Jump to content

Problem with sessions and table data.


davetaylor91

Recommended Posts

Hi, I'm looking for help with my sessions and table data
So far I have 2 tables, one named: userlogin which contains log in information listed by 'user_id' my next table is called userinfo which at the moment just contains user name and address, again listed by 'user_id'
Currently I have a log in page, and a home page. The log in page uses the information from the userlogin table to verify that the user has an account and they have entered the correct information.
Now this is were it gets tricky, (for me at least) as on this homepage i'm trying to display the information from the userinfo table which relates to the user_id from the userlogin table, relating to their unique information. The purpose of this is to be able to display information for my clients, all without having hundreds of separate pages and having only one page, which displays the information based upon who has logged in.
Here is my loginpage code
 

// Use session variable on this page. This function must put on the top of page.
session_start();
$_SESSION['userName'] = 'Root';


////// Login Section.
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$password=$_POST['password']; // Encrypt password with md5() function.

// Connect database.
//connect
$con = mysql_connect("*****","*****","*****");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//datebase
mysql_select_db("*****, $con);

// Check matching of username and password.
$result=mysql_query("select * from userlogin where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Craete session username.
header("location:home.php"); // Re-direct to main.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}

} // End Login authorize check.
?>

and here is my homepage code.

<?php
session_start();
if(isset($_SESSION['userName']))
?>

// Connect database.
//connect
$con = mysql_connect("****","*****","******");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//datebase
mysql_select_db("*****", $con);
//select
$user_id = $_GET['user_id'];
$result = mysql_query("SELECT userinfo.user_id, userlogin.user_id
FROM userinfo
INNER JOIN userlogin
ON userinfo.user_id=userlogin=user_id");

while($row = mysql_fetch_array($result))

{

echo $row['name'] . '
' ;
echo $row['address'] . '
';

}
?>

Sorry if this seems confusing, as unfortunately my php skills aren't brilliant, but basically i'm just looking for help creating a log in feature, which then links the user the their profile, with their data present.
Thanks in advance!

Edited by davetaylor91
Link to comment
Share on other sites

No, I don't think that's it.

 

What I think it is, is that when entering data into my log in field, and then logging in its not directing me to a unique page, example (home.php?user_id=blahblah) but I don't know how to change this, and i'm a complete novice at sessions. But i'm not sure anymore.

Link to comment
Share on other sites

Sessions are nothing to worry about - at least as far as storing info goes.  You attempt to store a var username in the session array.and then try and retrieve it in another script, but you use the wrong name.  Remember - case sensitivity matters.  If that is not the problem, then why exactly DO you use two different spellings of the same word as a variable name?

Link to comment
Share on other sites

I've change that part of the sql, however I still have the same problem, in that all results are being displayed, instead of results which share the same value from my tables.

 

The reason I'm using 2 tables is because they serve different functions, one being a table containing log in data, one containing customer information, and it would be impractical to use only one table.

 

Here is my updated code.

<?php
// Use session variable on this page. This function must put on the top of page.
session_start();
$_SESSION['username'] = 'Root';




////// Login Section.
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$password=$_POST['password']; // Encrypt password with md5() function.


// Connect database. 
//connect
$con = mysql_connect("*****","******","******");
if (!$con)
   {
   die('Could not connect: ' . mysql_error());
   }
//datebase
mysql_select_db("*****", $con);


// Check matching of username and password.
$result=mysql_query("select * from userlogin where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Create session username.
header("location:home.php"); // Re-direct to home.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}


} // End Login authorize check.
?>
<?php
session_start();
if(isset($_SESSION['username']))
?>


<?php
// Connect database. 
//connect
$con = mysql_connect("*****","*****","*****");
if (!$con)
   {
   die('Could not connect: ' . mysql_error());
   }
//datebase
mysql_select_db("*****", $con);
//select
$user_id = $_GET['user_id'];
$result = mysql_query("SELECT userinfo.name as name, userinfo.address as address, userlogin.username as username  
  FROM userinfo
  INNER JOIN userlogin
  ON userlogin.user_id = userinfo.user_id");


while($row = mysql_fetch_array($result))
{
    echo $row['name'] . '</br> ';
    echo $row['username'] . '</br> ';
    echo $row['address'] . '</br> ';
}
?>
Link to comment
Share on other sites

It's showing all the results because you haven't used a WHERE clause in your query.

SELECT userinfo.name as name, userinfo.address as address, userlogin.username as username  
  FROM userinfo
  INNER JOIN userlogin
  ON userlogin.user_id = userinfo.user_id
WHERE userlogin.user_id = {$user_id};

You may want to check that $user_id is a number and clean it before putting it in the SQL like that though.

Link to comment
Share on other sites

Every once in awhile someone posts a bizarre php statement that confuses me.  Here is yours:

session_start();
if(isset($_SESSION['username']))
?>
<?php
// Connect database.
$con = mysql_connect("*****","*****","*****");
blah blah blah

 

You check if you have defined your username variable in the session and if so ..... What?  And if not you do some work, but what for?  I'm guessing if the username exists you don't want to do anything, but that's not what I see.  Besides - does this code even run without an error or a warning?  You've go this dangling if statement.
 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.