fife
-
Posts
381 -
Joined
-
Last visited
Everything posted by fife
-
Right I'm going to try and explain what i'm trying to do and i'll post the code i have at the bottom. Whatever I do I seem to get a new error and I can't get any closer to getting the script right!!! I give up myself. There's only so much one man can take!!!!!!! I have a database with two table. Members owners Both tables have the same fields for the login section! username password (stored in md5 format) access_level Now I'm trying to make a script that selects both tables and finds the username. then checks that the md5 of the password entered into the field is equal to the stored md5 password in the database. if details are correct it sends the person to the correct page while updating a table called mem_logins with the email of the user loging in as a feild along with the time, If there is no account at all it sends them to the create account page, if the access level is equal to 1 or 50 it sends them to the check_email.php Now I'm very new to php and therefore have most certainly written the script wrong. I have been tryig to sort the errors for days and now, have given up. Can anyone help? Here is the code as it stands and at the minute im getting this error..... mysql_num_rows(): supplied argument is not a valid MySQL result resource in site on line 11 <?php include('Connections/YA1.php'); session_start(); ?> <?php if(isset($_POST['submit3'])) { $qCheckUserInfo = "SELECT * FROM Members, owners WHERE username='".mysql_real_escape_string($_POST['username3'])."'"; $rCheckUserInfo = mysql_query($qCheckUserInfo); $numUsers = mysql_num_rows($rCheckUserInfo); if($numUsers == 0) { $message = "Incorrect login details"; $success = 0; } else { $userInfo = mysql_fetch_array($rCheckUserInfo); $password = $userInfo['password']; $email = $userInfo ['email']; if($password == md5($_POST['password3'])) { $success = 1; $_SESSION['logged'] = 1; $_SESSION['club_id'] = $userInfo['club_id']; $_SESSION['username'] = $userInfo['username']; $today = date("Y-m-d h:m:s"); if($_SESSION['access_level'] == 1) { $sql = "INSERT INTO mem_logins `email`, `login` VALUES ('$email','$today')"; mysql_query($sql) or die ("could not execute insert."); header('Location: check_email.php'); } else if($_SESSION['access_level'] == 2) { $sql = "INSERT INTO mem_logins `email`, `login` VALUES ('$email','$today')"; mysql_query($sql) or die ("could not execute insert."); header('Location: members/index.php'); } else if($_SESSION['access_level'] ==50) { $sql = "INSERT INTO mem_logins `email`, `login` VALUES ('$email','$today')"; mysql_query($sql) or die ("could not execute insert."); header('Location: check_email.php'); } else if($_SESSION['access_level'] == 51) { $sql = "INSERT INTO mem_logins `email`, `login` VALUES ('$email','$today')"; mysql_query($sql) or die ("could not execute insert."); header('Location: clubs/index.php'); } else if($_SESSION['access_level'] == 99) { $sql = "INSERT INTO mem_logins `email`, `login` VALUES ('$email','$today')"; mysql_query($sql) or die ("could not execute insert."); header('Location: admin/D/index.php'); } } else { $message = "Incorrect login details"; $success = 0; } } } ?> <body> <div id="wrapper"> <div id="title_box"> <div id="logo"><img src="image/your_arena.jpg" /></div> <div id="login_box"> <?php if($success==0) { echo $message; } else { echo ' '; } ?> <?php if($success != 1 && !($_SESSION['logged'])) { ?><?php ?> <form METHOD="POST" name="login_form" class="black_text" id="login_form"> <table width="252" border="0" align="right" cellpadding="0" cellspacing="5" id="login_tab"> <tr> <td width="84"><div align="left">Username:</div></td> <td><input name="username3" type="text" class="form_fields" value="<?php echo $_POST['username3']; ?>" id="username3" tabindex="1" /></td> </tr> <tr> <td><div align="left">Password:</div></td> <td><input name="password3" type="password" class="form_fields" id="password3" tabindex="2" /></td> </tr> <tr> <td colspan="2"></td> </tr> <tr> <td colspan="2" class="forgotten_pass"><div align="right">Forgotten your password?</div></td> </tr> <tr> <td height="24"><div align="left"></div></td> <td><div align="right"> <input name="submit3" type="submit" id="submit3" tabindex="3" value="Login" /> </div></td> </tr> </table> <?php } //end fail if ?> </form> </div> </div> <?php include('nav.php');?> <div id="test">main page </div> <?php include('footer.php');?> </div> </body> </html>
-
sorry no what i mean is people insert thier date as dd/mm/yyyy and i need it changed to yyyy/mm/dd so the database will read it correctly
-
Hi I have started my error checking for my form. I am understand that the date must be inserted in the format yyyy/mm/dd but on my form i need it to be inserted in the format dd/mm/yyyy. I have wrote some code but have only been doing php about a week properly so I can't see what my error is. Whenever I try to insert the date, the form its self does not error but if i check the database the date is simply 0000/00/00. Can anyone help? if(isset($_POST['submit'])) { $first_name = mysql_real_escape_string($_POST['first_name']); $last_name = mysql_real_escape_string($_POST['last_name']); $DOB = mysql_real_escape_string($_POST['DOB']); $sex = mysql_real_escape_string($_POST['sex']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $agree = mysql_real_escape_string($_POST['agreed']); $creation_date = mysql_real_escape_string($_POST['creation_date']); $user_type = mysql_real_escape_string($_POST['member_type']); $access_level = mysql_real_escape_string($_POST['access_level']); $validation = mysql_real_escape_string($_POST['validation_id']); $club_user = mysql_real_escape_string($_POST['user_type']); $date_check = "/^([0-9]{2})/([0-9]{2})/([0-9]{4})$/"; if($first_name == "") { $message = "Please enter a first name"; $success = 0; } else if($last_name == "") { $message = "Please enter a surname"; $success = 0; } else if($DOB =="") { $message = "Please enter your date of birth."; $success = 0; } else if(!(preg_match("/^([0-9]{2})\/([0-9]{2})\/([0-9]{4})$/", $DOB))) { $message = "Please enter your birthday in the format dd/mm/yyyy"; $success = 0; } else if($email =="") { $message = "Please enter a correct email."; $success = 0; } else if($username =="") { $message = "Please enter a username."; $success = 0; } else if($password =="") { $message = "Please enter a password greater than 6 characters long."; $success = 0; } else { $DOB = $explode[2]."-".$explode[1]."-".$explode[0]; $password_md5 = md5($password); $insert_member= "INSERT INTO Members (`first_name`,`last_name`,`DOB`,`sex`,`email`,`username`,`password`,`agree`,`creation_date`,`usertype`,`access_level`,`validationID`) VALUES ('".$first_name."','".$last_name."','".$DOB."','".$sex."','".$email."','".$username."','".$password_md5."','".$agree."','".$creation_date."','".$user_type."','".$access_level."', '".$validation."')"; $insert_member_now= mysql_query($insert_member) or die(mysql_error()); $url = "thankyou.php?name=".$_POST['username']; header('Location: '.$url);
-
Hi. I've been doing tutorials all day on checking for blank fields and I have wrote a function to do so. For now I am only checking one field to see if it works. If I miss that field out (first name) It works great and displays the correct error message. Problem I have is if I fill in the whole form and send it I get an Inturnal server error. I will post my code to show you. can anyone see whats going wrong? I have \\ some of the code for now because I my keep it if I cant do this error check. session_start(); $validation_id = strval(time()); if(isset($_POST['submit'])) { $first_name = check_input($_POST['first_name'],"Please enter a first name"); $last_name = check_input($_POST['last_name']); $DOB = check_input($_POST['DOB']); $sex = check_input($_POST['sex']); $email = check_input($_POST['email']); $username = check_input($_POST['username']); $password = check_input($_POST['password']); $agree = check_input($_POST['agreed']); $creation_date = check_input($_POST['creation_date']); $user_type = check_input($_POST['member_type']); $access_level = check_input($_POST['access_level']); $validation = check_input($_POST['validation_id']); $club_user =check_input($_POST['user_type']); // $first_name = mysql_real_escape_string($_POST['first_name']); // $last_name = mysql_real_escape_string($_POST['last_name']); // $DOB = mysql_real_escape_string($_POST['DOB']); // $sex = mysql_real_escape_string($_POST['sex']); // $email = mysql_real_escape_string($_POST['email']); // $username = mysql_real_escape_string($_POST['username']); // $password = mysql_real_escape_string($_POST['password']); // $agree = mysql_real_escape_string($_POST['agreed']); // $creation_date = mysql_real_escape_string($_POST['creation_date']); // $user_type = mysql_real_escape_string($_POST['member_type']); // $access_level = mysql_real_escape_string($_POST['access_level']); // $validation = mysql_real_escape_string($_POST['validation_id']); // $club_user = mysql_real_escape_string($_POST['user_type']); $insert_member= "INSERT INTO Members (`first_name`,`last_name`,`DOB`,`sex`,`email`,`username`,`password`,`agree`,`creation_date`,`usertype`,`access_level`,`validationID`) VALUES ('".$first_name."','".$last_name."','".$DOB."','".$sex."','".$email."','".$username."','".$password."','".$agree."','".$creation_date."','".$user_type."','".$access_level."', '".$validation."')"; $insert_member_now= mysql_query($insert_member) or die(mysql_error()); $url = "thankyou.php?name=".$_POST['username']; header('Location: '.$url); and the form <form method="POST" name="member_accounts" id="member_accounts"> <input name="first_name" type="text" class="form_fields" value="<?php echo $_POST['first_name'];?>" size="20" /> <input name="last_name" type="text" class="form_fields" value="<?php echo $_POST['last_name'];?>" size="20" /> <input name="submit" type="submit" class="join_submit" id="submit_member" value="Create Account" /> <? function check_input($data, $problem='') { $data= trim($data); $data= stripslashes($data); $data= htmlspecialchars($data); if ($problem && strlen($data) ==0) { die($problem); } return $data; } ?>
-
yes I am definately connecting to the right database name. Here is my error again Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/sites/yourarena.co.uk/public_html/joining/validation_members.php and the code with the included page at the top <? include('database name here'); session_start(); //this section is included in the include above $hostname = ""; $database = ""; $username = ""; $password = ""; $YA1 = mysql_pconnect($hostname, $username, $password) or trigger_error(mysql_error(),E_USER_ERROR); mysql_select_db($databasecname here); //this is on the validation page its self $validation_id =$_GET['validation_id']; $FullRec__query=sprintf("SELECT * FROM Members WHERE validation_id= %s", $validation_id); $FullRec = mysql_query($FullRec__query, $database name here) or die(mysql_error()); $FullRecArray = mysql_fetch_array($FullRec); $UdateAccessQuery = sprintf("UPDATE Members SET access_level = '2' WHERE validation_id =%s", $validation_id); mysql_query($UdateAccessQuery, $database name here) or die(mysql_error()); ?>
-
Cool ok I will have a read of that thank you very much. I fixed the code on line 12 i was missing a , but now I get a new error. I will post the error and all of the php on the page again. Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/validation_members.php on line 8 <? include('../database name here); session_start(); $validation_id =$_GET['validation_id']; $FullRec__query=sprintf("SELECT * FROM Members WHERE validation_id= %s", $validation_id); $FullRec = mysql_query($FullRec__query, $database name here) or die(mysql_error()); $FullRecArray = mysql_fetch_array($FullRec); $UdateAccessQuery = sprintf("UPDATE Members SET access_level = '2' WHERE validation_id =%s", $validation_id); mysql_query($UdateAccessQuery, $database name here) or die(mysql_error()); ?> [code=php:0]
-
Ok made the change which i think I understand. Not too sure what %s does but yes it makes sense how ever. this now popped up which I definately dont understand! Parse error: syntax error, unexpected T_VARIABLE in /home/validation_members.php on line 12
-
Warning: sprintf() [function.sprintf]: Too few arguments in /home/site/validation_members.php on line 6 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/validation_members.php on line 8
-
Hello. Basically I have created a form that you fill in and an email gets sent to your in box and you have an access_level of 1. Within this email there is one field. A validation_id. Now what im trying to do is when you click this link it opens the webpage and updates your access_level to 2. I have wrote my query and array and i can see exactly which bit is wrong. Its where i have validation_id= $validation_id") Now its not working and I can see the error. Problem is im too new at this to understand why its wrong and how to fix it can anyone help? Here is the rest of the code. Also could you please explain? I would really like to understand it before i move any further. p.s. I have already selected my database in the included file <? include('database_name'); session_start(); $validation_id =$_GET['validation_id']; $FullRec__query=sprintf("SELECT * FROM Members WHERE validation_id= $validation_id"); $FullRec = mysql_query($FullRec__query, $database name) or die(mysql_error()); $FullRecArray = mysql_fetch_array($FullRec); $UdateAccessQuery = sprintf("UPDATE Members SET access_level = '2' WHERE validation_id = $validation_id"); mysql_query($UdateAccessQuery, $database_name) or die(mysql_error()); ?>
-
hello. Right I changed the code to reflect the reply to my message. The form works great and inserts the data yet even with the get command on my thank you page it still does not display a name
-
Hi, I'm very new to php. just wrote my first insert script which works great. Now when my script has run it sends you to the thank you page. It also sends username through a post. Now I'm trying to display Dear <? username ?> But i cant get it working. can anyone help? Here is the code for the join page <?php include('database name'); session_start(); $validation_id = strval(time()); if(isset($_POST['submit'])) { $first_name = mysql_real_escape_string($_POST['first_name']); $last_name = mysql_real_escape_string($_POST['last_name']); $DOB = mysql_real_escape_string($_POST['DOB']); $sex = mysql_real_escape_string($_POST['sex']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $agree = mysql_real_escape_string($_POST['agreed']); $creation_date = mysql_real_escape_string($_POST['creation_date']); $user_type = mysql_real_escape_string($_POST['member_type']); $access_level = mysql_real_escape_string($_POST['access_level']); $validation = mysql_real_escape_string($_POST['validation_id']); $club_user = mysql_real_escape_string($_POST['user_type']); $insert_member= "INSERT INTO Members (`first_name`,`last_name`,`DOB`,`sex`,`email`,`username`,`password`,`agree`,`creation_date`,`usertype`,`access_level`,`validationID`) VALUES ('".$first_name."','".$last_name."','".$DOB."','".$sex."','".$email."','".$username."','".$password."','".$agree."','".$creation_date."','".$user_type."','".$access_level."', '".$validation."')"; $insert_member_now= mysql_query($insert_member) or die(mysql_error()); $url = "thankyou.php?name=".$_POST[$username]; header('Location: '.$url); } Also the form looks like this <form method="POST" name="member_accounts" id="member_accounts"> <input name="username" type="text" class="form_fields" value="<?php echo $_POST['username'];?>" size="20" /> <input name="password" type="password" class="form_fields" value="<?php echo $_POST['password'];?>" size="21" /> now here is the code on the thank you next page. <? include('database name'); session_start(); $_POST['username']= $username; ?> <body> <div id="wrapper"> <h3 class="para_space">Dear <?php echo $_REQUEST[$username]; ?></h3>
-
thank you both. I could not see that was missing.
-
Hello. Like many posts on here i will start mine with "i'm new to php" I've just created my first ever script to insert rows from a form into the database but i keep getting this error Column count doesn't match value count at row 1 here is my code please can some point out the error of my ways; <?php include('the database name'); session_start(); $validation_id = strval(time()); if(isset($_POST['submit'])) { $first_name = mysql_real_escape_string($_POST['first_name']); $last_name = mysql_real_escape_string($_POST['last_name']); $DOB = mysql_real_escape_string($_POST['DOB']); $sex = mysql_real_escape_string($_POST['sex']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $agree = mysql_real_escape_string($_POST['agreed']); $creation_date = mysql_real_escape_string($_POST['creation_date']); $user_type = mysql_real_escape_string($_POST['member_type']); $access_level = mysql_real_escape_string($_POST['access_level']); $validation = mysql_real_escape_string($_POST['validation_id']); $club_user = mysql_real_escape_string($_POST['user_type']); $insert_member= "INSERT INTO Members (`first_name`,`last_name`,`DOB`,`sex`,`email`,`username`,`password`,`agree`,`creation_date`,`member_type`,`access_level`,`validationID`) VALUES ('".$first_name."','".$last_name."','".$DOB."','".$sex."','".$email."','".$username."','".$password."','".$agree."','".$creation_date."','".$user_type."''".$access_level."', '".$validation."')"; $insert_member_now= mysql_query($insert_member) or die(mysql_error()); echo "ENTERED INFORMATION FINE!"; } ?>
-
hi. I have a simple form to get a users details and one of the details is D.O.B formatted dd/mm/yy. Now when it goes to my sql database its my understanding it has to be yy/mm/dd. Im new to this and ive search high and low for the answer. can anyone help? Here is a short version of the php code and a very short version of the html: <?php $insertform = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $insertform .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["insert"])) && ($_POST["insert"] == "insertform")) { $insertSQL = sprintf("INSERT INTO Members (`FirstName`, `LastName`, `DOB`, ) VALUES %s, %s, %s)", GetSQLValueString($_POST['FirstName'], "text"), GetSQLValueString($_POST['LastName'], "text"), GetSQLValueString($_POST['DOB'], "date"), mysql_select_db($database_db, $db); $Result1 = mysql_query($insertSQL, $db) or die(mysql_error()); ?> <html> <body> <form action="<?php echo $insertform; ?>" method="post" name="insertform" id="insertform"> <input type="text" name="FirstName" value="" size="20" /> <input type="text" name="LastName" value="" size="20" /> <input type="text" name="DOB" size="15" /> </form> </body> </html>
-
Hello. I'm very new to php but I'm coming along slowly. I have a problem with a page. Now in my database i have say these fields firstname, lastname, address and username I am trying to create a session variable based on the username so the person viewing the page only sees their details and no one Else's! I have written the query myself but I have used dreamweaver to do the logging in to the page. Everything seems to work but i keep getting this error Fatal error: Call to undefined function: getsqlvaluestring() The line seems to be referring to something in this code; <?php mysql_select_db($database_newconnection, $newconnection); $FullRec__query=sprintf("SELECT * FROM Members WHERE Username=%s", GetSQLValueString($_SESSION['MM_Username'], "text")); $FullRec = mysql_query($FullRec__query, $newconnection) or die(mysql_error()); $FullRecArray = mysql_fetch_array($FullRec); ?> For a view of the full code here is it! I am sorry I know its very messy as dreamweaver sucks at php! <?php //initialize the session if (!isset($_SESSION)) { session_start(); } // ** Logout the current user. ** $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true"; if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session varialbles $_SESSION['MM_Username'] = NULL; $_SESSION['MM_UserGroup'] = NULL; $_SESSION['PrevUrl'] = NULL; unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); unset($_SESSION['PrevUrl']); $logoutGoTo = "thankyou.php"; if ($logoutGoTo) { header("Location: $logoutGoTo"); exit; } } ?> <?php include('Connections/newconnection.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "2,3"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "index.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php mysql_select_db($database_newconnection, $newconnection); $FullRec__query=sprintf("SELECT * FROM Members WHERE Username=%s", GetSQLValueString($_SESSION['MM_Username'], "text")); $FullRec = mysql_query($FullRec__query, $newconnection) or die(mysql_error()); $FullRecArray = mysql_fetch_array($FullRec); ?> Can anybody please help. The funny thing is this code was working fine then Changed something in Dreamweaver and it all went wrong!!! I've been staring at the code too long now so I cant seem to see anything!!
-
sorry i am a complete noob. i understand what you mean but i could never create that code for myself yet. has anyone got an example?
-
can anyone show me some code that makes users with level ones log on to level1.php and users who use same login ut with level 2 end up on level2.php instead?
-
Hi. I am trying to make a signing in script send users with access level 1 to one members area, level 2 to another and level 3 to another! Now i have made the script so it checks their access level but i dont understand how to make it send the users to different areas! Level onces can sign in fine. Can someone please show me the error of my ways in my code and how to fix it? <? if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username1'])) { $loginUsername=$_POST['Username']; $password=$_POST['Password']; $MM_fldUserAuthorization = "Accesslevel"; $MM_redirectLoginSuccess = "level1.php"; $MM_redirectLoginFailed = "Signinfail.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_con1, $con1); $LoginRS__query=sprintf("SELECT Username, Password, Accesslevel FROM Members WHERE Username=%s AND Password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $connection1) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'Accesslevel'); $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?>
-
Hi. Im wondering how i can make php check the access level of the user and then direct them to their proper area. I have two levels at the min. So far i have only been able to make it so that level one people can log in. When they do they go to my normmem area. Now if someone tries to go on with a level two nothing happens. I would like them to go to advancedmem area, can someone please help me with my code? <?php include('db/db1.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?><?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username1'])) { $loginUsername=$_POST['Username1']; $password=$_POST['Password1']; $MM_fldUserAuthorization = "Accesslevel"; $MM_redirectLoginSuccess = "normmem.php"; $MM_redirectLoginFailed = "Signinfail.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_db1, $db1); $LoginRS__query=sprintf("SELECT Username, Password, Accesslevel FROM Members WHERE Username=%s AND Password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $db1) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'Accesslevel'); //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?>
-
OK brill thank you. Simple mistakes are always the best. I just could not see it! Now further to this question i want to display say someone last name. The field header is lastname, do i simply add $lastname = $_SESSION['MM_lastname']; next to $username = $_SESSION['MM_Username']; Or is it far more difficult than that? If so anybody know anywhere i can find the information i need?
-
Ok. I asked this question yesterday and got many good answers. I have done what i was told but it still does note seem to work. I am trying to make my page display only the name of the person who logged in. Here i will post the full code i have. Can somebody please tell me why when i open the page it displays $username instead of the actual persons name who logged in!?! Learning PHP on your own is proving very difficult!!! <?php include(mydatabasename.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $username = $_SESSION['MM_Username']; $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "mynextpage.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <html> <body> <?php echo '$username'; ?> </body> </html>
-
lol mistake. my Username is a field in my members table
-
Hi. Im trying to display on a page the details of the person that has logged in and only thier details. Im starting nice and simple with trying to display just thier first name. This is so i get a better understanding of how it is done. Now the page i have made will only let you onto it as long as you have logged in on my signing in page. I have a table called members. I want to display a field called FirstName based upon thier login username which in my table is called UserName. I am very new to this so can someone point out my errors in my code? <?php session_start(); if (isset($_SESSION['Username'])) { $sql = "SELECT FirstName,data FROM Members WHERE id = UserName '{$_SESSION['FirstName']}'"; // execute query and display the page. } else { // user not logged in. }?> Also anybody know any good sites to learn php from as i am teaching myself at the minute? Thank you for your help!
-
hey everyone. Thank you for all your help. Yes you are right. I would like a page that displays many details of the particular person that logs in. I will go through all your comments very carefully and study what i need to know. Thank you all for all your help. Im sure you will all be hearing from me again very soon! lol. fife
-
Hi. I am very new to all of php, mysql and the program dreamweaver. I am teaching how to use all of this at the same time! Now, I have created a website with a login page and all the relevant forms to create an account. It all works perfectly. Now i am having trouble understanding the next bit. Heres what i want; I would like the next page after you log in to display all of your personal details and ONLY your personal details. Can someone tell me how to do this or where i can learn it. Sorry if that explaination is not good enough. If someone can help i am willing to go into more detail on my database and webpage. Thank you