hi, i am very new in php programming. Pls help me how to store session variable into my sql database. Below is my code
<?php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['loginid']) or $_POST['loginid'] == '' or !isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = $_POST['password'];
if (dbuserright($_POST['loginid'], $password))
{
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['loginid'] = $_POST['loginid'];
$_SESSION['password'] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['loginid']);
unset($_SESSION['password']);
$GLOBALS['loginError'] ='The specified loginid or password was incorrect.';
return FALSE;
}
}
if (isset($_POST['action']) and $_POST['action'] == 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['loginid']);
unset($_SESSION['password']);
header('Location: ' . $_POST['goto']);
exit();
}
if (isset($_SESSION['loggedIn']))
{
return dbuserright($_SESSION['loginid'],
$_SESSION['password']);
}
}
function dbuserright($loginid, $password)
{
include '../config/dbconnection.php';
try
{
$sql = 'SELECT COUNT(*) FROM userright WHERE loginid = :loginid AND password = :password';
$s = $pdo->prepare($sql);
$s->bindValue(':loginid', $loginid);
$s->bindValue(':password', $password);
$s->execute();
}
catch (PDOException $e)
{
$output = 'Error searching for user.';
include '../inc/errormsg.inc.php';
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
$GLOBALS['loginError'] ='The specified was correct.';
}
else
{
return FALSE;
}
}
function userHasRole($role)
{
include '../config/dbconnection.php';
try
{
$sql = "SELECT COUNT(*) FROM userright INNER JOIN userrole ON userright.id = userid INNER JOIN role ON roleid = role.id
WHERE loginid = :loginid AND role.id = :roleId";
$s = $pdo->prepare($sql);
$s->bindValue(':loginid', $_SESSION['loginid']);
$s->bindValue(':roleId', $role);
$s->execute();
}
catch (PDOException $e)
{
$output = 'Error searching for author roles.';
include '../inc/errormsg.inc.php';
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
?>