I have no hair left trying to understand this, im now on the second evening of trying to work it out.
I am trying to log in a Mysql row the user login date, which works for me when I have in the Username string a legit username, however i need to use the logged on user name to update the relevant SQL row.
Why oh why can't i get this to work with the $_SESSION for the User.
Login.php
Code: Select all
<?php
require("config.php");
session_start();
$submitted_username = '';
if(!empty($_POST)){
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); }
$login_ok = false;
$row = $stmt->fetch();
if($row){
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++){
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']){
$login_ok = true;
}
}
if($login_ok){
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: main.php");
die("Redirecting to: main.php");
}
else{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
};
?> The main page i'm running the code to capture a successful user login
Code: Select all
<?php
include ("config.php");
session_start();
$stmt = $db->prepare "UPDATE users SET lastlogindate = NOW() WHERE username = ". $_SESSION['username'] ."";
$stmt ->execute();
?>