Jump to content

Archived

This topic is now archived and is closed to further replies.

helpmeplease2

Keeping session usernames between pages

Recommended Posts

I have a script which logs a user in using their username and password. They are then going to be able to see pages that have data from their row in my database and then be able to change it. Example: They see their email address on the screen and they can change it and then click an update button.

Here is the code I currently am using:
[code]<?php
session_start();
header("Cache-Control: private");
require('config.php');
require('includes/dbconnect.php');
?>
<html>
<head>
<?php
require('includes/logincheck.php');
?>
</head>
<body>
<?php
if(isset($_SESSION['Username']) && isset($_SESSION['Password'])){
include('includes/topusercp.php'); //this file just has the navigation i want to display once the user is logged in
}else{
include('includes/topmain.php'); //this is the navigation before the user is logged in
}
?>
<?php


$p="includes/" . $_GET['p'] . ".php";

if($_GET['p']==''){

$p="includes/main.php"; /this is the page with the login fields
}

include($p);

?>

</body>
</html>[/code]

logincheck.php:

[code]<?php
if($_GET['logout']=='y'){
session_unset();
}

if(empty($_SESSION['Username'])){
if(($_POST['Username']!='') && ($_POST['Password']!='')){
$tmpusr=$_POST['Username'];
$results=mysql_query("select Username,Password,ban from $month where Username='$tmpusr'");
$row=mysql_fetch_assoc($results);
if (mysql_num_rows($results)==0) {
echo "Invalid Username!";
}elseif($row['Password']!=$_POST['Password']){
echo "Invalid Password!";
}else{
if($row['ban']>0){
echo "Your account has been suspended or banned!";
}else{
$Username=$_POST['Username'];
$Password=$_POST['Password'];
session_register("Username");
session_register("Password");
$Username=$_SESSION['Username'];
$Password=$_SESSION['Password'];

}
}
}
}else{
$Username=$_SESSION['Username'];
$Password=$_SESSION['Password'];
}
?>[/code]

The page the user sees:
[code]<?php
require('/home/public_html/admin/month.php');
$results=mysql_query("SELECT * FROM $month WHERE Username='$Username'");
while ($row=mysql_fetch_array($results)) {
    echo "<table cellspacing='0' cellpadding='1' border='0' align='center'>";
    echo "<tr><td width='150'><b>Email Address</b></td><td width='200'><input type='text' value='".$row['Email']."' size='40'></input></td></tr>";
    echo "<tr><td width='150'>&nbsp;</td><td align='center'><input type='submit' value='Update Contact Information'></td>";
    echo "</table>";
}
?>[/code]

The script works if I change:
$results=mysql_query("SELECT * FROM $month WHERE Username='$Username'");

From the last file to:
$results=mysql_query("SELECT * FROM $month WHERE Username='myusername'");

So the question I am asking is, how do I make it so it keeps the same user that logged in and only displays their username? I would also like to know how to make it so my submit button updates the database.

Thanks in advance.

Share this post


Link to post
Share on other sites
Unless you have register_globals switched on in your php.ini (which you shouldn't really), you'd need to use your session variable in your query:
[code]$results=mysql_query("SELECT * FROM $month WHERE Username='$_SESSION[Username]'");[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.