PHP MYSQL Login

[yddib]

Hi,

I am creating a type of social networking site for a project. The php login is working as in it can verify that there is a user with that name and their password is correct.

 

My question is, how do I get their individual profile page to come up after they log in?

 

Any help would be great!

Thanks

[Fadion]

The basic principle should be:

 

• Build a profile page that retrieves the username or user id by get variables. The page could be accessed as profile.php?user=yddib. Rewriting the url could result in more intuitive and better looking pages, like: profiles/yddib
  
• The profile page shows all the profile information of the requested user.
  
• After the login is successful, redirect the user to profile.php?user={username_here}
  
• User specific profile links (ie. edit profile) can be shown based on the created session/cookie
  

 

As for code, i'm sure you can figure this out by yourself. It is a basic system which uses get variables to know which user's profile to show. Even though, if you need code help, don't hesitate.

[yddib]

Thanks a million for your help. The concept you described is exactly what I was looking for. I am still learning php as I go along so I may have to ask you some more questions regarding the code. Could you give me a quick sample of code?

[JasonLewis]

Well you need to be able to grab the user's name from the address in PHP. You can do that with $_GET.

 

$username = $_GET['user'];

 

If you are using sessions, you should also make sure that the profile page they are viewing is there own if it contains sensitive data. You can do this with an if statement.

 

if($_SESSION['username_session'] == $username){
//The user is doing the right thing! Show their profile!
}else{
echo "Please do not try to view other people's details!";
}

 

Now that you have the users name and it's confirmed that it is actually them you should go ahead and query the database to get all their information.

 

So you set up a basic query:

$query = mysql_query("SELECT * FROM users WHERE username='$username'") or die("Error: ".mysql_error());

 

Now that doesn't get the data, it just returns to us a MySQL Resource ID. To actaully retrieve the information we can use mysql_fetch_array() or to be more specific, mysql_fetch_assoc().

 

$data = mysql_fetch_assoc($query); //This will make an associative array with the users data!

 

Now to access the data we can just do the following:

echo "Welcome back to your account " . $username . "!<br />Your email is " . $data['email'] . "!";

 

You just need to show the appropriate data and walla. You have a basic profile page.

 

Hope that cleared up a few problems for you.

 

Good luck.

[Fadion]

No problem. Take a look:

 

profile.php

<?php
if(isset($_GET['user'])){ //check if the get variable is set, ie: profiles.php?user=yddib
    $user = mysql_real_escape_string($_GET['user']); //retrieve the get variable and clean it for using in a query
    $results = mysql_query("SELECT name, email, age FROM users WHERE username='$user'"); //make the query to find all profile information for that user
    if(mysql_num_rows($results) == 1){ //check if the username exists in the database
         $values = mysql_fetch_array($results); //fetch the returned data from the query to an array
         echo 'Name: ' . $values['name'] . '<br />'; //display the profile information
         echo 'Email: ' . $values['email'] . '<br />';
         echo 'Age: ' . $values['age'] . '<br />';
    } else{
         echo 'The user you selected does not exist';
    }
} else{
    echo 'No users selected.';
}
?>

 

login.php

<?php
session_start(); //initialize the session
if(isset($_POST['username'])){ //check if the login form is submitted
    $username = mysql_real_escape_string($_POST['username']); //get the username and clean for using it in the query
    $password = sha1($_POST['password']); //get the password and hash it using sha1(). you may not have hashed the pass, but you should
    $results = mysql_query("SELECT id FROM users WHERE username='$username' AND password='$password'"); //make the query to check if the login is correct
    if(mysql_num_rows($results) == 1){ //if the query returned data, it means the login is correct
         $_SESSION['login'] = $username; //set the session variable to keep track of the login state in other pages
         header("Location: profiles.php?user=" . $username); //redirect the user to the profile page
    } else{
         echo 'The provided login information is incorrect';
    }
}
?>

 

That is the most basic code, but it should give you the idea. You can use the session variable to display user specific information. Just a note about header(), i used it to redirect the user to the page, but you may end up having problems with it. It must be used before any html or php echo is used, or you will have the "headers already sent" problem. Try echoing a meta refresh instead.

 

Hope this clears things out.

 

EDIT: ProjectFear got me on time, but i'm posting this anyway