nicholasolsen

This is a great post for all of the beginners in PHP to learn from. To sum it all up in a few words first: NEVER USER COOKIE TO VALIDATE A USER. Why? Because the end-user easily can edit the cookies on their computer, and therefore tamper with your website without authorization. Cookies should only be used to register for how long a user want to be logged in. Because of this Im not going to comment and correct your code; but instead guide you on the right path: SESSION. When a user is logging in on your website, make a session that register that the user is logged in. Google "PHP SESSION tutorial" and you will find a lot of interesting information to read on the bed. Good luck, and if you wonder about anything else - dont be afraid to PM.

You are looking for the "include"-function in PHP. By making a .php file for all of the columns (except from the content) you can easily include the columns into all of the different pages. This will save you a lot of time editing, since you only have to edit ONE file instead of TWELVE. Example for index.php: include('page_header.php'); // THIS INCLUDES THE HEADER include('page_column_left.php'); // THIS INCLUDES THE LEFT COLUMN // HERE YOU CAN WRITE THE CONTENT OF THE CURRENT PAGE (UNIQUE ON EACH DIFFERENT PAGE) include('page_column_right.php'); // THIS INCLUDES THE RIGHT COLUMN include('page_footer.php'); // THIS INCLUDES THE FOOTER Redo this for all of your pages basically, and you have saved some odd hours of updating. Note: Use a database instead if you know how to use one. Faster, easier and more convenient. Good luck!

You could pass the vars through the URL, then use the GET method to retrieve the data on the next page. Your current redirection: header("Location: $success"); Replace it with: header("Location: $success&var1=$var1&var2=$var2&var3=$var3"); On the next page, use the following code to retrieve the data: $var1 = $_GET['var1']; $var2 = $_GET['var2']; $var3 = $_GET['var3']; Note: When using the GET method to retrieve data, make sure you write a security-script that kills the load if the vars are "unknown". You should therefore only have a set of keywords allowed per var. Example: if (isset($_GET)) { if ($var1 == "allowedKeyword") { echo "This is allowed"; exit(); } if ($var2 == "allowedKeyword") { echo "This is allowed too"; exit(); } if ($var3 == "allowedKeyword") { echo "This is allowed toooo!"; exit(); } else { echo "One or more of the variables are tempered with, and therefore the script has been killed."; } }

The simple answer to your q: Your query was: $query = mysql_query("SELECT * FROM users WHERE fname LIKE '%$find%' OR lname LIKE '%$find%'"); Instead you could use this: $query = mysql_query("SELECT * FROM users WHERE fname LIKE '%$find%' AND lname LIKE '%$find%'"); This searches the table for First Name = Roger AND Last Name = Smith.

You could try to use the explode function. Example that would do the trick: $find = $_POST/GET['name_from_search']; // EDIT THIS $find_string = explode(' ',$find); $first_name = $find_string[0]; $last_name = $find_string[1]; $query = mysql_query("SELECT * FROM users WHERE fname LIKE '$first_name%' AND lname LIKE '$last_name%' OR fname LIKE '$last_name%' AND lname LIKE '$first_name%' "); What you did wrong was not using the AND syntax in your query. Instead you used OR. If you use the query I wrote above the search will search the two columns for all combinations. The reason I did the fname = $last_name is because some search "Smith Roger" instead of "Roger Smith". The query i wrote will give the same result in both instances. Hope it helps

The user should not be able to visually see the login page after the user has actually logged in, so the F5 example your mentioned wont be a concern. When the user is logged in, simply use header to redirect them to the index or whereever. If the user has entered wrong details (email / pw), simply show redirect them to the login form once more...... header('Location:www.url.com'); To sum up: Keep the login form and php login code in the same file, dont split them... Easier to keep track of in one simple file.

I figured out what the problem was. It was a variable that didnt recieve its value on a different page, and therefore the value didnt show up in the mysql table.. Thanks for the reply fife.

If someone could take a look at the code i entered above i would really appreciate it. Thanks

Your website opened perfectly on my macbook,.. Took less than 0,2 sec to load all the data. Maybe its your DSL thats too slow.. Im having 2,4mbit download rate right now and thats not super fast so say at least. If you use dial-up (dont think you do, but just to mention it) or anything like this it might take several seconds to load the website for YOU, but not for anyone else.

List more information about the tables your using.. This line of code doesnt tell me a lot of whats going on. In norwegian: Legg ut informasjon om hvordan sql tabellene ser ut. Vanskelig å skjønne noe ut i fra hva du nevnte. Hvis du ikke finner svar kan du sende meg en PM så skal jeg gjøre mitt beste.

List the code to give us a better understanding of your situation, so we can give you a better answer. Thanks

Sorry about that one. Youre absolutely right, it loads right away. Well, if it takes 4 sec to load its probably a lot of content (?). The include function doesnt cause any extra delay (or at least you wont be able to notice) so you might have to get used to waiting 4 sec. Or you can try to add your data to a SQL table, but i dont think that will load any faster. And since youre new to PHP/MySQL i wouldnt recommend taking on SQL yet. I dont know what the best solution is to be honest. Hopefully some other on this forum come up with a better answer for you! And again, sorry about the confusion on the first reply. Have a nice one

As the OP was using $_SESSION (and most PHP installations these days do), session_unset() is not the correct function to use. Also, the session_destroy() manual page says that session_unset() is deprecated, and specifically instructs to use it only for code that does not use $_SESSION. Edit: I would also like to point out that these are the things you won't find easily by using google. However, it does the trick.

if (isset($value)) { // value is set } else if (empty($value)) { // value is not set } Hope it helps :-)

This is all off topic so drop it. I wouldnt say the answer i gave was wrong.. The q was how to unset all sessions, and the two functions i listed does exactly that, am i right? So go somewhere else being a smartypant, Mr. Smartypants :-) :-)