how to display user information in php?

Question

I am trying to figure out how to display user information after they've logged in. I am not sure whether I should create a single php file which would display user information depending on the session or should I create different files for different users. I am also having trouble grabbing the header.

here's my code for login.php

<?php
session_start();

require 'dbh.php';


$username = $_POST['uname'];

$password = $_POST['pwd'];


$sql = "SELECT * FROM  registeredusers WHERE UserName = '$username'";

$result = mysqli_query($connection,$sql);

$row = mysqli_fetch_assoc($result);


$hashed_Password = $row['Password'];

$Dehash = password_verify($password,$hashed_Password);



if($Dehash == 0){

echo "username or password is incorrect";

exit();


} else{




$sql = "SELECT * FROM  registeredusers WHERE  UserName='$username' AND Password='$hashed_Password'";

$result = mysqli_query($connection,$sql);



if (!$row=mysqli_fetch_assoc($result)){


echo "Your User Name or Password is incorrect";

}

else {

$userid = $row['id'];

$_SESSION['UserName'] = $row['UserName'];


header("Location: userhomepage.php?user_id=".$userid);

}


}

?>

The following code redirects to userhomepage.php and the user ID is in the url can someone also tell me how do I grab the user ID from the url? I only started coding in PHP a week ago I am fairly new so if guys have any pointers for me that would be great.

**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.4/authentication) built-in. — tadman, Mar 03 '17 at 22:01
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Mar 03 '17 at 22:27

score 0 · Answer 1 · answered Mar 03 '17 at 20:53

0

I am not sure whether I should create a single php file which would display user information depending on the session or should I create different files for different users.

You should create a single page that displays user information based on session... you don't want to have to hand-make a new page every time a user signs up!

how do I grab the user ID from the url

echo $_GET["user_id"];

answered Mar 03 '17 at 20:53

Bert JP

43
7

i tried $_GET["id"] i keep getting the same error Undefined Index: id – Mar 03 '17 at 21:30
Has to be "user_id" not "id", it has to match the parameter in the URL – Bert JP Mar 06 '17 at 16:48

how to display user information in php?

1 Answers1