PHP - Keep session up when database information is changed -


when user logs website session created "user id". when want go change account information can click button , redirected "developer_infoupdater.php" file. every time change information, session ends , logged out. want them stay logged in after change information. believe problem on "developerupload.php" file because checking if information current , if not redirect them logout page. , when changed destination logout different file, went file changed to. want user stay logged in after update account information. here code

developer upload file

<?php session_start();   try{      // new php data object      $handler = new pdo('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');     //attr_errmode set exception     $handler->setattribute(pdo::attr_errmode, pdo::errmode_exception);  }catch(pdoexception $e){      die("there error connecting database");     }  //check if token used log in, there $token = $_session['token']; $stmttoken = $handler->prepare("select * token_table token = :token"); $stmttoken->execute(array(':token'=>$token)); if($rowtoken = !$stmttoken->fetch()){      setcookie("id", "", time() - 60*60);     $_cookie['id'] = "";     header("location: developersignup.php");     exit; }  //check if information still in there has changed $userid = $_session['id']; $username = $_session['username']; $fullname = $_session['fullname']; $email = $_session['email']; $password = $_session['password'];   $stmtchecker = $handler->prepare("select * generalusersdata user_id= :userid , fullname = :fullname , username = :username , email = :email");  $stmtchecker->execute(array(':userid'=>$userid, ':fullname'=>$fullname, ':username'=>$username, ':email'=>$email));  if(!$resultchecker = $stmtchecker->fetch()){      setcookie("id", "", time() - 60*60);     $_cookie['id'] = "";     header("location: developerlogin.php");     exit;  }  if(!password_verify($password, $resultchecker['password'])){      setcookie("id", "", time() - 60*60);     $_cookie['id'] = "";     header("location: developerlogin.php");     exit;  }  if(isset($_cookie['id'])){      if(isset($_post['changesettings'])){          $_session['token'] = $token;         $_session['id'] = $userid;         $_session['came_from_upload'] = true;         header("location: developer_infoupdater.php");         exit;      } } 

info update file

<?php  session_start();   if(empty($_files) && empty($_post) && isset($_server['request_method']) && strtolower($_server['request_method']) == 'post'){ //catch file overload error...         $postmax = ini_get('post_max_size'); //grab size limits...         echo "<p style=\"color: #f00;\">\nplease note files larger {$postmax} result in error!</p>"; // echo out error , solutions...         return $postmax;     }  if(isset($_cookie['id'])){      if($_session['came_from_upload'] != true){          setcookie("id", "", time() - 60*60);         $_cookie['id'] = "";         header("location: developerlogin.php");         exit;       }     error_reporting(e_all & ~e_notice);      if($_server['request_method'] =="post"){          $token = $_session['token'];         $userid = $_session['id'];         $fullname = addslashes(trim($_post['fullname']));         $username = addslashes(trim($_post['username']));         $email = addslashes(trim($_post['email']));         $password = addslashes(trim($_post['password']));         $storepassword = password_hash($password, password_bcrypt, array('cost' => 10));           try{          // new php data object          $handler = new pdo('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');         //attr_errmode set exception         $handler->setattribute(pdo::attr_errmode, pdo::errmode_exception);          }catch(pdoexception $e){              die("there error connecting database");             }           $stmtchecker = $handler->prepare("select * generalusersdata user_id = :userid");         $stmtchecker->bindparam(':userid', $userid, pdo::param_int);         $stmtchecker->execute();         if($result = !$stmtchecker->fetch()){              setcookie("id", "", time() - 60*60);             $_cookie['id'] = "";             header("location: developerlogin.php");             exit;         }           if(!empty($fullname)){              $stmtfullname = $handler->prepare("update generalusersdata set fullname = :fullname user_id = :userid");             $stmtfullname->bindparam(':fullname', $fullname, pdo::param_str);             $stmtfullname->bindparam(':userid', $userid, pdo::param_int);             $stmtfullname->execute();         }          if(!empty($username)){              $stmtcheckerusername = $handler->prepare("select * generalusersdata username = :username");             $stmtcheckerusername->bindparam(':username', $username, pdo::param_str);             $stmtcheckerusername->execute();             if($resultcheckerusername = $stmtcheckerusername->fetch()){                  die("username in use! please try again");             }              $stmtusername = $handler->prepare("update generalusersdata set username = :username user_id = :userid");             $stmtusername->bindparam(':username', $username, pdo::param_str);             $stmtusername->bindparam(':userid', $userid, pdo::param_int);             $stmtusername->execute();          }          if(!empty($email)){              if(filter_var($email, filter_validate_email) == false){              die ("email not valid!");         }              $stmtcheckeremail = $handler->prepare("select * generalusersdata email = :email");             $stmtcheckeremail->bindparam(':email', $email, pdo::param_str);             $stmtcheckeremail->execute();             if($resultcheckeremail = $stmtcheckeremail->fetch()){                  die("email in use! please try again");             }              $stmtemail = $handler->prepare("update generalusersdata set email = :email user_id = :userid");             $stmtemail->bindparam(':email', $email, pdo::param_str);             $stmtemail->bindparam(':userid', $userid, pdo::param_int);             $stmtemail->execute();          }          if(!empty($password)){              if(strlen($password) < 6){              die ("password has greater 6 characters!");          }              //check if password has atleast 1 uppercase, 1 lowercase , number             if(!preg_match("(^(?=.*[a-z])(?=.*[a-z])(?=.*\d).+$)",$password)){                      echo 'password needs @ least 1 uppercase, 1 lowercase, , number!';                     exit;                 }              $stmtpassword = $handler->prepare("update generalusersdata set password = :password user_id = :userid");             $stmtpassword->bindparam(':password', $password, pdo::param_str);             $stmtpassword->bindparam(':userid', $userid, pdo::param_int);             $stmtpassword->execute();          }            if($_files['file']['error'] == upload_err_ok){              $file_tmp = file_get_contents($_files['file']['tmp_name']);          //keep a-z , 0-9 , else kill         $file_name = preg_replace("/[^a-z0-9\.]/", "_", strtolower($_files['file']['name']));          $file_name = strtotime("now")."_".$file_name;             $mime = mime_content_type($_files['file']['tmp_name']);             if(strstr($mime, "video/")){                  die("please note file not image... please select image profile picture");             }else if(strstr($mime, "image/")){              $allowedtypes = array(imagetype_png, imagetype_jpeg);             $detectedtype = exif_imagetype($_files['file']['tmp_name']);             if($extensioncheck = !in_array($detectedtype, $allowedtypes)){                  die("failed upload image; format not supported");             }               $dir = "devfiles/";              $uploadedfile = $dir . basename($_files['file']['name']);               if(is_dir($dir)==false){                   mkdir($dir, 0700);              }               if(!move_uploaded_file($_files['file']['tmp_name'], $uploadedfile)){                   die("there error moving file... please try again later!");              }              $stmtfile = $handler->prepare("update generalusersdata set profile_image = :file_name, file_tmp = :file_tmp user_id = :userid");              $stmtfile->bindparam(':file_name', $file_name, pdo::param_str);             $stmtfile->bindparam(':file_tmp', $file_tmp, pdo::param_str);             $stmtfile->bindparam(':userid', $userid, pdo::param_int);             $stmtfile->execute();             }          }          $_session['id'] = $userid;         $_session['token'] = $token;         header("location: developerupload.php");         exit;      }    }else{      header("location: developerlogin.php");     exit; }      ?> 

indeed when changing user information doesn't match cached in session ( logical ). seems me have 2 choices.

update session data when making edits ( hard maintain )

check primary key of user (this do)

$userid = $_session['id']; /*  nuke stuff $username = $_session['username']; $fullname = $_session['fullname']; $email = $_session['email']; $password = $_session['password'];  // wouldn't persist password, need after login, */  //look user id $stmtchecker = $handler->prepare("select * generalusersdata user_id= :userid");  $stmtchecker->execute(array(':userid'=>$userid));  if(!$resultchecker = $stmtchecker->fetch()){     setcookie("id", "", time() - 60*60);     $_cookie['id'] = "";     header("location: developerlogin.php");     exit; }else{     //if user id exists update session data.     $_session['username'] = $resultchecker['username'];     $_session['fullname'] = $resultchecker['fullname'];     $_session['email'] = $resultchecker['email']; } 

Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -