Capture user last login date

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
deason
Forum Newbie
Posts: 2
Joined: Fri Nov 15, 2013 2:58 pm

Capture user last login date

Post by deason »

Hi,

I have no hair left trying to understand this, im now on the second evening of trying to work it out.

I am trying to log in a Mysql row the user login date, which works for me when I have in the Username string a legit username, however i need to use the logged on user name to update the relevant SQL row.

Why oh why can't i get this to work with the $_SESSION for the User.

Login.php

Code: Select all

<?php 
    require("config.php"); 
	session_start();
    $submitted_username = ''; 
    if(!empty($_POST)){ 
        $query = " 
            SELECT 
                id, 
                username, 
                password, 
                salt, 
                email 
            FROM users 
            WHERE 
                username = :username 
        "; 
        $query_params = array( 
            ':username' => $_POST['username'] 
        ); 
          
        try{ 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } 
        $login_ok = false; 
        $row = $stmt->fetch(); 
        if($row){ 
            $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
            for($round = 0; $round < 65536; $round++){
                $check_password = hash('sha256', $check_password . $row['salt']);
            } 
            if($check_password === $row['password']){
                $login_ok = true;
            } 
        } 
 
        if($login_ok){ 
            unset($row['salt']); 
            unset($row['password']);
            $_SESSION['user'] = $row;
            
            header("Location: main.php"); 
            die("Redirecting to: main.php"); 	
        } 
        else{ 
            print("Login Failed."); 
            $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
        } 
    }; 
?> 


The main page i'm running the code to capture a successful user login

Code: Select all

<?php
    include ("config.php"); 
    session_start();
    $stmt = $db->prepare "UPDATE users SET lastlogindate = NOW() WHERE username = ". $_SESSION['username'] ."";
	$stmt ->execute();
    
?>
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Capture user last login date

Post by Eric! »

It seems like your quotes and parenthesis are wrong on your prepared statement. Is this what you're looking for:

Code: Select all

$stmt = $db->prepare("UPDATE users SET lastlogindate = NOW() WHERE username = ". $_SESSION['username']);
And you might want to bind parameters instead to avoid injection problems

Code: Select all

$stmt=$db->prepare("UPDATE `users`  SET lastlogindate = NOW() WHERE username=:var");
$db->bindParam(":var", $_SESSION['username']);
$db->execute();

If this was just a cut-n-paste error, then try checking that your structure for "users" and lastlogindate field is DATETIME.
deason
Forum Newbie
Posts: 2
Joined: Fri Nov 15, 2013 2:58 pm

Re: Capture user last login date

Post by deason »

Eric,

That query didnt error but it isn't striking to do what i want it to.

I want to add the users last login time with the statement I'm making...it works using a known username.

Thanks

Dan
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Capture user last login date

Post by Eric! »

deason wrote:I want to add the users last login time with the statement I'm making...it works using a known username.
It's not clear to me what your problem is. You can't add a login time to an unknown username. UPDATE only works on existing records. If you are creating the record for the first time then you need to INSERT the data. If you need to do both, then you have to try to SELECT the username's data, if it returns the username's data, then UPDATE it, if not then INSERT new data.
Post Reply