0

I've got my login sorted, which sets an array of around 15-20 different database items, the user can change some of these and admins can change all of them.

Obviously for a general user, it would be silly having to reset the entire session when they change something on their account. For example their name. My code DOES work with the database, it is inputting the name after the user changes it.

$username=$this->session->userdata("logged_in");
if(strlen($name)>=1){
    $databasename = $row->firstname;
        if($name != $databasename){
            $input_array['first']= $name;
            $this->session->unset_userdata($username['name']);
            $this->session->set_userdata($username['name'],$name);
        }
    }

To add some background to my code, the input array is defined outside of the if statements, and is the added to if the name is NOT equal to the database name and if the name has been changed.

All it does, is save the data to the database, and does not change the session variables. Ideally they need to change, they do change if i log off then back on, however this is impractical.

TheNiceGuy
  • 3,462
  • 8
  • 34
  • 64

2 Answers2

0

Maybe because you get variable $logged_in and try to put back another variable with name "username". If i right understand your problem you need save logged_in:

$username['name'] = $name;
$this->session->unset_userdata('logged_in');
$this->session->set_userdata('logged_in',$username);
Talgat
  • 314
  • 1
  • 2
  • 5
  • The session is set as "logged_in", logged_in is the name of the array if you will, $username['name'] is an item within the array. Also $username = $this->session->userdata("logged_in); sets the username variable as the session, its how i've accessed the array so far across the site, will it not work in this situation? –  Nov 18 '14 at 14:59
  • You have session with key "logged_in" and value is array(). You need change array and save as a knew value of key "logged_in". Right? Set new value to array $username: $username['name'] = $name. Then you save new array $this->session->unset_userdata('logged_in'); $this->session->set_userdata('logged_in',$username); – Talgat Nov 18 '14 at 15:08
  • No @talgat there is no way to do that like this. I explained everything in my answer. – TheNiceGuy Nov 18 '14 at 15:13
  • Why not? Session data stored on a server. Client store only ID of session. With Unset & Set he change session data, not ID. – Talgat Nov 18 '14 at 15:19
  • He has the rights to change this data because when he logout & login again userame is new. His problem is that userdata stored in the variable "logged_in". And when admin or user change name he try to save new data (username instead array contained username) to the variable with name "old_username" instead "logged_in". – Talgat Nov 18 '14 at 15:29
  • Yes, but he can't remotely change the session from a client without using on of the methods in my answer. THat would only work if the client makes a change himself, but not if the admin does it for the client. – TheNiceGuy Nov 18 '14 at 15:29
  • Look at his comment to your answer. He wrote that can change but data in the session doesn't change until login/logout. – Talgat Nov 18 '14 at 15:38
  • Talgat your answer makes sense, the problem with it is it contains what i need to avoid. "logged_in" contains the array of 20 or so items, your code would unset the 20 and replace with 1 item, which is why in my code i've pulled the actual array item from the session. –  Nov 18 '14 at 15:55
  • Ok, try this $_SESSION['logged_in']['name'] = $name; If your sessions stored on a disk. – Talgat Nov 18 '14 at 16:29
0

If i understood your correctly, you want to make sure that the user always get's displayed the up to date data, even when the admin did some changes to it, e.g. to his username. If so, then there are 3 ways to do this.

The first one

Only store the userid in the session as well as any data that does not need to be up to date. You then select the needed data, e.g. the username from the database when a request has been made. That will ensure that everything is always up to date.

The second one

Store the user´s session id in the database when it will be created. To get the session id use the session_id function. You then use the session_id function again, but this time with the id from the sesison you want to destroy as the first parameter. e.g

session_id($old_session_id);
session_start();
session_destroy();

This will crerate an empty session (and therefore kill the existing one), and destroy is right after that. and then the user has to log in again when he visits your site the next time.

The third one

Let PHP store the sessions in the database, that way you can modify them or simple remove them and force the user to relog. I would however be careful with this solution at it might be an overkill, the first one tho is a very common one, the second one is also a great way.

Explanation

The reason why it does not work otherwise, is the fact that the session does still contain the old data which has been set previously. If the user updates his username himself then you can also set it at the session, but if the admin does it (or any other one except for the user himself), the username (just as a example, it can of course be anything else) in the session won't change.

TheNiceGuy
  • 3,462
  • 8
  • 34
  • 64
  • Kind of, for example, if i'm the user (non admin) and i need to change my name because i got a legal name change (or something like that), i login to the website, change my name in the 'my account' page. This works fine, except that the data is not changed until after the session is destroyed and reset (login/logout). The data in the database is changed, but the session data isn't. –  Nov 18 '14 at 15:09
  • Yes, take a look at my explanation ;) – TheNiceGuy Nov 18 '14 at 15:11
  • Awesome, i'll work on some code, get it working then accept your answer, thanks :) –  Nov 18 '14 at 15:50