0
How user login info is send to other pages from the login page
For example take Facebook, User enters username and password in the login page . but, 1.how the login data is send to other (upcoming )pages. 2. how does the other pages know " is the user logged in or not ? " please explain the process . if possible give example . Thanks in Advance ! !
2 Answers
+ 3
Probably using sessions ($_SESSION)
when the user logs in, a session is created, that session can contain the id or the name of the user.
Example:
$_SESSION["id"] = 1
Then, when he goes to the other page, you query the database for example
SELECT name, lastName
FROM UsersTable
WHERE id = $_SESSION["id"]
if the $_SESSION["id"] is null or is not created yet, we redirect them to the login page, saying you are not logged in, stuff like that.
+ 1
After passing the login through a User Management Class, I store the login in a session variable.. i.e. $_SESSION['isLoggedIn'] = true with the user id number, their usergroup if needed, and how long to keep the session alive in all or inactive.
DO NOT pass variables straight into a query, use your library's sanitation to avoid SQL injection.
$_SESSION and other predefined globals can be faked.
PDO:
try{
$q = $this->pdo->prepare("SELECT username,usergroup FROM users WHERE userid=:userid");
$q->bindParam(":userid",$userid,PDO::PARAM_INT);
$q->execute();
/**loop through the query results using $q->fetchAll(PDO::FETCH_ASSOC) and update your session values. It's also a good idea to pair their userid and IP together, the more variables you use to try and validate the user the better... up to a point. If you include too many ways, the application slows down**/
}catch(PDOException $e){
error_log($->getMessage());
return 0;
}