Page 1 of 1

Capture user last login date

Posted: Fri Nov 15, 2013 3:06 pm
by deason
Hi,

I have no hair left trying to understand this, im now on the second evening of trying to work it out.

I am trying to log in a Mysql row the user login date, which works for me when I have in the Username string a legit username, however i need to use the logged on user name to update the relevant SQL row.

Why oh why can't i get this to work with the $_SESSION for the User.

Login.php

Code: Select all

<?php 
    require("config.php"); 
	session_start();
    $submitted_username = ''; 
    if(!empty($_POST)){ 
        $query = " 
            SELECT 
                id, 
                username, 
                password, 
                salt, 
                email 
            FROM users 
            WHERE 
                username = :username 
        "; 
        $query_params = array( 
            ':username' => $_POST['username'] 
        ); 
          
        try{ 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } 
        $login_ok = false; 
        $row = $stmt->fetch(); 
        if($row){ 
            $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
            for($round = 0; $round < 65536; $round++){
                $check_password = hash('sha256', $check_password . $row['salt']);
            } 
            if($check_password === $row['password']){
                $login_ok = true;
            } 
        } 
 
        if($login_ok){ 
            unset($row['salt']); 
            unset($row['password']);
            $_SESSION['user'] = $row;
            
            header("Location: main.php"); 
            die("Redirecting to: main.php"); 	
        } 
        else{ 
            print("Login Failed."); 
            $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
        } 
    }; 
?> 


The main page i'm running the code to capture a successful user login

Code: Select all

<?php
    include ("config.php"); 
    session_start();
    $stmt = $db->prepare "UPDATE users SET lastlogindate = NOW() WHERE username = ". $_SESSION['username'] ."";
	$stmt ->execute();
    
?>

Re: Capture user last login date

Posted: Fri Nov 15, 2013 8:00 pm
by Eric!
It seems like your quotes and parenthesis are wrong on your prepared statement. Is this what you're looking for:

Code: Select all

$stmt = $db->prepare("UPDATE users SET lastlogindate = NOW() WHERE username = ". $_SESSION['username']);
And you might want to bind parameters instead to avoid injection problems

Code: Select all

$stmt=$db->prepare("UPDATE `users`  SET lastlogindate = NOW() WHERE username=:var");
$db->bindParam(":var", $_SESSION['username']);
$db->execute();

If this was just a cut-n-paste error, then try checking that your structure for "users" and lastlogindate field is DATETIME.

Re: Capture user last login date

Posted: Sat Nov 16, 2013 6:05 pm
by deason
Eric,

That query didnt error but it isn't striking to do what i want it to.

I want to add the users last login time with the statement I'm making...it works using a known username.

Thanks

Dan

Re: Capture user last login date

Posted: Sun Nov 17, 2013 11:31 am
by Eric!
deason wrote:I want to add the users last login time with the statement I'm making...it works using a known username.
It's not clear to me what your problem is. You can't add a login time to an unknown username. UPDATE only works on existing records. If you are creating the record for the first time then you need to INSERT the data. If you need to do both, then you have to try to SELECT the username's data, if it returns the username's data, then UPDATE it, if not then INSERT new data.