Mickey400z

Okay. I've got the theory. The "how" part is kind of screwing me up now...lol.

Yeah...I know, I don't ever use logout buttons either. I figured I would give the option though. So based on what you are saying as far as using the creation of the session to set the parameter, ho do I translate that to other queries where I need to display information based on a user being logged in or not.

I'm trying to update a field in my MySQL database when a user logs in or logs out. I figure a simple 0 or 1 choice will do. I'm trying to get my head wrapped around how I add this function to my login script when the user hits "submit" or the user hits "logout" or his session expires. The field is pretty simple; "online" Here's my login code. <?php require_once('connectvars.php'); require_once('appvars.php'); // Start the session session_start(); // Clear the error message $error_msg = ""; // If the user isn't logged in, try to log them in if (!isset($_SESSION['clientid'])) { if (isset($_POST['submit'])) { // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // Grab the user-entered log-in data $user_username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $user_password = mysqli_real_escape_string($dbc, trim($_POST['password1'])); if (!empty($user_username) && !empty($user_password)) { // Look up the username and password in the database $query = "SELECT clientid, username FROM clients WHERE username = '$user_username' AND password1 = SHA1('$user_password')"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 1) { // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page $row = mysqli_fetch_array($data); $_SESSION['clientid'] = $row['clientid']; $_SESSION['username'] = $row['username']; setcookie('clientid', $row['clientid'], time() + (60 * 60 * 24 * 30)); // expires in 30 days setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30)); // expires in 30 days $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php'; header('Location: ' . $home_url); } else { // The username/password are incorrect so set an error message $error_msg = 'Sorry, you must enter a valid username and password to log in.'; } } else { // The username/password weren't entered so set an error message $error_msg = 'Sorry, you must enter your username and password to log in.'; } } } // Insert the page header // $page_title = 'Log In'; // require_once('header.php'); // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in if (empty($_SESSION['clientid'])) { echo '<p class="error">' . $error_msg . '</p>'; ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" > <div align="center"> <legend align="left">Log In</legend> <label for="username"> Username: </label> <p> <input type="text" name="username" value="<?php if (!empty($user_username)) echo $user_username; ?>" /> </p> <label for="password1"> Password: </label> <p> <input type="password" name="password1" /> </p> <p> <input type="submit" value="Log In" name="submit" /> Register free <a href="signup.php" target="_blank" class="style1">here</a> </p> </div> </form> <?php } else { // Confirm the successful log-in echo('<p class="button" id="slogan">You are logged in as ' . $_SESSION['username'] . '.</p><br><a href="logout.php">Logout</a>'); } ?> Any insight would be appreciated

Thanks for the help everyone. It ended up that I had a field in my table that was set to NOT NULL. Considering I wasn't passing any information to that field, it was kicking it back. Thanks again!

Ok....here's the output I got... Problem with the query: INSERT INTO clients (firstname, password1) VALUES ('Mickey400z', SHA1('abc123')) Now I currently have the password1 field set up as VARCHAR(40) in my databasel table. I was under the impression that was all I needed.

Okay. I didn't kick anything new back when I added $dbc into the mysqli_connect_error(). It still gave me my "wtf?" error at "or die(wtf?)"

lol...my bad...I didn't see the code snippets. All I saw was the question. hehe

Ummm....I don't know...do I?

I need a second set of eyes for my registration script please. Connectvars.php has the correct information to access the mySQL database. I keep getting an error at "mysqli_query or die(wtf?)". Thanks! My connectvars.php script is in the same directory as this registration script. It seems to be getting a connection considering my failure is "mysqli_query or die(wtf?)" <?php // Insert the page header $page_title = 'Sign Up'; require_once('connectvars.php'); // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (mysqli_connect_error()) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } if (isset($_POST['submit'])) { // Grab the profile data from the POST $firstname = mysqli_real_escape_string($dbc, trim($_POST['firstname'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); if (!empty($firstname) && !empty($password1) && !empty($password2) && ($password1 == $password2)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM clients WHERE firstname = '$firstname'"; $data = mysqli_query($dbc, $query) or die('error connecting to db'); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO clients (firstname, password1) VALUES ('$firstname', SHA1('$password1'))"; mysqli_query($dbc, $query) or die('wtf?'); // Confirm success with the user echo '<p>Your new account has been successfully created. You\'re now ready to <a href="index.php">log in</a>.</p>'; mysqli_close($dbc); exit(); } else { // An account already exists for this username, so display an error message echo '<p class="error">An account already exists for this username. Please use a different address.</p>'; $firstname = ""; } } else { echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>'; } } mysqli_close($dbc); ?> <p>Please enter your username and desired password to sign up to The Haven.</p> <form method="post" action="signup.php"> <fieldset> <legend>Registration Info</legend> <label for="firstname">Username:</label> <input type="text" name="firstname" id="firstname" value="<?php if (!empty($firstname)) echo $firstname; ?>" /><br /> <label for="password1">Password:</label> <input type="password" name="password1" id="password1" /><br /> <label for="password2">Password (retype):</label> <input type="password" name="password2" id="password2" /><br /> </fieldset> <input type="submit" value="Sign Up" name="submit" /> </form>