Jump to content

benjyo

New Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

benjyo's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. benjyo
    Login page: <?php require_once('Connections/localhost.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "controlpanel.php"; $MM_redirectLoginFailed = "login.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_localhost, $localhost); $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $localhost) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/url] <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml">[/url] <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> </head> <body><form action="<?php echo $loginFormAction; ?>" method="POST" id="loginform"><table width="600" border="0"> <tr> <td><span id="sprytextfield1">username<br /> <label for="username"></label> <input type="text" name="username" id="username" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield2">password<br /> <label for="password"></label> <input type="password" name="password" id="password" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><input type="submit" name="login" id="login" value="login" /></td> </tr> <tr> <td> </td> </tr> </table> </form> <script type="text/javascript"> var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1"); var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2"); </script> </body> </html> Control panel: <?php require_once('Connections/localhost.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } }if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $colname_user = "-1"; if (isset($_SESSION['username'])) { $colname_user = $_SESSION['username']; } mysql_select_db($database_localhost, $localhost); $query_user = sprintf("SELECT * FROM users WHERE username = %s", GetSQLValueString($colname_user, "text")); $user = mysql_query($query_user, $localhost) or die(mysql_error()); $row_user = mysql_fetch_assoc($user); $totalRows_user = mysql_num_rows($user);$username_user = "-1"; if (isset($_SESSION['username'])) { $username_user = $_SESSION['username']; } mysql_select_db($database_localhost, $localhost); $query_user = sprintf("SELECT * FROM users WHERE %s = %s", GetSQLValueString($username_user, "text"),GetSQLValueString($username_user, "text")); $user = mysql_query($query_user, $localhost) or die(mysql_error()); $row_user = mysql_fetch_assoc($user); $totalRows_user = mysql_num_rows($user); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/url] <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml">[/url] <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> </head> <body> <a href="logout.php">logout</a> | <a href="user_epdate.php?username=<?php echo $row_user['username']; ?>">update</a> </body> </html> <?php mysql_free_result($user); ?> User update: <?php require_once('Connections/localhost.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "signup")) { $updateSQL = sprintf("UPDATE users SET firstname=%s, lastname=%s, email=%s, username=%s, password=%s WHERE userid=%s", GetSQLValueString($_POST['firstname'], "text"), GetSQLValueString($_POST['lastname'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['userid'], "int")); mysql_select_db($database_localhost, $localhost); $Result1 = mysql_query($updateSQL, $localhost) or die(mysql_error()); $updateGoTo = "controlpanel.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } $colname_Recordset1 = "-1"; if (isset($_GET['username'])) { $colname_Recordset1 = $_GET['username']; } mysql_select_db($database_localhost, $localhost); $query_Recordset1 = sprintf("SELECT * FROM users WHERE username = %s", GetSQLValueString($colname_Recordset1, "text")); $Recordset1 = mysql_query($query_Recordset1, $localhost) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); $username_Recordset1 = "-1"; if (isset($_GET['username'])) { $username_Recordset1 = $_GET['username']; } mysql_select_db($database_localhost, $localhost); $query_Recordset1 = sprintf("SELECT * FROM users WHERE %s = %s", GetSQLValueString($username_Recordset1, "text"),GetSQLValueString($username_Recordset1, "text")); $Recordset1 = mysql_query($query_Recordset1, $localhost) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = "%"; if (isset($_GET['username'])) { $totalRows_Recordset1 = $_GET['username']; } $colname_registeruser = "-1"; if (isset($_GET['username'])) { $colname_registeruser = $_GET['username']; } mysql_select_db($database_localhost, $localhost); $query_registeruser = sprintf("SELECT userid, firstname, lastname, email, username, password FROM users WHERE username = %s", GetSQLValueString($colname_registeruser, "text")); $registeruser = mysql_query($query_registeruser, $localhost) or die(mysql_error()); $row_registeruser = mysql_fetch_assoc($registeruser); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/url] <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml">[/url] <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> </head> <body><form action="<?php echo $editFormAction; ?>" method="POST" name="signup" id="signup"><table width="600" border="0"> <tr> <td><span id="sprytextfield1">username<br /> <label for="username"></label> <input name="username" type="text" id="username" value="<?php echo $row_registeruser['username']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield2">password<br /> <label for="password"></label> <input name="password" type="text" id="password" value="<?php echo $row_registeruser['password']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield3">firstname<br /> <label for="firstname"></label> <input name="firstname" type="text" id="firstname" value="<?php echo $row_registeruser['firstname']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield4">lastname<br /> <label for="lastname"></label> <input name="lastname" type="text" id="lastname" value="<?php echo $row_registeruser['lastname']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield5">email<br /> <label for="email"></label> <input name="email" type="text" id="email" value="<?php echo $row_registeruser['email']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><input type="submit" name="submit" id="submit" value="Submit" /></td> </tr> <tr> <td><input name="userid" type="hidden" id="userid" value="<?php echo $row_registeruser['userid']; ?>" /></td> </tr> </table> <input type="hidden" name="MM_update" value="signup" /> </form> <script type="text/javascript"> var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1"); var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2"); var sprytextfield3 = new Spry.Widget.ValidationTextField("sprytextfield3"); var sprytextfield4 = new Spry.Widget.ValidationTextField("sprytextfield4"); var sprytextfield5 = new Spry.Widget.ValidationTextField("sprytextfield5"); </script> </body> </html> <?php mysql_free_result($Recordset1); ?> Please help. I am new to php and i am trying to get a session variable working. I am using dreamweaver cs6. I have got the login page working fine and connecting to my database. THis then loads the control panel,working fine. When i click edit on the control panel it is supposed to take me to a templated page with the session variable for the user logged in, this is not happening it is going to the username on the top row of my database.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.