PHP: Display data of logged on person

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
SpyJoe
Forum Newbie
Posts: 3
Joined: Sat Jan 19, 2008 3:44 pm

PHP: Display data of logged on person

Post by SpyJoe »

Hi everyone, I'm creating a social network website, like MySpace or Facebook, but a simple one. I used a code I found on a website for login, register and logout. What I'm trying to do now is display member's data (like name, gender, etc) that member has registered with. So just like a profile of someone who is logged in.

This is part of the code that I have already:

Code: Select all

 
<?
$conn = mysql_connect("###", "###", "###") or die(mysql_error());
mysql_select_db('###', $conn) or die(mysql_error());
 
$result = mysql_query("SELECT * FROM users",$conn);
printf("First Name: %s<br>\n", mysql_result($result,0,"firstname"));
printf("Last Name: %s<br>\n", mysql_result($result,0,"lastname"));
printf("Gender: %s<br>\n", mysql_result($result,0,"gender"));
mysql_close($conn);
?>
 
But this only displays the first row from my database. I need to do something like this:

Code: Select all

 
$result = mysql_query("SELECT * FROM users WHERE username=$username",$conn);
 
I'm not sure if the username of person who is logged in is stored in a cookie or somewhere else, because code is quite complicated.

What do I need to put, so that it displays information of a person who is logged in? Can someone reply asap plz. Thank you!

P.S. Sorry forgot the most important thing. This is where I got the code from:

http://www.evolt.org/article/comment/17 ... index.html
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: PHP: Display data of logged on person

Post by Jonah Bron »

Find a setcookie() function inside the code, and get the name. That will probably be it. If there are more than one, just use logic to figure out which one.
SpyJoe
Forum Newbie
Posts: 3
Joined: Sat Jan 19, 2008 3:44 pm

Re: PHP: Display data of logged on person

Post by SpyJoe »

PHPyoungster wrote:Find a setcookie() function inside the code, and get the name. That will probably be it. If there are more than one, just use logic to figure out which one.
OK, i found this:

Code: Select all

 
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }
 
Some other guy told me what to do as well, so now I have this:

Code: Select all

 
<?
Error_Reporting(E_ALL & ~E_NOTICE);
mysql_connect("###", "###", "###") or die(mysql_error());
mysql_select_db('###') or die(mysql_error());
$query = "SELECT * FROM users WHERE username='".$_COOKIE['username']."'";
$result = mysql_query($query);
if($result)
{
$ans = mysql_fetch_array($result);
printf("First Name: %s\n", $ans['firstname']);
printf("Last Name: %s\n", $ans['lastname']);
printf("Gender: %s\n", $ans['gender']);
}
 
?>
 
But it still doesnt work. All I see now is just field names, but not actual data...

Please help me fix this...
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: PHP: Display data of logged on person

Post by John Cartwright »

More likely than not your system uses sessions.

Include..

echo '<pre>';
print_r($_SESSION);
print_r($_COOKIE);

.. after you've logged in. Might give you a hint as to how your system stores the user :)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: PHP: Display data of logged on person

Post by John Cartwright »

SpyJoe wrote:
PHPyoungster wrote:Find a setcookie() function inside the code, and get the name. That will probably be it. If there are more than one, just use logic to figure out which one.
OK, i found this:

Code: Select all

 
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }
 
Some other guy told me what to do as well, so now I have this:

Code: Select all

 
<?
Error_Reporting(E_ALL & ~E_NOTICE);
mysql_connect("###", "###", "###") or die(mysql_error());
mysql_select_db('###') or die(mysql_error());
$query = "SELECT * FROM users WHERE username='".$_COOKIE['username']."'";
$result = mysql_query($query);
if($result)
{
$ans = mysql_fetch_array($result);
printf("First Name: %s\n", $ans['firstname']);
printf("Last Name: %s\n", $ans['lastname']);
printf("Gender: %s\n", $ans['gender']);
}
 
?>
 
But it still doesnt work. All I see now is just field names, but not actual data...

Please help me fix this...
Please do not use this code, it is so incredibly insecure!

Firstly, never.... ever.... ever.... store the user's password in plaintext, and especially in a cookie! Instead, at minimum store a hash of the password (I recommend Sha256 encryption atleast).

Secondly, your query is vulnerably to SQL injection. At minimum, you should be passing the username through mysql_real_escape_string() to protect against this.

Code: Select all

$query = "SELECT * FROM users WHERE username='". mysql_real_escape_string($username) ."'";
SpyJoe
Forum Newbie
Posts: 3
Joined: Sat Jan 19, 2008 3:44 pm

Re: PHP: Display data of logged on person

Post by SpyJoe »

I managed to crack it. The username was stored in session after all...

As for security of the website, it's not really what I need to do for now. I just wanted to make it work. It won't be open to public anyway...

PHPyoungster and Jcart, thank you so much for your help. :)

Great forum btw, I never got a reply so fast in any other forum. Will be using this one from now on... :)
Post Reply