[SOLVED] MySQL fields into Variables / Login Utilization

[sirrkitt]

Well, I've been trying to figure out how to do this, all to no solution. I've googled and googled, and stumbled upon this site; so...

 

My problem(s) so far, I've mostly managed to solve on my own, but a few stuff I've had no luck with. I'm still very new to MySQL, and even newer to PHP (not so much programming itself, though, and I've used MySQL a little bit prior to PHP.) Anyways, I'm running MySQL5 and PHP5, if that will bring any help. Now, my questions are mostly concerning the utilization of this cheap-o login system that I half comprehend (copy and pasted mostly online) and also getting MySQL fields to be placed into a PHP variable for uses. I'm trying to pretty much construct a news site, and I am trying to do permissions for posting, editing, etc., and I have a MySQL field for holding the user's permissions. As of now, I'm at a stand-still, trying to figure out how to send the field (only the specific field) from MySQL to PHP of a specific user (identified by $myusername) into the variable $rights. I've got the idea that I put that into a session variable specific to the user logged in (I think...) but I can't figure out how to get the MySQL field, let alone deal with session variables. So far, I've managed to figure that I need to query MySQL with: SELECT * FROM 'members' WHERE `username` LIKE john, but I'm not sure really what to do to get it to work all the way. I can post files as well, if anyone wants to take the time and help, as any is appreciated greatly. I'll gladly post more detail as well if one would like.

[Ken2k7]

Post the code you have now.

[sirrkitt]

Alright. Glad you replied so quickly. Sorry if my code's messy, I'm new, and I use VIM to edit through SSH. >__>

 

//Checklogin.php
<?php
ob_start();
include("mysql.php");
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encrypted_mypassword=md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

<?php
// Login_success.php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
// $query = "SELECT * FROM 'members' WHERE `username` LIKE john";
echo "Hello, " . $myusername . ", you are granted: " . $rights . " privileges!";

?>

<html>
<body>
Login Successful
</body>
</html>

Sorry if that ones sloppy, I was trying to experiment around, trying to get variables assigned on login, like Name, Posts, Rights, etc..

 

AND, is this logout code riiight? Sorry for any burden.

<?php
session_start();
session_destroy();
?>

Sorry, I'm a copy-and-paste kinda guy. I usually tweak stuff until it works.

[Ken2k7]

First and foremost VIM + SSH rocks! I do that all the time as a matter of fact. The only other editor I have on my Ubuntu is the Text Editor or gedit.

 

Checklogin.php

//Checklogin.php

That should be after a PHP tag. Also, add session_start at the top of the page.

 

What's the point of ob_start and ob_flush?

 

session_register("myusername");
session_register("mypassword");

session_register is deprecated. Use $_SESSION['myusername'] = $myusername instead. Similar for password, but I don't recommend storing passwords, even in sessions.

 

Login_success.php

if(!session_is_registered(myusername)){

Instead, use:

if (!isset($_SESSION['myusername'])) {

 

echo "Hello, " . $myusername . ", you are granted: " . $rights . " privileges!";

Both variables $myusername and $rights are not defined in that PHP script. It's not transfered over from Checklogin.php because that file is not included. Use $_SESSION['myusername'] instead. And if you want $rights, store that in a session or something, but I don't see $rights defined or used anywhere.

[sirrkitt]

Sweeeeeet! Haha. Well, now, I can login (although, I could before), though, I think I get what session variables do (mostly). Thanks a bunch for the help. Now, another thing, $rights is what I was wanting to get from my MySQL database.

I have in the database, a field for rights, which is just a text string I would dump into a variable (I'd dump that into something like $_SESSION['rights'], riiiight?) and check that against an if statement to determine what the user could do. The only problem for me is I'm not positive on how to obtain an object from my database. The tutorial, guessing by the deprecated commands, is probably outdated, and did a poor job at explaining how to get the information from MySQL. I guess I kind of understand (slightly) dumping MySQL information (using SELECT and WHERE, I think?) into an array, but I don't know how to take data from MySQL into just one variable.

Blah, sorry if I sound stupid or anything. And, again, thanks for the help so far. Tell me if you don't understand what I'm saying and I could try to rephrase my question.

:DD

[Ken2k7]

What table did you get your rights from? What did you do with the SELECT for username above?

 

It should be like this -

<?php
// added LIMIT 1 because it shouldn't need to get more than that.
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword' LIMIT 1";
$result=mysql_query($sql) or trigger_error('SQL error: ' . mysql_error(), E_USER_ERROR);
if ($row = mysql_fetch_assoc($result)) {
     // not that I'll use this or anything, but it's just to show you how to pull data from a SQL
     $row_username = $row['username']; // I assume the table column is username

     $_SESSION['username'] = $myusername;
     // possibly store a session ID as well, but you can worry about that afterwards.
}

 

I assume your right field is NOT in the same table as the one above. It should have its own table, but anyways, you understand how to pull data from a SQL query now right? Just do something similar like that for rights. If rights is in the same table as above, just do $_SESSION['right'] = $row['right'] or whatever the column name is called.

 

Hope that helps. I'm off to bed now. Best of luck!

[sirrkitt]

Yeaaah. I think I understand getting the SQL variables.

My only problem now is that I can't get PHP to use anything else besides the password, username, and the encrypted username. It might be because I'm setting up the sessions wrong, or maybe because I'm not sure what variable comes from the SQL database, and which one I am saving into PHP.

$row['username'] is from MySQL? (Sorry if I sound stupid, this is all REALLY foreign to me. I'm only learning Pascal at school for my programming...)

Sorry for sounding so blatantly noob.

 

$sql="SELECT * FROM $tbl_name WHERE userna
ted_mypassword' LIMIT 1";
$result=mysql_query($sql) or trigger_error
_ERROR);
if ($row = mysql_fetch_assoc($result)) {
        $row_rights = $row['rights'];
        $_SESSION['rights'] = $rights;
        $row_full_name = $row['full_name']
        $_SESSION['username2'] = $username
}
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypa

if($count==1){
// Register $myusername, $mypassword and r
$_SESSION['myusername'] = $myusername;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";

Thats my Checklogin.php, with all the changes you gave me, I believe...

 

<?
session_start();
if(!isset($_SESSION['myusername'])){
header("location:main_login.php");
}
// $query = "SELECT * FROM 'members' WHERE `username` LIKE john";
echo "Hello, " . $myusername . ", you are granted: " . $rights . " privileges!";
echo $_SESSION['myusername'] . "  " . $_SESSION['full_name'] . "  ";
echo $_SESSION['rights'] . "<br / >";
?>

<html>
<body>
Login Successful
</body>
</html>

Here's the login_successful. I edited it accordingly, as well.

 

My problem now, is that the echos aren't giving me anything. The echo $_SESSION['rights'] gives me no output at all, (it WAS giving me 0 for a while, which makes no sense, since in my database it's a text, and should've said Admin) and full_name gives me username...

A pic of the database is attatched in case you might want to give it a look.

 

The site is 1337haxorz.com in case you do want to check it out. But you have to nav to /include/login/main_login.php or checklogin.php or logout.php or login_success.php for the login stuff atm.

<__<

Again, sorry for any inconvenience, though, this is pretty meaningful to me, since I enjoy trying to learn.

 

[attachment deleted by admin]

[Ken2k7]

Your Checklogin.php appears to be cut-off.

 

$_SESSION['rights'] = $rights;

That should be $row_rights, not $rights. Pay attention to variable names.

 

if($count==1){
// Register $myusername, $mypassword and r
$_SESSION['myusername'] = $myusername;
header("location:login_success.php");
}

Put everything in that IF statement inside the while loop as well. Then you can take out the if statement and the mysql_num_rows lines because you won't need them.

 

 

[sirrkitt]

Yeah, I discovered most of that this morning.

One of my friends at school (who is pretty good with PHP) looked over my script and pointed out why I wasn't retrieving the variables right.

Thanks mucho for the help, too.

And, again, thanks! Haha.

I'm so glad that I was able to get this resolved.

Now it all works!

:DD