Home/ Questions/Q 6557381
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T13:04:01+00:00

if(!$_POST[‘username’] || !$_POST[‘password’]) $err[] = ‘All the fields must be filled in!’; if(!count($err)) {

  • 0
    if(!$_POST['username'] || !$_POST['password'])
        $err[] = 'All the fields must be filled in!';

    if(!count($err))
    {
        $_POST['username'] = mysql_real_escape_string($_POST['username']);
        $_POST['password'] = mysql_real_escape_string($_POST['password']);
        $_POST['rememberMe'] = (int)$_POST['rememberMe'];

        // Escaping all input data

        $row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

        if($row['usr'])
        {
            // If everything is OK login

            $_SESSION['usr']=$row['usr'];
            $_SESSION['id'] = $row['id'];
            $id = $row['id'];
            $_SESSION['rememberMe'] = $_POST['rememberMe'];

            // Store some data in the session
            setcookie('tzRemember',$_POST['rememberMe']);
        }
        else $err[]='Wrong username and/or password!';
    }

    if($err)
    $_SESSION['msg']['login-err'] = implode('<br />',$err);
    // Save the error messages in the session
    $goHere = 'Location: /index2.php?id=' . $id;
    header($goHere);
    exit;
}

I have the following code that once logged in, it $_GET the id and prepends to the url like index2.php?id=5 . How do I keep this id=5 in the URL no matter WHAT link they click on??

This id is grabbed from this:

        $_SESSION['usr']=$row['usr'];
        $_SESSION['id'] = $row['id'];
        $id = $row['id'];

What I want to do
Well way i have it setup, you login, it then sends you to the homepage such as index2.php?id=[someint] , if you click another link say ‘prof.php’, it removes the id=[someint] part, I want to keep it there in the url, so as long as a user is LOGGED in — using my code above, the url might read: index.php?id=5, then go to another page it might read prof.php?id=5, etc, etc. This integer would obviously be dynamic depending on WHO logged in

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The query string isn’t the place for that, for a whole host of reasons. The most obvious one is that I can log in with a valid account, then change the number in the URL and it’ll think I’m someone else.

    Instead, just continue using the session as it’s the proper way.

    If you REALLY want to do it, you’d probably want to write a custom function for generating links

    function makeLink ($link, $queryString = '')
{
    return $link . '?id=' . (int) $_SESSION['id'] . ((strpos($queryString, '?') === 0) ? substr($queryString, 1) : $queryString);
}

    called like

    <a href="<?php echo makeLink('index2.php', 'query=string&foo=bar'); ?>">Click me</a>

    As a basic auth example using the ID…

    <?php
// Session start and so on here
if (!isset($_SESSION['id']))
{
    // Not logged in
    header('Location: /login.php');
    exit;
}

    http://www.knowledgesutra.com/forums/topic/7887-php-simple-login-tutorial/ is a pretty straightforward full example of it.

    • 0