How to adapt my PHP Session into an Array

0
votes

I have this PHP code which I'm using to trigger the user log in. For a successful log in, the user uses their registered email and password. My current PHP code allows the username to be echoed on whatever pages use the $_SESSION['loggedin'] = $dbusername. What I'm now trying to do is to adapt this PHP code to put an Array into the 'loggedin' session. I want the array to hold user registration details i.e firstname, lastname, company and email, aswell as their username (dbusername). This is to enable me to echo such details on a 'user account page'

My code:

<?php

session_start();

$email = $_POST['email'];
$password = $_POST['password'];

if ($email&&$password)
{
$connect = mysql_connect("*****","***","**********") or die ("Login failed!");
mysql_select_db("dbname") or die ("Could not connect to Database"); 

$query = mysql_query("SELECT * FROM regusers WHERE email='$email'");

$numrows = mysql_num_rows($query);

if($numrows !=0)

{
while ($row = mysql_fetch_assoc($query))

{
$dbemail = $row['email'];
$dbpassword = $row['password'];
$dbusername = $row['username'];

}
if ($email==$dbemail&&$password==$dbpassword)

{
include 'loginIntro.php';
$_SESSION['loggedin']=$dbusername;

}

else
echo "Incorrect Password";

}

else
die ("That email doesn't exist");

}

else
die ("Enter a registered email and password");

?>

Then on my 'user account page' I have this :

<?php

session_start();
$dbusername = $_SESSION['loggedin'];

?>

For the purposes of echoing the username this PHP code works fine, as all I have to do is : any time I want to display the users username. So going back to my original question - Please impart the necessary knowledge to adapt this PHP code to hold the users registration details so I can echo such details on whatever page(s) use the session in question. Please forgive my lack of knowledge and understanding, I've scratched my head so hard I've got cradle cap - which only babies get, but in this PHP game I'm an embryo. Thanks for whatever help comes

2
phpmysqlarrayssession
Please, please hash your passwords… nobody likes websites which store passwords in raw text…bwoebi
Your session object is already an array... : $_SESSION = array_merge($_SESSION, $row);DarkBee
So what’s your actual problem …? If you don’t know how to use arrays, go read up on it in the manual please.CBroe
Watch out for SQL injection and mysql_* is deprecated! Google PDO and read php.net/manual/en/pdo.prepared-statements.phpRonni Skansing

2 Answers

2
votes

$_SESSION is a array

You can simply save a associative array inside of it.

$_SESSION['id'] = $x;
$_SESSION['username'] = $y;
$_SESSION['realname'] = $z;

or a nested array

$_SESSION['user']['id'] = $x;
$_SESSION['user']['username'] = $y;
$_SESSION['user']['realname'] = $z;

Beware

  • You are using deprecated functions.
  • There is no validation on data passed.
  • There is a risk (looks like 100%) of SQL injection.
  • As bwoebi said, you may not save password in clear text.

Suggested reading

0
votes

If you want to use an Array as a Session variable, you have to serialize it first. (http://php.net/manual/en/function.serialize.php).

Then you can add it to $_SESSION, and unserialize (http://php.net/manual/en/function.unserialize.php) it on the other pages.

Now here are two advices : hash your passwords using sha1 (http://us2.php.net/manual/en/function.sha1.php), and don't use mysql_* functions, which are outdated. Consider using mysqli ou PDO.