How user login info is send to other pages from the login page

Probably using sessions ($_SESSION) when the user logs in, a session is created, that session can contain the id or the name of the user. Example: $_SESSION["id"] = 1 Then, when he goes to the other page, you query the database for example SELECT name, lastName FROM UsersTable WHERE id = $_SESSION["id"] if the $_SESSION["id"] is null or is not created yet, we redirect them to the login page, saying you are not logged in, stuff like that.

After passing the login through a User Management Class, I store the login in a session variable.. i.e. $_SESSION['isLoggedIn'] = true with the user id number, their usergroup if needed, and how long to keep the session alive in all or inactive. DO NOT pass variables straight into a query, use your library's sanitation to avoid SQL injection. $_SESSION and other predefined globals can be faked. PDO: try{ $q = $this->pdo->prepare("SELECT username,usergroup FROM users WHERE userid=:userid"); $q->bindParam(":userid",$userid,PDO::PARAM_INT); $q->execute(); /**loop through the query results using $q->fetchAll(PDO::FETCH_ASSOC) and update your session values. It's also a good idea to pair their userid and IP together, the more variables you use to try and validate the user the better... up to a point. If you include too many ways, the application slows down**/ }catch(PDOException $e){ error_log($->getMessage()); return 0; }