keeping username in variable/function for later use

Question

I need advice. I have system with login panel. And I need create profile site but I need to show only profile site of one logged user. So I need to store that username from variable into something I can store for longer time. My login panel looks like this:

<?php
} else {
    if(isset($_POST['username'], $_POST['password'])){
        $username= $_POST['username'];
        $password= md5($_POST['password']); 
        $rola = "ziak";

        if (empty($username) or empty($password)) {
            $error= "Všetky políčka je potrebné vyplniť!";
        } else {
            $query = $pdo->prepare("SELECT * FROM ziaci WHERE ziak_meno = ? AND ziak_heslo = ? AND rola = ?");

            $query->bindValue(1, $username);
            $query->bindValue(2, $password);
            $query->bindValue(3, $rola);

            $query->execute();

            $num = $query->rowCount();

            if ($num == 1) {
                $_SESSION['logged_in'] = true;
                header("Location: index.php");
                exit();
            } else {
                $error = "Nesprávne meno/heslo alebo nemáte status administrátora";
            }



        }
    }

    ?>

of course I have defined connection and other things. (this system is functional I only need to "save" that variable

If you can you should stop using `md5`. `password_hash` and `password_verify` are the more secure options for PHP now. — user3783243, Sep 06 '18 at 11:55
***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Sep 06 '18 at 11:58

score 2 · Answer 1 · answered Sep 06 '18 at 11:43

2

On top of your page put session_start()

Then on successful login store the username in session

if ($num == 1) {
                $_SESSION['logged_in'] = true;
                $_SESSION['uname'] = $username;
                header("Location: index.php");
                exit();
            } else {

Then when ever you need to use it just use $_SESSION['uname']

answered Sep 06 '18 at 11:43

Masivuye Cokile

4,754
3
19
34

Thanks, I had session start on top because of logged_in session but I wasn't sure if I need another session start to use it. But your answer will definitely help me. – Tomáš Sidorják Sep 06 '18 at 11:48
If you had session start at the top of the page, then don't add again just create another session – Masivuye Cokile Sep 06 '18 at 11:49
Downvoter for what exactly? – Masivuye Cokile Sep 06 '18 at 11:52

keeping username in variable/function for later use

1 Answers1