PHP - Keep session up when database information is changed -
when user logs website session created "user id". when want go change account information can click button , redirected "developer_infoupdater.php" file. every time change information, session ends , logged out. want them stay logged in after change information. believe problem on "developerupload.php" file because checking if information current , if not redirect them logout page. , when changed destination logout different file, went file changed to. want user stay logged in after update account information. here code
developer upload file
<?php session_start(); try{ // new php data object $handler = new pdo('mysql:host=127.0.0.1;dbname=magicsever', 'root', ''); //attr_errmode set exception $handler->setattribute(pdo::attr_errmode, pdo::errmode_exception); }catch(pdoexception $e){ die("there error connecting database"); } //check if token used log in, there $token = $_session['token']; $stmttoken = $handler->prepare("select * token_table token = :token"); $stmttoken->execute(array(':token'=>$token)); if($rowtoken = !$stmttoken->fetch()){ setcookie("id", "", time() - 60*60); $_cookie['id'] = ""; header("location: developersignup.php"); exit; } //check if information still in there has changed $userid = $_session['id']; $username = $_session['username']; $fullname = $_session['fullname']; $email = $_session['email']; $password = $_session['password']; $stmtchecker = $handler->prepare("select * generalusersdata user_id= :userid , fullname = :fullname , username = :username , email = :email"); $stmtchecker->execute(array(':userid'=>$userid, ':fullname'=>$fullname, ':username'=>$username, ':email'=>$email)); if(!$resultchecker = $stmtchecker->fetch()){ setcookie("id", "", time() - 60*60); $_cookie['id'] = ""; header("location: developerlogin.php"); exit; } if(!password_verify($password, $resultchecker['password'])){ setcookie("id", "", time() - 60*60); $_cookie['id'] = ""; header("location: developerlogin.php"); exit; } if(isset($_cookie['id'])){ if(isset($_post['changesettings'])){ $_session['token'] = $token; $_session['id'] = $userid; $_session['came_from_upload'] = true; header("location: developer_infoupdater.php"); exit; } }
info update file
<?php session_start(); if(empty($_files) && empty($_post) && isset($_server['request_method']) && strtolower($_server['request_method']) == 'post'){ //catch file overload error... $postmax = ini_get('post_max_size'); //grab size limits... echo "<p style=\"color: #f00;\">\nplease note files larger {$postmax} result in error!</p>"; // echo out error , solutions... return $postmax; } if(isset($_cookie['id'])){ if($_session['came_from_upload'] != true){ setcookie("id", "", time() - 60*60); $_cookie['id'] = ""; header("location: developerlogin.php"); exit; } error_reporting(e_all & ~e_notice); if($_server['request_method'] =="post"){ $token = $_session['token']; $userid = $_session['id']; $fullname = addslashes(trim($_post['fullname'])); $username = addslashes(trim($_post['username'])); $email = addslashes(trim($_post['email'])); $password = addslashes(trim($_post['password'])); $storepassword = password_hash($password, password_bcrypt, array('cost' => 10)); try{ // new php data object $handler = new pdo('mysql:host=127.0.0.1;dbname=magicsever', 'root', ''); //attr_errmode set exception $handler->setattribute(pdo::attr_errmode, pdo::errmode_exception); }catch(pdoexception $e){ die("there error connecting database"); } $stmtchecker = $handler->prepare("select * generalusersdata user_id = :userid"); $stmtchecker->bindparam(':userid', $userid, pdo::param_int); $stmtchecker->execute(); if($result = !$stmtchecker->fetch()){ setcookie("id", "", time() - 60*60); $_cookie['id'] = ""; header("location: developerlogin.php"); exit; } if(!empty($fullname)){ $stmtfullname = $handler->prepare("update generalusersdata set fullname = :fullname user_id = :userid"); $stmtfullname->bindparam(':fullname', $fullname, pdo::param_str); $stmtfullname->bindparam(':userid', $userid, pdo::param_int); $stmtfullname->execute(); } if(!empty($username)){ $stmtcheckerusername = $handler->prepare("select * generalusersdata username = :username"); $stmtcheckerusername->bindparam(':username', $username, pdo::param_str); $stmtcheckerusername->execute(); if($resultcheckerusername = $stmtcheckerusername->fetch()){ die("username in use! please try again"); } $stmtusername = $handler->prepare("update generalusersdata set username = :username user_id = :userid"); $stmtusername->bindparam(':username', $username, pdo::param_str); $stmtusername->bindparam(':userid', $userid, pdo::param_int); $stmtusername->execute(); } if(!empty($email)){ if(filter_var($email, filter_validate_email) == false){ die ("email not valid!"); } $stmtcheckeremail = $handler->prepare("select * generalusersdata email = :email"); $stmtcheckeremail->bindparam(':email', $email, pdo::param_str); $stmtcheckeremail->execute(); if($resultcheckeremail = $stmtcheckeremail->fetch()){ die("email in use! please try again"); } $stmtemail = $handler->prepare("update generalusersdata set email = :email user_id = :userid"); $stmtemail->bindparam(':email', $email, pdo::param_str); $stmtemail->bindparam(':userid', $userid, pdo::param_int); $stmtemail->execute(); } if(!empty($password)){ if(strlen($password) < 6){ die ("password has greater 6 characters!"); } //check if password has atleast 1 uppercase, 1 lowercase , number if(!preg_match("(^(?=.*[a-z])(?=.*[a-z])(?=.*\d).+$)",$password)){ echo 'password needs @ least 1 uppercase, 1 lowercase, , number!'; exit; } $stmtpassword = $handler->prepare("update generalusersdata set password = :password user_id = :userid"); $stmtpassword->bindparam(':password', $password, pdo::param_str); $stmtpassword->bindparam(':userid', $userid, pdo::param_int); $stmtpassword->execute(); } if($_files['file']['error'] == upload_err_ok){ $file_tmp = file_get_contents($_files['file']['tmp_name']); //keep a-z , 0-9 , else kill $file_name = preg_replace("/[^a-z0-9\.]/", "_", strtolower($_files['file']['name'])); $file_name = strtotime("now")."_".$file_name; $mime = mime_content_type($_files['file']['tmp_name']); if(strstr($mime, "video/")){ die("please note file not image... please select image profile picture"); }else if(strstr($mime, "image/")){ $allowedtypes = array(imagetype_png, imagetype_jpeg); $detectedtype = exif_imagetype($_files['file']['tmp_name']); if($extensioncheck = !in_array($detectedtype, $allowedtypes)){ die("failed upload image; format not supported"); } $dir = "devfiles/"; $uploadedfile = $dir . basename($_files['file']['name']); if(is_dir($dir)==false){ mkdir($dir, 0700); } if(!move_uploaded_file($_files['file']['tmp_name'], $uploadedfile)){ die("there error moving file... please try again later!"); } $stmtfile = $handler->prepare("update generalusersdata set profile_image = :file_name, file_tmp = :file_tmp user_id = :userid"); $stmtfile->bindparam(':file_name', $file_name, pdo::param_str); $stmtfile->bindparam(':file_tmp', $file_tmp, pdo::param_str); $stmtfile->bindparam(':userid', $userid, pdo::param_int); $stmtfile->execute(); } } $_session['id'] = $userid; $_session['token'] = $token; header("location: developerupload.php"); exit; } }else{ header("location: developerlogin.php"); exit; } ?>
indeed when changing user information doesn't match cached in session ( logical ). seems me have 2 choices.
update session data when making edits ( hard maintain )
check primary key of user (this do)
$userid = $_session['id']; /* nuke stuff $username = $_session['username']; $fullname = $_session['fullname']; $email = $_session['email']; $password = $_session['password']; // wouldn't persist password, need after login, */ //look user id $stmtchecker = $handler->prepare("select * generalusersdata user_id= :userid"); $stmtchecker->execute(array(':userid'=>$userid)); if(!$resultchecker = $stmtchecker->fetch()){ setcookie("id", "", time() - 60*60); $_cookie['id'] = ""; header("location: developerlogin.php"); exit; }else{ //if user id exists update session data. $_session['username'] = $resultchecker['username']; $_session['fullname'] = $resultchecker['fullname']; $_session['email'] = $resultchecker['email']; }
Comments
Post a Comment