Jump to content


Photo

Keeping session usernames between pages


  • Please log in to reply
2 replies to this topic

#1 helpmeplease2

helpmeplease2
  • Members
  • PipPipPip
  • Advanced Member
  • 87 posts

Posted 23 May 2006 - 12:51 AM

I have a script which logs a user in using their username and password. They are then going to be able to see pages that have data from their row in my database and then be able to change it. Example: They see their email address on the screen and they can change it and then click an update button.

Here is the code I currently am using:
<?php
session_start();
header("Cache-Control: private");
require('config.php');
require('includes/dbconnect.php');
?>
<html>
<head>
<?php
require('includes/logincheck.php');
?>
</head>
<body>
<?php
if(isset($_SESSION['Username']) && isset($_SESSION['Password'])){
include('includes/topusercp.php'); //this file just has the navigation i want to display once the user is logged in
}else{
include('includes/topmain.php'); //this is the navigation before the user is logged in
}
?>
<?php


$p="includes/" . $_GET['p'] . ".php";

if($_GET['p']==''){

$p="includes/main.php"; /this is the page with the login fields
}

include($p);

?>

</body>
</html>

logincheck.php:

<?php
if($_GET['logout']=='y'){
session_unset();
}

if(empty($_SESSION['Username'])){
if(($_POST['Username']!='') && ($_POST['Password']!='')){
$tmpusr=$_POST['Username'];
$results=mysql_query("select Username,Password,ban from $month where Username='$tmpusr'");
$row=mysql_fetch_assoc($results);
if (mysql_num_rows($results)==0) {
echo "Invalid Username!";
}elseif($row['Password']!=$_POST['Password']){
echo "Invalid Password!";
}else{
if($row['ban']>0){
echo "Your account has been suspended or banned!";
}else{
$Username=$_POST['Username'];
$Password=$_POST['Password'];
session_register("Username");
session_register("Password");
$Username=$_SESSION['Username'];
$Password=$_SESSION['Password'];

}
}
}
}else{
$Username=$_SESSION['Username'];
$Password=$_SESSION['Password'];
}
?>

The page the user sees:
<?php
require('/home/public_html/admin/month.php');
$results=mysql_query("SELECT * FROM $month WHERE Username='$Username'");
while ($row=mysql_fetch_array($results)) {
    echo "<table cellspacing='0' cellpadding='1' border='0' align='center'>";
    echo "<tr><td width='150'><b>Email Address</b></td><td width='200'><input type='text' value='".$row['Email']."' size='40'></input></td></tr>";
    echo "<tr><td width='150'>&nbsp;</td><td align='center'><input type='submit' value='Update Contact Information'></td>";
    echo "</table>";
}
?>

The script works if I change:
$results=mysql_query("SELECT * FROM $month WHERE Username='$Username'");

From the last file to:
$results=mysql_query("SELECT * FROM $month WHERE Username='myusername'");

So the question I am asking is, how do I make it so it keeps the same user that logged in and only displays their username? I would also like to know how to make it so my submit button updates the database.

Thanks in advance.

#2 Kris

Kris
  • Staff Alumni
  • Advanced Member
  • 2,755 posts
  • LocationThe Internet

Posted 24 May 2006 - 02:49 PM

Unless you have register_globals switched on in your php.ini (which you shouldn't really), you'd need to use your session variable in your query:
$results=mysql_query("SELECT * FROM $month WHERE Username='$_SESSION[Username]'");


#3 helpmeplease2

helpmeplease2
  • Members
  • PipPipPip
  • Advanced Member
  • 87 posts

Posted 25 May 2006 - 04:32 AM

TY, its working.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users