I have a pretty simple login system that will once logged in it will redirect that user based off of a access permission to their respective 'index' file.
What I would like to do is display the user details after they have logged in on the basic index file. Right now, I can only show the 'username'
I would like to be able to display multiple session echos of for example;
empid
firstname
lastname
so on and so forth...
Here is my DB Schema
Area
Company
date_activated
date_deactivated
email
empid
FirstName
FullName
groups
id
is_admin
is_deleted
LastName
last_login_ip
last_login_timestamp
manager
MobileNumber
password
record
status
username
WHERE I AM
This is all that is outputted from the index file
Username: SuperAdmin | EMPID: | First Name: | Last Name: |
index.php
<?php require_once('../admin/pinAPP.php'); $pinAPP = new pinAPP( 'newhire', false, false, true ); ?>
<?php if ( $pinAPP->can_access() ) { ?><!-- New hire -->
<center>
<div class="panel">
<div>
<b> Username: <?= $_SESSION['username']; ?> |
EMPID: <?=$_SESSION['empid']; ?> |
First Name: <?=$_SESSION['firstname']; ?> |
Last Name: <?=$_SESSION['lastname']; ?> |
</b>
<br>
<br>
<p>Below you will find all the necessary information on needed for onboarding process.</p>
<br>
<br>
</div>
<?php } else {} ?>
Access
<?php
class Access {
private static $auth = false;
final public function __construct() {
if ( ! $this->is_logged() )
return false;
$u = new User();
$db = new DB();
$db->query("UPDATE `". DBPREFIX ."users` SET `last_login_timestamp` = '". time() ."' WHERE `id`='". $u->info()->id ."'");
}
///////////
final public function is_logged( $require_admin_access = false ) {
if ( ! isset($_SESSION[LOGINSESSION]) )
return false;
self::$auth = true;
if ( $require_admin_access ) {
$u = new User();
if ( ! $u->is_admin() )
new Redirect(DEFAULT_RETURN_URL);
}
return self::$auth;
}
//////////
final private function not_logged() {
$url = new URL;
if ( $url->this() != URL.'/' )
new Redirect(URL);
}
final public function logout( $goto = false ) {
if ( ! MULTI_LOGIN && MULTI_LOGIN_RESET_TIMER ) {
$u = new User();
$db = new DB();
$db->query("UPDATE `". DBPREFIX ."users` SET `last_login_timestamp` = '". (time() - SESSION_LIFETIME) ."' WHERE `id`='". $u->info()->id ."'");
}
unset($_SESSION[LOGINSESSION]);
$goto = ( $goto ) ? $goto : URL;
new Redirect($goto);
}
final public function login( $id, $url = false, $username,$empid,$firstname,$lastname ) {
$_SESSION[LOGINSESSION] = $id;
$_SESSION['username'] = $username;
$_SESSION['empid'] = $empid;
$_SESSION['firstname'] = $firstname;
$_SESSION['lastname'] = $lastname;
if ( $url )
new Redirect(urldecode($url));
else
new Redirect(URL);
}
//final public function login( $id, $url = false, $username ) {
// $_SESSION[LOGINSESSION] = $id;
// $_SESSION['username'] = $username;
//
// if ( $url )
// new Redirect(urldecode($url));
// else
// new Redirect(URL);
// }
final public function require_login() {
if ( ! self::is_logged(true) )
self::not_logged();
}
}
Model/login
<!-- model/login -->
<?php
$error = ' ';
if ( Access::is_logged(true) )
new Redirect('../admin/?page=index');
if ( isset($_POST['username']) ) {
$sql = new DB();
$ip = $sql->secure($_SERVER['REMOTE_ADDR']);
$user = $sql->secure($_POST['username']);
$pass = md5($_POST['password']);
$u = $sql->sqls("SELECT `id`,`username`, `fullname`, `status`, `is_admin`, `last_login_ip`, `last_login_timestamp` FROM `". DBPREFIX ."users` WHERE `username`='$user' AND `password`='$pass'");
if ( ! $u )
$error = 'The login information is wrong! Please try again...';
elseif ( $u->status == 0 && $u->is_admin < 1 )
$error = 'The account is not activated!';
elseif ( $u->status == 2 && $u->is_admin < 1 )
$error = 'The account is LOCKED!';
elseif ( $u->status == 3 && $u->is_admin < 1 )
$error = 'The account is Deactivated!';
elseif ( ! MULTI_LOGIN && $u->last_login_ip != $ip && ($u->last_login_timestamp + SESSION_LIFETIME) > time() )
$error = str_replace('{%IP%}', $u->last_login_ip, MULTI_LOGIN_MESSAGE);
else {
$u = $sql->sqls("SELECT `id`,`username`,`empid`,`firstname`,`lastname` `fullname`, `status`, `is_admin`, `last_login_ip`, `last_login_timestamp` FROM `". DBPREFIX ."users` WHERE `username`='$user' AND `password`='$pass'");
$sql->query("UPDATE `". DBPREFIX ."users` SET `last_login_ip` = '". $ip ."', `last_login_timestamp` = '". time() ."' WHERE `username`='$user'");
Access::login(md5($u->username), $_REQUEST['return_url'], $_POST['username'], $_POST['empid'],$_POST['firstname'],$_POST['lastname']);
//$sql->query("UPDATE `". DBPREFIX ."users` SET `last_login_ip` = '". $ip ."', `last_login_timestamp` = '". time() ."' WHERE `username`='$user'");
//Access::login(md5($u->username), $_REQUEST['return_url'], $_POST['username']);
//$userRow = $sql->sqls("SELECT * FROM `". DBPREFIX ."users` WHERE `username`='$user'");
//Access::login(md5($u->username), $_REQUEST['return_url'],$userRow);
}
}
$this->add_option('error', $error);
WHERE I WAS
my index.php file
<?php include('header.php'); ?>
<?php require_once('../admin/pinAPP.php'); $pinAPP = new pinAPP( 'newhire', false, false, true ); ?>
<?php if ( $pinAPP->can_access() ) { ?><!-- New hire -->
<center>
<div class="panel">
<div>
<b>Welcome {<?= $_SESSION['username']; ?>}{<?= $_SESSION['firstname']; ?>},<?= $_SESSION['lastname']; ?></b>
<br>
<br>
<p>Below you will find all the necessary information on needed for onboarding process.</p>
<br>
<br>
</div>
<?php } else {} ?>
<!-- -->
<?php include('footer.php'); ?>
my Access Class
<?php
class Access {
private static $auth = false;
final public function __construct() {
if ( ! $this->is_logged() )
return false;
$u = new User();
$db = new DB();
$db->query("UPDATE `". DBPREFIX ."users` SET `last_login_timestamp` = '". time() ."' WHERE `id`='". $u->info()->id ."'");
}
///////////
final public function is_logged( $require_admin_access = false ) {
if ( ! isset($_SESSION[LOGINSESSION]) )
return false;
self::$auth = true;
if ( $require_admin_access ) {
$u = new User();
if ( ! $u->is_admin() )
new Redirect(DEFAULT_RETURN_URL);
}
return self::$auth;
}
//////////
final private function not_logged() {
$url = new URL;
if ( $url->this() != URL.'/' )
new Redirect(URL);
}
final public function logout( $goto = false ) {
if ( ! MULTI_LOGIN && MULTI_LOGIN_RESET_TIMER ) {
$u = new User();
$db = new DB();
$db->query("UPDATE `". DBPREFIX ."users` SET `last_login_timestamp` = '". (time() - SESSION_LIFETIME) ."' WHERE `id`='". $u->info()->id ."'");
}
unset($_SESSION[LOGINSESSION]);
$goto = ( $goto ) ? $goto : URL;
new Redirect($goto);
}
final public function login( $id, $url = false, $username ) {
$_SESSION[LOGINSESSION] = $id;
$_SESSION['username'] = $username;
if ( $url )
new Redirect(urldecode($url));
else
new Redirect(URL);
}
final public function require_login() {
if ( ! self::is_logged(true) )
self::not_logged();
}
}
my login file that gets users details.
<!-- model/login -->
<?php
$error = ' ';
if ( Access::is_logged(true) )
new Redirect('../admin/?page=index');
if ( isset($_POST['username']) ) {
$sql = new DB();
$ip = $sql->secure($_SERVER['REMOTE_ADDR']);
$user = $sql->secure($_POST['username']);
$pass = md5($_POST['password']);
$u = $sql->sqls("SELECT `id`,`username`, `fullname`, `status`, `is_admin`, `last_login_ip`, `last_login_timestamp` FROM `". DBPREFIX ."users` WHERE `username`='$user' AND `password`='$pass'");
if ( ! $u )
$error = 'The login information is wrong! Please try again...';
elseif ( $u->status == 0 && $u->is_admin < 1 )
$error = 'The account is not activated!';
elseif ( $u->status == 2 && $u->is_admin < 1 )
$error = 'The account is LOCKED!';
elseif ( $u->status == 3 && $u->is_admin < 1 )
$error = 'The account is Deactivated!';
elseif ( ! MULTI_LOGIN && $u->last_login_ip != $ip && ($u->last_login_timestamp + SESSION_LIFETIME) > time() )
$error = str_replace('{%IP%}', $u->last_login_ip, MULTI_LOGIN_MESSAGE);
else {
$sql->query("UPDATE `". DBPREFIX ."users` SET `last_login_ip` = '". $ip ."', `last_login_timestamp` = '". time() ."' WHERE `username`='$user'");
Access::login(md5($u->username), $_REQUEST['return_url'], $_POST['username'], $_POST['fullname']);
}
}
$this->add_option('error', $error);
Thank you for your time, and appreciate any help.
-Levi