Page 1 of 1

Passing session data to database

Posted: Mon Aug 09, 2004 1:46 am
by saltriver
Hi all,
I'm trying to figure out a way for a logged in user to make entries into a database, so that their company, username and password are automatically entered along with the data they manually enter on the form I've made (item, description, price, etc). I'm working with prexisting code, so I don't want to change it too much for fear of breaking another part of it.
From what I gather, I will need to use the session, and the values associated with it, to identify the current user. Presently, the Logincheck.php page only associates the username and session id with the session. Here's where I'm not sure how to proceed. Should I:

A- assign the username, company and password in the session, and how to I add those? I tried, but I think my syntax was bad.

B- make an array that's tied to the session by the username and extract (somehow) the compnay and password from the database using the username?

This code uses session_is_registered(), which I have read should not be used. I tried using the global session method, but didn't have any luck. I would like to try to figure this part out first before trying to tacke that, since it seems like it might need to be addressed eventually anyway.

Here's the code for the Logincheck.php page:

Code: Select all

<?
// this needs to be on every page, it makes it remember all of the set variables that is done on the login_script.php
session_start();

if (session_is_registered("valid_user")) &#123;
	session_save_path("$id.txt");
	&#125;
else &#123; header ("Location: login.php"); &#125;
?>
Am I on the right track?

Steve

Posted: Mon Aug 09, 2004 8:07 am
by anjanesh
Sessions in a database is a different issue :
Before any output is done you need to do these :

Code: Select all

<?php
session_module_name("user");
session_set_save_handler("session_open","session_close","session_read","session_write","session_remove","session_gc");
session_start();

function session_open($path,$name){}
function session_close(){}
function session_read($id){}
function session_write($id,$data){}
function session_remove($id){}
function session_gc($life){}
?>
session_open,session_close,session_read,session_write,session_remove,session_gc are all user defined functions.
http://www.php.net/manual/en/function.s ... andler.php

Posted: Mon Aug 09, 2004 8:15 am
by tim
you can assign session vars simple.

Code: Select all

<?php
$_SESSION['user'] = $_POST['user'];

// from there, you can check if the user is logged in or not by seeing if the session var is present, if not, use the form to Add the information into the db.

$sql = mysql_query("INSERT INTO table_name ('username', 'password', 'company') VALUES ('$username', '$password', '$company'") or die (mysql_error());

something like that.
?>

Posted: Mon Aug 09, 2004 8:17 am
by tim
Also - session_start();needs to be on every page you wish to assign, call upon, anything with session vars peroid.

Posted: Mon Aug 09, 2004 11:51 am
by saltriver
I was hoping to avoid having that on the form. Too repetitive, since they will be adding items one at a time. It looks like this should work.

Code: Select all

$sql = mysql_query("INSERT INTO table_name ('username', 'password', 'company') VALUES ('$username', '$password', '$company'") or die (mysql_error());
This Logincheck.php page is an include that's put into every page in the login section, so the session should be OK with that, right?
As for the VALUES, do I need to make an array for those or does the $ in front of the field name take care of itself?

steve

Posted: Mon Aug 09, 2004 11:58 am
by feyd
building your own session handler is probably the more solid solution of the two, however, it is vastly more complex at times. :)