Hi, I am trying to get the current user ID so they can change their password in a content management system. My login code is as follows;
<?php
session_start();
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include 'library/config.php';
include 'library/opendb.php';
$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];
// check if the user id and password combination exist in database
$sql = "SELECT user_id
FROM adminuser
WHERE user_id = '$userId' AND user_password = md5('$password')";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['db_is_logged_in'] = true;
// after login we move to the main page
header('Location: index.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
include 'library/closedb.php';
}
?>
I’m then using this to check they are logged in to access pages;
<?php
// like i said, we must never forget to start the session
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true)
{
// not logged in, move to login page
header('Location: login.php');
exit;
}
?>
Can anyone help? I’ve tried using $_SESSION[‘user_id’], and lots of other variations. Any help would be great!
Thanks