error of coding

[optiplex]

header("location:index.php?username=$username");

 

why index.php cannot refer to username? tq

[akitchin]

you tell us... what are you seeing in your browser's location bar when you are redirected? how are you trying to access username on index.php? we need more than two lines to diagnose your problem.

[optiplex]

basically the problem is the username and password session variables don't get passed to next url..

 

the coding to check is

<?php

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username xx
$password="root"; // Mysql password 
$db_name="algebraf_account"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $t_nick and $t_password 
$t_nick=$_POST['t_nick']; 
$t_password=$_POST['t_password'];

// To protect MySQL injection (more detail about MySQL injection)
$t_nick = stripslashes($t_nick);
$t_password = stripslashes($t_password);
$t_nick = mysql_real_escape_string($t_nick);
$t_password = mysql_real_escape_string($t_password);

$sql="SELECT * FROM $tbl_name WHERE t_nick='$t_nick' and t_password='$t_password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $t_nick and $t_password, table row must be 1 row

if($count==1){
// Register $t_nick, $t_password and redirect to file "list_details.php"
//session_register("t_nick");
//session_register("t_password"); 
//echo $t_nick;
//exit;
$_SESSION["t_nick"] = $t_nick;
$_SESSION["t_password"] = $t_password;
header("location:index.php?t_nick=$t_nick"); //HERE IM TRYING TO PASS THE USERNAME
}
else {
echo "Wrong Username or Password.. please <a href=login.php>re-login";
}

ob_end_flush();
?>

 

tq

[akitchin]

first, i see no mention of $_GET['username'], so i'm not sure how this section is related to your initial question.

 

otherwise, the reason SESSION variables are not being passed is (i suspect) you are missing session_start(); at the very top of the script. that needs to be on EVERY page in order to pass session variables along.

[optiplex]

ok.. ive put $_GET

<?php

$t_nick=$_GET['t_nick'];

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username xx
$password="root"; // Mysql password 
$db_name="algebraf_account"; // Database name 
$tbl_name="members"; // Table name

 

and ive put

session_start();
$_SESSION["t_nick"] = $t_nick;
//echo "namo den $t_nick";
//exit;
if(!session_is_registered(t_nick)){
header("location:login.php");
}

 

at the top of every script. tq

[akitchin]

you only need session_start(), you don't need:

 

$_SESSION["t_nick"] = $t_nick;

 

in fact, you don't WANT that on every page, since that will just overwrite the variable everytime.

[optiplex]

tq.. but still not working...  :'(

[akitchin]

okay, let's see the coding for checking the username, and then the code for index.php.

[optiplex]

dear akitchin..

 

checking the username and password (checklogin.php)

<?php
$t_nick=$_GET['t_nick'];

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username xx
$password="root"; // Mysql password 
$db_name="algebraf_account"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


// Define $t_nick and $t_password 
$t_nick=$_POST['t_nick']; 
$t_password=$_POST['t_password'];

// To protect MySQL injection (more detail about MySQL injection)
$t_nick = stripslashes($t_nick);
$t_password = stripslashes($t_password);
$t_nick = mysql_real_escape_string($t_nick);
$t_password = mysql_real_escape_string($t_password);

$sql="SELECT * FROM $tbl_name WHERE t_nick='$t_nick' and t_password='$t_password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $t_nick and $t_password, table row must be 1 row

if($count==1){
// Register $t_nick, $t_password and redirect to file "list_details.php"
//session_register("t_nick");
//session_register("t_password"); 
//echo $t_nick;
//exit;
$_SESSION["t_nick"] = $t_nick;
$_SESSION["t_password"] = $t_password;
header("location:index.php");
}
else {
echo "Wrong Username or Password.. please <a href=login.php>re-login";
}

ob_end_flush();
?>

 

index.php

<?php
session_start();
if(!session_is_registered(t_nick)){
header("location:login.php");
}

include "config.inc";
include "connect.inc";

$t_nick=$_GET['t_nick']; 


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>AlgebraForex</title>
<link href="../style.css" rel="stylesheet" type="text/css" />
</head>
<?

if ($t_nick) {
          		$sql = "select *  from
                     trader_details where t_nick='$t_nick' ";

                   $res = mysql_query($sql);
               echo mysql_error();
             
  	           		$row 			= mysql_fetch_row($res);
				$id				= $row[0];
				$t_nick			= $row[1];
				$t_password		= $row[2];
				$t_name			= $row[3];
				$t_telefon		= $row[4]; 
				$t_email		= $row[5];
				$t_alamat		= $row[6];
				$t_ic  			= $row[7];
             	$intro 			= $row[8];
             	$no_akaun		= $row[9];
				$bank			= $row[10];
             	$w_nama  		= $row[11];
             	$w_telefon 		= $row[12];
				$w_alamat		= $row[13];
				$w_ic			= $row[14];
				$p_status		= $row[15];
				$acc_no			= $row[16];
				$acc_status		= $row[17];
				$reg_date		= $row[18];
				$trade_cat		= $row[19];

			}

			//echo $sql;
			//exit;
	?>
  
<body>
<table width="90%" border="0" align="center">
  <tr>
    <td><h1>algebraforex.com</h1></td>
  </tr>
  <tr>
    <td> </td>
  </tr>
  <tr>
    <td><div align="center">| My Profile |
      <? 

$semakdeposit = mysql_query ("SELECT * from deposit where t_nick ='$t_nick'");
if (mysql_num_rows($semakdeposit) == 0) 
{

echo "<a href=deposit.php?t_nick=$row[1]>Deposit</a> |"; 

}
else
{
echo "Add Account |"; 
}

      echo " <a href=withdraw.php?t_nick=$row[1]>Withdrawal</a>
|  Msg To Admin | <a href=aff_report.php?t_nick=$row[1]>Affiliate Report</a>";?>
      | </div></td>
  </tr>
  <tr>
    <td> </td>
  </tr>
  <tr>
    <td><div align="center"></div></td>
  </tr>
  <tr>
    <td><table width="80%" border="0" align="center">
      <tr>
        <td colspan="2" bgcolor="#E4E4E4"><h2>Maklumat : <strong><?php echo htmlentities ($t_nick);?></strong></h2></td>
      </tr>
      <tr>
        <td colspan="2"> </td>
      </tr>
      <tr>
        <td width="26%"><div align="right">Status Akaun : </div></td>
        <td width="74%"><strong><?php echo htmlentities ($acc_status);?>
          <input name="id" type="hidden" value="<?php echo $id ?>" />
        </strong></td>
      </tr>
      <tr>
        <td><div align="right"></div></td>
        <td> </td>
      </tr>
      <tr>
        <td><div align="right"></div></td>
        <td><strong><?php echo htmlentities ($t_name);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td><strong><?php echo htmlentities ($t_alamat);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td><strong><?php echo htmlentities ($t_email);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td><strong><?php echo htmlentities ($t_telefon);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td> </td>
      </tr>
      <tr>
        <td colspan="2" bgcolor="#E4E4E4"><h2>Maklumat Akaun </h2></td>
        </tr>
      <tr>
        <td><div align="right">Kategori Akaun : </div></td>
        <td><strong><?php echo htmlentities ($trade_cat);?></strong></td>
      </tr>
  <tr>
    <td><div align=right>Baki : </div></td>
    <td>
	<?
	if ($t_nick) {
          		
			 //nengok berpa dia dah keluarkan

				$sql2 = "select t_nick ='$t_nick', sum(wd_amount) as TWdraw
						from withdraw WHERE t_nick ='$t_nick'";

			   $res = mysql_query($sql2);
			   echo mysql_error();
         		$row = mysql_fetch_assoc($res);
				$totalWithdraw = $row['TWdraw'];



				//kira profit bonus sendirik
				$sql3 = "select t_nick ='$t_nick', sum(total_bonus) as TBonus2
						from profit_bonus WHERE t_nick ='$t_nick'";


                   $res = mysql_query($sql3);
               echo mysql_error();
			   $row = mysql_fetch_assoc($res);
				$totalTBonus2 = $row['TBonus2'];

				//kira deposit saya
				$sql4i = "select t_nick ='$t_nick', sum(dep_amount) as TBonus1i
						from deposit WHERE t_nick ='$t_nick'";

                   $res = mysql_query($sql4i);
               echo mysql_error();
			    $row = mysql_fetch_assoc($res);
				$totalTBonus1i = $row['TBonus1i'];

  	          //kira profit bonus yg kita introduce
				$sql3i = "select t_nick ='$t_nick', sum(total_bonus) as TBonus3
						from profit_bonus WHERE intro ='$t_nick'";


                   $res = mysql_query($sql3i);
               echo mysql_error();
			   $row = mysql_fetch_assoc($res);
				$totalTBonus3 = $row['TBonus3'] * (5/100);

			//kira deposit org
				$sql4 = "select t_nick ='$t_nick', sum(dep_amount) as TBonus1
						from deposit WHERE intro ='$t_nick'";

                   $res = mysql_query($sql4);
               echo mysql_error();
			   $row = mysql_fetch_assoc($res);

			//kira 5% dari deposit utk introducer
			$totalprofit1 = $row['TBonus1'] * (5/100);

			}


					//echo "owner acc $t_nick<br>";

		 $baki = ($totalTBonus2 + $totalTBonus1i + $totalTBonus3 + $totalprofit1) - $totalWithdraw;
		 echo "<b>RM $baki</b>"; 
	?>		</td>
    </tr>
  <tr>
    <td><div align=right>Introducer : </div></td>
    <td><strong><?php echo htmlentities ($intro) ;?></strong></td>
    </tr> 
      
  <?php
  		if ($trade_cat != 'affliate')
		{
  echo "
  
  <tr>
        <td><div align=right>No Account : </div></td>
        <td><strong>$acc_no</strong></td>
      </tr>
  
	";
	}

	?>
    </table></td>
  </tr>
</table>
</body>
</html>

 

tq..

[optiplex]

:'(

[Danny620]

if its a log-in script that stores the username and password in a session then you would just create a 2 text fields with the names as 'user' & 'pass' and submint buttion and basically just create a script that checks the user & pass have been $_post then validate them and check them against the db to see if they match. then if they do just store the 'user' & 'pass' in session.

[akitchin]

alright, there are still some problems with your code:

 

1. you need session_start() at the top of EVERY PAGE. that INCLUDES checklogin.php and login.php.

 

2. if you're submitting the form and getting t_nick via $_POST, you don't need it via $_GET. remove that line from the top of checklogin.php.

 

3. session_is_registered() is deprecated, and you're not even passing it a string. you're trying to pass it a constant that doesn't exist. in index.php you can simply use:

 

if (!isset($_SESSION['t_nick']))

 

4. in index.php, 't_nick' will be in the $_SESSION variable, not $_GET. use:

 

$t_nick = $_SESSION['t_nick'];

 

i'll be honest and say i think you're out of your element here - you may want to follow along some basic tutorials regarding variable types, assignment, and handling.