Catana

Hi, Does anyone know how to grab a database name from a user table to display that name within a fieldset legend? I have a forum with a number of posts (and have wrapped a fieldset around each post and want the legend to display the name of the user who posted it), and just need a bit of background knowledge on what sort of query I would be looking at to achieve this, thanks.

Can anyone help/advise please?

Very annoying! For some reason if I enter incorrect details into the login form (located in page header) on the same page as the signup form, it then displays the validation errors on that signup form as well as the desired errors in the login form!?

Hello, Currently having issues with my sign up form. I feel I'm missing a bit of code for this form to work properly. Currently, I have a signup form that adds a new user into the site, this works fine and adds all the details to the database. The problem is, is that the button has to go through the signup_process php file, but currently it echos that the "new user has been created" on that file, but I need to use this file but echo that the "new user has been created" in the signup file (redirecting the user back to the signup page after clicking the button, but still goes through the signup_process file for processing) Also, I need a way that will log the new user in, instantly after they have signed up so that don't have to login after successful sign up. I'm also trying to validate my form so that details have to be entered in, I've started adding this, but doesn't seem to work right; it either does work and doesn't add a new user or it doesn't work and adds a new user. I appreciate that the code I have may be old and does not contain proper security measures; but this is not at all important for the assignment I'm doing. Thanks for any help. PHP PROCESS FILE <?php session_start(); include "./includes/connect.php"; include "./includes/lists.php"; include "./includes/functions.php"; ?> <?php $username = $_POST['regusername']; $password = $_POST['regpassword']; $firstname = $_POST['regfirstname']; $surname = $_POST['regsurname']; $email = $_POST['regemail']; $dob = $_POST['regdob']; $gender = $_POST['reggender']; $city = $_POST['regcityname']; $sports = $_POST['regsports']; $query = "INSERT INTO `user` (user_username, user_password, user_firstname, user_surname, user_email, user_dob, user_gender, user_city) VALUES ('$username', '$password', '$firstname', '$surname', '$email', '$dob', '$gender', '$city')"; $result = mysql_query($query); if($result) { echo "New user has been created!"; } ?> PHP SIGN UP FILE <?php session_start(); include "./includes/connect.php"; include "./includes/lists.php"; include "./includes/functions.php"; ?> <?php include "./includes/pagetop.php"; ?> <?php include "./includes/heading.php"; ?> <?php include "./includes/nav.php"; ?> <?php // form validation $usernamevalid = $passwordvalid = ""; $usernamefield = $passwordfield = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["regusername"])) { $usernamevalid = "Username required!";} else { $usernamefield = ($_POST["regusername"]);} if (empty($_POST["regpassword"])) { $passwordvalid = "Password required!";} else { $passwordfield = ($_POST["regpassword"]);} } ?> <div id="content"> <h3>Sign up</h3> <form name="input" action="signup_process.php" method="post"> <b>Login Details</b> <b>Username</b><input type="text" name="regusername"> <font color=red><?php echo $usernamevalid;?></font><br /> <b>Password</b> <input type="password" name="regpassword"> <font color=red><?php echo $passwordvalid;?></font> </br> <b>Personal Details</b> <b>First Name</b><input type="text" name="regfirstname"><br /> <b>Surname</b> <input type="text" name="regsurname"><br /> <b>Email</b> <input type="text" name="regemail"><br /><br /> <b>Date of Birth</b> <input type="text" name="regdob"><br /><br /> <b>Gender</b> <input type="radio" name="reggender" value="1">Male <input type="radio" name="reggender" value="2">Female <br /><br /> <b>City</b> <select id="cityname" name="regcityname"> <?php // city names foreach ($citynames as $key => $value){ echo "<option value=\"$key\">$value</option>"; } ?> </select> </br> <b>Sports</b> <?php // lists of sports $query = "SELECT sport_id, sport_name FROM sport"; $result = mysql_query($query) or die (mysql_error()); while($row = mysql_fetch_array($result)){ $sports[$row['sport_id']] = $row['sport_name']; } foreach ($sports as $key => $value){ echo "<div>\n"; echo "<input type=\"checkbox\" id=\"$value\" name=\"sport[]\" value=\"$key\">\n"; echo "<label for=\"$value\">$value</label>\n"; echo "</div>\n"; } ?> </select> </br> <center><input type="submit" name="regsubmit" value="Sign up"></center><br /> </form> </div> <?php include "./includes/adverts.php"; ?> <?php include "./includes/footer.php"; ?> <?php include "./includes/pagebottom.php"; ?>

Ignore my last posts, I managed to get it working and merged the two error statements into one! Thank you for your help davidannis!

Thanks for your help. I'm no longer getting the error now but it's still not logging in as a registered user. Have I entered this correctly and does it correspond with the correct syntax? I'm such a novice >.< <?php if (isset($_POST['lisubmit'])){ $liusername=mysql_real_escape_string($_POST['liusername'][$dblink = NULL]); $query = "SELECT user_id, user_password FROM user WHERE user_username = '$liusername'"; // Select details from user table $result = mysql_query($query) or die(mysql_error()); $number_users = mysql_num_rows($result ); if ($number_users==0){echo ' no such user';} $row = mysql_fetch_array($result); if ($row['user_password'] == $_POST['lipassword'] && $row['user_password']!='') { $_SESSION['loggedin'] = true; $_SESSION['id'] = $row['user_id']; $_SESSION['username'] = $_POST['liusername']; } else { echo 'username and password don\'t match'; $_SESSION['loggedin'] = false; $_SESSION['id'] = 0; } } ?> Also is there a way to merge the other error: "username and password don't match" into the "ERROR: you need to enter a username and password" script that's in another php file? Just so it appears in the correct place within the document? I've tried to merge the code over, but it doesn't seem to work correctly? Login form page <?php if ($_SESSION['loggedin'] == true){ echo "You are logged in as ";?><b><?php echo $_SESSION['username']?></b><?php echo " ["; echo $_SESSION['id']; echo "]"; ?> <a href="logout.php">Logout</a> <?php }else{ echo "<p><b>Login:</b></p>\n"; ?> <form name="loginform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <b>Username:</b> <input type="text" name="liusername"> <b>Password:</b> <input type="password" name="lipassword"> <input type="submit" name="lisubmit" value="Login"> </form> <?php } if ($_SESSION['loggedin'] == true); if (empty($_POST) === false) { $username = $_POST['liusername']; $password = $_POST['lipassword']; if (empty($username) === true || empty($password) === true) { ?><br /><font color="red"><?php echo 'ERROR: You need to enter a username and password!'; // <- To be placed as the same area as this? } } ?>

Oh and also, when I enter an unregistered username and password, the error doesn't display? Is there anyway to show that too? Thank you for your time.

Thank you very much davidannis! It no longer logs anyone in and displays the error message as desired! I have to use mysql for this part of an assignment I'm working on so I have changed the function to msql as you've told me to. I do have one issue though, if I login a registered user, I get a php error at the top of the page: Warning: mysql_real_escape_string() expects parameter 2 to be resource, string given in E:\Inetpub\wwwroot\php\home\includes\login.php on line 4 Have I done something wrong? Thank you for your help so far!

How do I check that the user exists and how do I stop random user names that are not in the user table from logging in? Thanks.

I'm still a newbie towards php so I'm not sure what/where to add or change as I don't understand this validation thing very well?

Hi, I'm currently having an issue with validating my login script, it only appears that one part of it actually works! I have a simple login form with a username and password field and login button. At the moment if I enter nothing into the login form (nothing for both username and password), it logs in as an unregistered user with no ID and my error message is displayed. If I enter an unregistered username with no password the same thing happens. If I enter an unregistered username with a random password there is no log in which is good, but my error message is not displayed. If I enter a registered username and password into the form, it logs in with the correct ID and no error message is displayed, which is good. If I enter a random password with nothing in the username it does not log in which is good and the error message is displayed as it should. How can I get it so that all of these login attempts are coded so that it always results in the last case if an unregistered user is entered and / or missing details are entered into the form? Form and Validation Code <?php if ($_SESSION['loggedin'] == true){ echo "You are logged in as ";?><b><?php echo $_SESSION['username']?></b><?php echo " ["; echo $_SESSION['id']; echo "]"; ?> <a href="logout.php">Logout</a> <?php }else{ echo "<p><b>Login:</b></p>\n"; ?> <form name="loginform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <b>Username:</b> <input type="text" name="liusername"> <b>Password:</b> <input type="password" name="lipassword"> <input type="submit" name="lisubmit" value="Login"> </form> <?php } if ($_SESSION['loggedin'] == true); if (empty($_POST) === false) { $username = $_POST['liusername']; $password = $_POST['lipassword']; if (empty($username) === true || empty($password) === true) { ?><br /><font color="red"><?php echo 'ERROR: You need to enter a username and password!'; } } ?> Login Code <?php if (isset($_POST['lisubmit'])){ $query = "SELECT user_id, user_password FROM user WHERE user_username = '".$_POST['liusername']."'"; // Select details from user table $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); if ($row['user_password'] == $_POST['lipassword']) { $_SESSION['loggedin'] = true; $_SESSION['id'] = $row['user_id']; $_SESSION['username'] = $_POST['liusername']; } else { $_SESSION['loggedin'] = false; $_SESSION['id'] = 0; } } ?> Thank you in advance for any help.

Thank you for your help, I managed to find the issue, it was a semicolon that I found shouldn't of been there. Thanks!

Sorry for the confusion, the login form works and logs users from the database into the website, but still refuses to stay logged in once I click any other link on the site. I have created a session destroy for the logout link which I believe works, but it appears every other link is not carrying over the session to other pages of the site; it's really strange.

Thanks for that, the username works like a treat. Oh the globals I found from another site as I was testing to make the username display, I've deleted that, thanks for the advice. As for the login, it doesn't work for some reason. I have put a session start within my index page and have separated the majority of the site into separate include files, I have also tried putting a session start within the file that has the login script, but that doesn't work either? Thanks for your help.

Hi, Currently having an issue with php login script. The login script works fine and logs in the correct user, but the problem is, is that any link I click regardless whether it is the log out button, it seems to end the session and logs me back out again. Total newbie to php, can I have some help please? Also, is there a way to display the users' name from the user table inside the echo "you logged in as", I can only seem to get the ID? Thank you for your help. Login form (in page header): <div class="loginform"> <?php if ($_SESSION['id'] > 0){ echo "You are logged in as"; ?> <?php print $GLOBALS['user']->name; ?> <a href="logout.php">Logout</a> <?php }else{ echo "<p>Login:</p>\n"; ?> <form name="loginform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <b>Username:</b> <input type="text" name="liusername"> <b>Password:</b> <input type="password" name="lipassword"> <input type="submit" name="lisubmit" value="Login"> </form> </div> PHP authenticate (in page top) <?php if (isset($_POST['lisubmit'])); $query = "SELECT user_id, user_password FROM user WHERE user_username = '".$_POST['liusername']."'"; $result = mysql_query($query) or die (mysql_error()); $row = mysql_fetch_array($result); if ($row['user_password'] == $_POST['lipassword']){ $_SESSION['loggedin'] = true; $_SESSION['id'] = $row['user_id']; }else{ $_SESSION['loggedin'] = false; $_SESSION['id'] = 0; } ?>