CoffeeOD Posted July 17, 2008 Share Posted July 17, 2008 Hi, first I would like thank you all for helping alot people, I just started focus on learning MYSLQ and php, have been making websites for a while now but never really got into this area. I have following script for login: Login <?php // we must never forget to start the session session_start(); $errorMessage = ''; if (isset($_POST['username']) && isset($_POST['password'])) { include 'db/config.php'; include 'db/opendb.php'; $userId = $_POST['username']; $password = $_POST['password']; // check if the user id and password combination exist in database $sql = "SELECT username FROM user WHERE username = '$username' AND password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['basic_is_logged_in'] = true; // after login we move to the main page header('Location: profile.php'); exit; } else { $errorMessage = 'Wrong ID / Password.'; } include 'db/closedb.php'; } ?> <!DOCTYPE html PUBLIC "-/W3C/DTD HTML 4.0 Transitional/EN" "http:/www.w3.org/TR/html40/loose.dtd"> <html> <head> <STYLE LINK> </head> <title>Sortajan paluu</title> <body> <?php if ($errorMessage != '') { ?> <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> <?php } ?> <form method="post" name="frmLogin" id="frmLogin" > <input class="select" name="username" type="text" value="Käyttäjätunnus" id="username"> <br><br> <input class="select" name="password" type="text" value="salasana" id="password"> <br><br><input class="submit" type="submit" name="btnLogin" value="Kirjaudu sisään"> <br><br><br> <small><b><a href="register.php">Rekisteröidy</a></small></b></font> <br><br><br><br> <b><small>© mmfin.net (basic mmfin.net copyright information)</small></b> </body> </html> and profile page I tried to use has been taken from this topic: this topic which code is ?php $username = $_GET[username]; //you can protect it later $sql = "SELECT * FROM `users` WHERE `username`= '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ echo "<b>This user does not exist!</b>\n"; }else { $row = mysql_fetch_assoc($res); echo "<table border=0 cellspacing=3 cellpadding=3 width=600>\n"; echo "<tr><td align=center>Welcome to <b>$username's</b> profile</td></tr>\n"; echo "<tr><td valign=top>$row[description</td></tr>\n"; echo "<tr><td valign=top>$username's Stats:<br>Age: $row[age]<br>E-Mail: <a href=\"mailto:$row[email]\">$row[email]</a></td></tr>\n"; echo "</table>\n"; } ?> Register adds user with id, username, password, exp, taso, kulta, str, def (exp, taso, kulta, str, def arent importan at this point), id is insert into database as auto_increment, so that part works. I tried to use action="profile.php" in login form too but no success, so, how can I manage to pass information trough this login form, so profile page would work? Try and see: http://www.mmfin.net/sp/user (user: test, pass: test) So, I guess whole login isnt working like it should, Like I said, im new and not sure where it goes wrong, thanks for taking time (even just to look). I would like to learn this from these tutorials I used, to learn where I made mistake and how start fixing it, this why I didnt choose to download complete script for ready to use, might sound stupid but this way I learned websites back then. Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/ Share on other sites More sharing options...
unkwntech Posted July 17, 2008 Share Posted July 17, 2008 ?php $username = $_GET[username]; //I think your problem is here $_GET should be $_POST if your using method='post' on your form. //you can protect it later $sql = "SELECT * FROM `users` WHERE `username`= '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ echo "<b>This user does not exist!</b>\n"; }else { Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592836 Share on other sites More sharing options...
CoffeeOD Posted July 17, 2008 Author Share Posted July 17, 2008 Thanks for answering, I tried to change that to my form, without success, same error still. I tried even changing get to login form, but it didnt work either. I have looked alot tutorials about sessions but I still remain with this problem. I manage to protect my site using login and this, but I just seem not to get this profile-thing right at all. Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592843 Share on other sites More sharing options...
trq Posted July 17, 2008 Share Posted July 17, 2008 Your login form posts to itself, once the user is authenticated you declare a variable within the session array and redirect them to there profile. From there why do you need to query the database again? You don't. Change your profile.php to.... <?php session_start(); if (isset($_SESSION['basic_is_logged_in'])) { echo "You are logged in"; } else { echo "You are not logged in"; } ?> Now, if that is working, the trick is to store more relevenmt data within the $_SESSION array when a user logs in. At very least you'll want to store the users ID. OH, and ps: Do not use mysql's PASSWORD function to store passwords, it is not meant to be used within client code. You an md5 hash instead if you like. Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592848 Share on other sites More sharing options...
unkwntech Posted July 17, 2008 Share Posted July 17, 2008 If after following thorpe's suggestions it still does not work after you set $request try echoing mysql_num_rows to ensure that you are returning 1 row. And to add to thorpe's ps i prefer to use somthing like this: $password = crypt($password, substr($username, 0, 2)); This will use the first 2 characters as the salt for the password encryption. Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592856 Share on other sites More sharing options...
CoffeeOD Posted July 17, 2008 Author Share Posted July 17, 2008 Thanks you two, well if you goto http://www.mmfin.net/sp/user/ and use same test/test you see where my problem is, when I echo my database is echoes all registered users there, I just put id, username and gold as example, other data is just basic testing without purpose at this point. Like I said, this is my very first try to create something with php & myslq from "nothing", so this will be hard for me but at the same time more valuable. If register page has problems, this is the script from tutorial which I use <?php // set your infomation. $dbhost='localhost'; $dbusername='"I'; $dbuserpass='am'; $dbname='noob'; // connect to the mysql database server. mysql_connect ($dbhost, $dbusername, $dbuserpass); mysql_select_db($dbname) or die("Cannot select database"); //Are they just getting here or submitting their info? if (isset($_POST["username"])) { $username = $_POST["username"]; $password = $_POST["password"]; $cpassword = $_POST["cpassword"]; $email = $_POST["email"]; //Was a field left blank? if($username==NULL|$password==NULL|$cpassword==NULL|$email==NULL) { echo "Täytä kaikki kentät!."; }else{ //Do the passwords match? if($password!=$cpassword) { echo "Salasanan tarkistus ei onnistunut, yritä uudestaan."; }else{ //Has the username or email been used? $checkuser = mysql_query("SELECT username FROM user WHERE username='$username'"); $username_exist = mysql_num_rows($checkuser); $checkemail = mysql_query("SELECT email FROM user WHERE email='$email'"); $email_exist = mysql_num_rows($checkemail); if ($email_exist>0|$username_exist>0) { echo "Sähköposti tai käyttäjätunnus on jo käytössä, yritä uudestaan."; }else{ //Everything seems good, lets insert. $query = "INSERT INTO user (id, username, password, email, user_type, taso, exp, str, def, kulta) VALUES('$id','$username',PASSWORD('$password'),'$email','user','1','0','5','5','100')"; mysql_query($query) or die(mysql_error()); echo "created user with username of $username, <a href=\"index.php\">please login</a>"; } } } } ?> <form action="register.php" method="POST"> basic form Well, I have tried to look different tutorials without success, but am I looking right ones for this? Example: http://www.tutorialized.com/tutorials/PHP/User-Authentication/1 and from there http://www.tutorialized.com/view/tutorial/Session-User-System/33159, my useally googlin has been with "php mysql user sessions id login" Thanks for trying help again, these are just over my head currently even after reading bunch of tutorials but Im hoping to learn this eventually. Any basic tutorials relating to this would be helpful too, if it happens I have missed some very basic tutorials with wrong googling. and EDIT: little off-topic guesiton for future. is it possible to make simple script using random number script (php) and do if/else with myslq? example if random generated number is 3 add into logged user 100 gold (in gold row at database) and else number is something else than 3 minus 50 gold from logged in user, hope it wasnt too confusing. At the end, im trying to make online game with really simple effect, example attack on id and so on. currently Im just learning this, so theres long long long road to archieve this, but thats life. Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592896 Share on other sites More sharing options...
trq Posted July 17, 2008 Share Posted July 17, 2008 Post your code for main.php Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592898 Share on other sites More sharing options...
unkwntech Posted July 17, 2008 Share Posted July 17, 2008 This one here is fairly decent. http://www.php-mysql-tutorial.com/user-authentication/basic-authentication.php Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592899 Share on other sites More sharing options...
CoffeeOD Posted July 17, 2008 Author Share Posted July 17, 2008 This one here is fairly decent. http://www.php-mysql-tutorial.com/user-authentication/basic-authentication.php Guess what I used That exactly, Im having troubles making it into this kinda script but it was big help for me to start learning this. Main.php <?php // like i said, we must never forget to start the session session_start(); // is the one accessing this page logged in or not? if (!isset($_SESSION['basic_is_logged_in']) || $_SESSION['basic_is_logged_in'] !== true) { // not logged in, move to login page header('Location: index.php'); exit; } ?> <html page start, nothing special> <?php include 'db/config.php'; include 'db/opendb.php'; $query = "SELECT id, username, kulta FROM user"; $result = mysql_query($query); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "<b>ID</b>: {$row['id']} <br>" . "<b>Username</b>: {$row['username']} <br>" . "<b>Random data:</b> {$row['kulta']} <br><br>"; } include 'db/closedb.php'; ?> <small><b><a href="ulos.php">log out</a></small></b> Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592901 Share on other sites More sharing options...
trq Posted July 17, 2008 Share Posted July 17, 2008 See in my original reply where I wrote.... the trick is to store more relevenmt data within the $_SESSION array when a user logs in. At very least you'll want to store the users ID. do it. In your login.php you'll also want to select the users id in your query. Once you have that information place it in the $_SESSION array like so (just an example).... $_SESSION['basic_is_logged_in'] = true; $_SESSION['id'] = $row['id']; Then, in main.php <?php include 'db/config.php'; include 'db/opendb.php'; $query = "SELECT id, username, kulta FROM user WHERE id = '{$_SESSION['id']}' LIMIT 1'"; // select the logged in user if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); echo "<b>ID</b>: {$row['id']} <br>" . "<b>Username</b>: {$row['username']} <br>" . "<b>Random data:</b> {$row['kulta']} <br><br>"; } } include 'db/closedb.php'; ?> Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592916 Share on other sites More sharing options...
CoffeeOD Posted July 18, 2008 Author Share Posted July 18, 2008 Thanks for this reply again, I having still trouble to get id past login page and blank page iwth current main.php. example profile.php (same as main.php) now: <?php // like i said, we must never forget to start the session session_start(); $_SESSION['basic_is_logged_in'] = true; $_SESSION['id'] = $row['id']; ?> <normal html start> <?php include 'db/config.php'; include 'db/opendb.php'; $query = "SELECT id, username, kulta FROM user WHERE id = '{$_SESSION['id']}' LIMIT 1'"; // select the logged in user if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); echo "<b>ID</b>: {$row['id']} <br>" . "<b>Username</b>: {$row['username']} <br>" . "<b>Random data:</b> {$row['kulta']} <br><br>"; } } include 'db/closedb.php'; ?> and login.php I tried to edit like: <?php // we must never forget to start the session session_start(); $errorMessage = ''; if (isset($_POST['username']) && isset($_POST['password'])) { include 'db/config.php'; include 'db/opendb.php'; $username = $_POST['username']; $password = $_POST['password']; // check if the user id and password combination exist in database $sql = "SELECT username FROM user WHERE username = '$username' AND password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['basic_is_logged_in'] = true; $_SESSION['id'] = $row['id']; // after login we move to the main page header('Location: main.php'); exit; } else { $errorMessage = 'wrong password/id.'; } include 'db/closedb.php'; } ?> Im quite certain I got your advices all wrong, I will try and learn how to define id when login from form tommorrow morning, I know its simple once you get it, I just have trouble getting it in my mind Now, I must goto bed but I will check this in morning again (4 hours till work now). PS: I hope it doenst matter that ID has been set to INT-type in database? Others are varchar but ID is INT(11), dont know why I did it, wanted to try something when this script wasnt working. Quote Link to comment https://forums.phpfreaks.com/topic/115313-how-to-pass-user-data-from-login-form-profile-page/#findComment-592950 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.