Jump to content

Keeping session usernames between pages


helpmeplease2

Recommended Posts

I have a script which logs a user in using their username and password. They are then going to be able to see pages that have data from their row in my database and then be able to change it. Example: They see their email address on the screen and they can change it and then click an update button.

Here is the code I currently am using:
[code]<?php
session_start();
header("Cache-Control: private");
require('config.php');
require('includes/dbconnect.php');
?>
<html>
<head>
<?php
require('includes/logincheck.php');
?>
</head>
<body>
<?php
if(isset($_SESSION['Username']) && isset($_SESSION['Password'])){
include('includes/topusercp.php'); //this file just has the navigation i want to display once the user is logged in
}else{
include('includes/topmain.php'); //this is the navigation before the user is logged in
}
?>
<?php


$p="includes/" . $_GET['p'] . ".php";

if($_GET['p']==''){

$p="includes/main.php"; /this is the page with the login fields
}

include($p);

?>

</body>
</html>[/code]

logincheck.php:

[code]<?php
if($_GET['logout']=='y'){
session_unset();
}

if(empty($_SESSION['Username'])){
if(($_POST['Username']!='') && ($_POST['Password']!='')){
$tmpusr=$_POST['Username'];
$results=mysql_query("select Username,Password,ban from $month where Username='$tmpusr'");
$row=mysql_fetch_assoc($results);
if (mysql_num_rows($results)==0) {
echo "Invalid Username!";
}elseif($row['Password']!=$_POST['Password']){
echo "Invalid Password!";
}else{
if($row['ban']>0){
echo "Your account has been suspended or banned!";
}else{
$Username=$_POST['Username'];
$Password=$_POST['Password'];
session_register("Username");
session_register("Password");
$Username=$_SESSION['Username'];
$Password=$_SESSION['Password'];

}
}
}
}else{
$Username=$_SESSION['Username'];
$Password=$_SESSION['Password'];
}
?>[/code]

The page the user sees:
[code]<?php
require('/home/public_html/admin/month.php');
$results=mysql_query("SELECT * FROM $month WHERE Username='$Username'");
while ($row=mysql_fetch_array($results)) {
    echo "<table cellspacing='0' cellpadding='1' border='0' align='center'>";
    echo "<tr><td width='150'><b>Email Address</b></td><td width='200'><input type='text' value='".$row['Email']."' size='40'></input></td></tr>";
    echo "<tr><td width='150'>&nbsp;</td><td align='center'><input type='submit' value='Update Contact Information'></td>";
    echo "</table>";
}
?>[/code]

The script works if I change:
$results=mysql_query("SELECT * FROM $month WHERE Username='$Username'");

From the last file to:
$results=mysql_query("SELECT * FROM $month WHERE Username='myusername'");

So the question I am asking is, how do I make it so it keeps the same user that logged in and only displays their username? I would also like to know how to make it so my submit button updates the database.

Thanks in advance.
Link to comment
Share on other sites

Unless you have register_globals switched on in your php.ini (which you shouldn't really), you'd need to use your session variable in your query:
[code]$results=mysql_query("SELECT * FROM $month WHERE Username='$_SESSION[Username]'");[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.