Gazz1982 Posted June 5, 2008 Share Posted June 5, 2008 <?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="*****"; // Mysql password $db_name="register"; // Database name $tbl_name="login"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //print "Connected to MySQL<br>"; So I connect to my database if(!session_is_registered(myusername)) { echo "<div class='right'>Welcome Guest</div>"; echo"<br /><br />"; echo" <div class='right'> <div class='box'> <p class='title'>Login</p> <form class='small' name='login' method='post' action='checklogin.php?<?php echo SID?>'> <p class='small'> Email<input name='myusername' type'text' id='myusername' size='13'></p> <p class='small'> Password <input name='mypassword' type='text' id='mypassword' size='9'></p> <p class='small'><a href='register.php?<?php echo SID?>' > Register </a> <input type='submit' name='Submit' value='Login' /></p> </form> </div> </div>"; } The previous code needs to make 'mypassword' accessible as a global variable' Once logged in the global variable will be ultilised by the following code else if(session_is_registered(myusername)) { $sql = mysql_query("Select * from login where EMAIL=' global variable '"); while($row1 = mysql_fetch_array($sql)) { echo "<div class='right'>Welcome "; echo $row1['NAME_FIRST']; echo "<br /><a href='logout.php'>Logout</a></div>"; } } ?> How do I make this work? Thanks for your help Quote Link to comment Share on other sites More sharing options...
discomatt Posted June 5, 2008 Share Posted June 5, 2008 If it's not within a function or class, then it is already in the global scope. reference to it withing functions and classes by using $GLOBALS['varname'] This is not the best approach though... Quote Link to comment Share on other sites More sharing options...
Gazz1982 Posted June 5, 2008 Author Share Posted June 5, 2008 so how would I implement that in my code? Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 5, 2008 Share Posted June 5, 2008 What do you mean by "global variable"? @discomatt: Half the time, when people say "global variable", they have no idea what they actually should be saying. So he probably doesn't need global scope, he probably means sessions. Just speculating. Let's see. =P Quote Link to comment Share on other sites More sharing options...
Gazz1982 Posted June 5, 2008 Author Share Posted June 5, 2008 my global variable I mean a variable which is accessible within the session from any page, have i got that right? Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 5, 2008 Share Posted June 5, 2008 So page1 sets a var that page2 can use, right? Quote Link to comment Share on other sites More sharing options...
.josh Posted June 5, 2008 Share Posted June 5, 2008 umm it looks like you have a basic form with basic variable checking there's no functions or classes or anything in play here so you don't need to worry about variable scope. The problem is that you are getting information from your form via the POST method so you need to be accessing your info via the $_POST array not from a session. Your variable can be accessed from this: $_POST['mypassword'] just plug that into your conditions and you're good to go. I do suggest sanitizing it first though. Quote Link to comment Share on other sites More sharing options...
Gazz1982 Posted June 5, 2008 Author Share Posted June 5, 2008 yes and any other page which has session_start(); at the top of the page I've been shown that code before but where in my code would I insert it? I've put it in my query: $sql = mysql_query("Select * from login where EMAIL='$_POST['mypassword']'"); but it doesn't seem to work Quote Link to comment Share on other sites More sharing options...
.josh Posted June 5, 2008 Share Posted June 5, 2008 using the $_POST array only works for the targeted action='target.php' page if you wish to then carry it from target.php to some other place, you're going to have to turn it into a session variable. As far as your query "not working" you're going to have to be more specific. Right off the bat I see that you are not properly escaping quotes in your string it needs to look like this: $sql = mysql_query("Select * from login where EMAIL='{$_POST['mypassword']}'"); If that still doesn't work then check your form and make sure you spelled mypassword correctly. If you did, then separate your query string from your query execution, echo it, and also add some error reporting, like so: $sql = "Select * from login where EMAIL='{$_POST['mypassword']}'"; echo $sql; $res = mysql_query($sql) or die(mysql_error()); check your table name and column name make sure you're using the right ones. Enter in the echoed query string directly into sql through phpmyadmin to see if you get expected results. Quote Link to comment Share on other sites More sharing options...
Gazz1982 Posted June 5, 2008 Author Share Posted June 5, 2008 ok so its not returning a value in the sql so how do i implement a session variable? Quote Link to comment Share on other sites More sharing options...
.josh Posted June 5, 2008 Share Posted June 5, 2008 well back up there mister...as I said, the only reason you'd want to use a session variable is if you're going from form > formtarget > someotherpage how many actual script pages do you have? Because it SEEMS to me that you should either be having 1 or 2 here. Right? If so, forget about the sessions you don't need them. Repost your code the whole thing. Quote Link to comment Share on other sites More sharing options...
Gazz1982 Posted June 5, 2008 Author Share Posted June 5, 2008 website = http://www.noblesweb.co.uk/ <?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="*****"; // Mysql password $db_name="register"; // Database name $tbl_name="login"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //print "Connected to MySQL<br>"; if(!session_is_registered(myusername)) { echo "<div class='right'>Welcome Guest</div>"; echo"<br /><br />"; echo" <div class='right'> <div class='box'> <p class='title'>Login</p> <form class='small' name='login' method='post' action='checklogin.php?<?php echo SID?>'> <p class='small'> Email<input name='myusername' type'text' id='myusername' size='13'></p> <p class='small'> Password <input name='mypassword' type='text' id='mypassword' size='9'></p> <p class='small'><a href='register.php?<?php echo SID?>' > Register </a> <input type='submit' name='Submit' value='Login' /></p> </form> </div> </div>"; } else if(session_is_registered(myusername)) { $sql = "Select * from login where EMAIL='{$_POST['mypassword']}'"; echo $sql; $res = mysql_query($sql) or die(mysql_error()); echo "<div class='right'>Welcome "; echo $res['NAME_FIRST']; echo "<br /><a href='logout.php'>Logout</a></div>"; } } ?> To login the form is use then it goes to the checklogin.php file see below <?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="*****"; // Mysql password $db_name="register"; // Database name $tbl_name="login"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //print "Connected to MySQL<br>"; // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE EMAIL='$myusername' and PASSWORD='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ //Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { header("location:login_fail.php"); } ?> this then goes to here <? session_start(); if(!session_is_registered(myusername)){ header("location:login_fail.php"); }else{ header("location:index.php"); } ?> then returns to the main page where it finds you are registered - this is where I am trying to connect to the database to get the users 1st name from the NAME_FIRST column after the else if {} part Quote Link to comment Share on other sites More sharing options...
trq Posted June 5, 2008 Share Posted June 5, 2008 You really need a better understanding of what sessions are and how exactly they work. For starters, the session_register function has long been depricated and should no longer be used but this isbeside the point really. If you already have the users username in a session, why are you running another query against the database to get it again? Im not going to fix your code, but post a clean example. index.php <?php session_start(); if (isset($_SESSION['username'])) { // if the user is logged in, display there name stored within the session. // no need to query the database for it. echo "Hello {$_SESSION['username']}"; } else { echo "<form action='login.php' method='post'>"; echo " <input type='text' name='username'>"; echo " <input type='submit' name='submit'>"; echo "</form>"; } ?> login.php <?php session_start(); if (isset($_POST['submit'])) { // here you would normally check against a db record. // however this is just a simple sessions demo. $_SESSION['username'] = $_POST['username']; header("Location: index.php"); } ?> Quote Link to comment Share on other sites More sharing options...
Gazz1982 Posted June 5, 2008 Author Share Posted June 5, 2008 thanks for the code clean up - much easier to understand now I'm running another query as the username is an email address and password is a password, I want to have a welcome message which returns the users 1st name which is in the database so I am trying to select it by using the email as the where function in the sql Quote Link to comment Share on other sites More sharing options...
Gazz1982 Posted June 5, 2008 Author Share Posted June 5, 2008 ok one step away! This code displays the users email address when logged in how can i implement a sql query so it asks: Select * from logon where NAME_FIRST = 'the value in myusername'; if (isset($_SESSION['myusername'])) { // if the user is logged in, display there name stored within the session. // no need to query the database for it. echo "Hello {$_SESSION['myusername']}"; echo "<br /><a href='logout.php'>Logout</a></div>"; } else{ echo "<div class='right'>Welcome Guest</div>"; echo "<div class='right'>"; echo "<div class='box'>"; echo "<p class='title'>Login</p>"; echo "<form class='small' name='login' method='post' action='checklogin.php?<?php echo SID?>'>"; echo "<p class='small'> Email<input name='myusername' type'text' id='myusername' size='13'></p>"; echo "<p class='small'> Password <input name='mypassword' type='text' id='mypassword' size='9'></p>"; echo "<p class='small'><a href='register.php?<?php echo SID?>' > Register </a>"; echo "<input type='submit' name='Submit' value='Login' /></p>"; echo "</form>"; echo "</div>"; echo "</div>"; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.