email;                    $_SESSION['username'] = $username;                    $_SESSION['accdate'] = $accdate;                    // XSS protection as we might print this value                    $username = preg_replace("/[^a-zA-Z0-9_-]+/",                                                                 "",                                                                 $username);                    $_SESSION['username'] = $username;                    $_SESSION['login_string'] = hash('sha512',                               $password . $user_browser);                    // Login successful.                    return true;                        //TEST if Login successful add to email and username from members and add to players table                   } else {                    // Password is not correct                    // We record this attempt in the database                    $now = time();                    $mysqli->query("INSERT INTO login_attempts(user_id, time)                                    VALUES ('$user_id', '$now')");                    return false;                }            }        } else {            // No user exists.            return false;        }    }}

 

Share this post


Link to post
Share on other sites

If you are using php 5.4 and up you can use http://php.net/SessionHandlerInterface in conjugation with http://php.net/session_set_save_handler (one of its version takes callback style parameter which are used prior to php 5.4

Share this post


Link to post
Share on other sites

The session_id function will return the current session ID if you don't send it a parameter, but I don't see the point of storing the session ID in a database. Every time a user comes back they will have a different session ID.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...