Secondary Log In Possibly?

[PrinceOfDragons]

Hey thanks for the link redarrow, it was a good read.

[redarrow]

becoming fun full mysql then, read it again slowly, ur get it promise

 

just that one artcle will cost hundreds at a privet collage.

 

mysql so powerful unreal.....

 

it a profession on it own(( not many no that))

[twilitegxa]

What do you mean, red? I have different tables because there are some different fields. I will probably still edit the tables, but currently they already have some different fields. I originally was going to have just one table and list a type and gender, but changed my mind and did it this way instead.

[twilitegxa]

zanus:

 

This is my login page. I don' have a logout page, so where would I put the update script?

 

<?php

session_start();

//Access Tracking Snippet

//set up static variables
$page_title = "login.php";
$user_agent = getenv("HTTP_USER_AGENT");
$date_accessed = date("Y-m-d");

include("connect_db.php");

//create and issue query
$sql = "insert into access_tracker values
    ('', '$page_title', '$user_agent', '$date_accessed')";
mysql_query($sql,$conn);
?>

<?php

$user_area_location = 'account.php'; // Location of the user area
# #
$error = array();
if(isset($_GET['action'])) {
switch($_GET['action']) {
case 'logoff':
unset($_SESSION['loggedIn']);
array_push($error, 'You were logged off.');
break;
}
}
if(!$error) {
if(empty($_POST['username'])) { array_push($error, 'You didn\'t supply a username'); }
if(empty($_POST['password'])) { array_push($error, 'You didn\'t supply a password'); }
}
if(!$error){
$result = @mysql_query('SELECT username, email, name FROM `users` WHERE username = \''.mysql_real_escape_string($_POST['username']).'\' AND password = \''.mysql_real_escape_string(md5($_POST['password'])).'\'');
if($row = @mysql_fetch_array($result)) {
$_SESSION['loggedIn'] = true;
$_SESSION['userName'] = $row['username']; 
$_SESSION['userMail'] = $row['email'];
$_SESSION['name'] = $row['name'];
header('Location: '.$user_area_location);
die('<a href="'.$user_area_location.'">Go to your user account</a> or go back to <a href=choose_character.php>choose_character.php</a>');
}else{
array_push($error, 'The username or password you provided were not correct');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Sailor Moon RPG - Login</title>
<!-- Source File -->
<style type="text/css" media="screen">
/*<![CDATA[*/
@import url(global.css); 
/*]]>*/
</style>
</head>
<body>
<!-- HEADER -->
<h1 class="logo">Sailor Moon RPG</h1>
<!-- /HEADER -->
<?php include("topnav.php"); ?>
<div id="main">
<?php include("includes/log.php"); ?>
<?php include("mainnav.php"); ?>
<table cellspacing="2" cellpadding="0" border="0">
<form method="post" action="login.php">
<?php if(isset($error) && $error) { ?>
<tr>
<td colspan="2">
<ul><?php foreach($error as $key => $value) echo '<li>'.$value.'</li>'; ?></ul>
</td>
</tr><?php } ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Login!" /> <a href="forgot.php">I forgot my username or password</a></td>

</tr>
</form>
</table>
</div>
<?php include("bottomnav.php"); ?>
<!-- FOOTER -->
<div id="footer_wrapper">
<div id="footer">
<p>Sailor Moon and all characters are<br>
trademarks of Naoko Takeuchi.</p>
<p>Copyright © 2009 Liz Kula. All rights reserved.<br>
A product of <a href="#" target="_blank">Web Designs By Liz</a> systems.</p>
<div id="foot-nav"><!-- <ul>
<li><a href="http://validator.w3.org/check?uri=http://webdesignsbyliz.com/digital/index.php" target="_blank"><img src="http://www.w3.org/Icons/valid-xhtml10-blue" alt="Valid XHTML 1.0 Transitional" height="31" width="88" /></a></li>
<li><a href="http://jigsaw.w3.org/css-validator/validator?uri=http://webdesignsbyliz.com/digital/global.css" target="_blank"><img class="c2" src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="Valid CSS!" /></a></li>
</ul> --></div>
</div>
</div>
<!-- /FOOTER -->
</body>
</html>

[Zane]

case 'logoff':
unset($_SESSION['loggedIn']);
array_push($error, 'You were logged off.');
//Right here..... 
//
//
/
//
//
//
/////////
break;

[twilitegxa]

Okay, one more question: where you have WHERE user = 56, how am I going to set this up? Should it be something like:

 

WHERE username = '$_SESSION[userName]' ?

 

I'm confused about how to do this exactly?

 

 

[Zane]

yes..you have it correct

 

although instead of using the username itself as a clause..I would use the id of the user...that keeps things from exploding like say if two users had the same username..

 

I don't know what's in your $_SESSION array so I just made up a random number.  I recommend putting the id of the user in the $_SESSION and doing everything off of that instead of the verbatim TEXT username...but it's your project

[twilitegxa]

Well, okay, that sounds good I think. LOL Can you tell I'm still confused on how to do it? How will I get the id at this point? Sorry I asking for so much help!

[Zane]

right here in your login page

$result = @mysql_query('SELECT id, username, email, name FROM `users` WHERE username = \''.mysql_real_escape_string($_POST['username']).'\' AND password = \''.mysql_real_escape_string(md5($_POST['password'])).'\'');

if($row = @mysql_fetch_array($result)) {

$_SESSION['loggedIn'] = true;

$_SESSION['userName'] = $row['username'];

$_SESSION['userMail'] = $row['email'];

$_SESSION['name'] = $row['name'];

$_SESSION['userID'] = $row['id'];

 

it's that easy

[twilitegxa]

I tried this on my login page:

 

<?php

$user_area_location = 'account.php'; // Location of the user area
# #
$error = array();
if(isset($_GET['action'])) {
switch($_GET['action']) {
case 'logoff':
unset($_SESSION['loggedIn']);
array_push($error, 'You were logged off.');

$sql = "update mdark_warrior SET active = 0 WHERE id = '$_SESSION[userID]';";
$sql .= "update scouts SET active = 0 WHERE id = '$_SESSION[userID]';";
$sql .= "update knights SET active = 0 WHERE id = '$_SESSION[userID]';";
$sql .= "update fdark_warrior SET active = 0 WHERE id = '$_SESSION[userID]';";
$result = mysql_query($sql); //Poof...characters disabled

break;
}
}
if(!$error) {
if(empty($_POST['username'])) { array_push($error, 'You didn\'t supply a username'); }
if(empty($_POST['password'])) { array_push($error, 'You didn\'t supply a password'); }
}
if(!$error){
$result = @mysql_query('SELECT id, username, email, name FROM `users` WHERE username = \''.mysql_real_escape_string($_POST['username']).'\' AND password = \''.mysql_real_escape_string(md5($_POST['password'])).'\'');
if($row = @mysql_fetch_array($result)) {
$_SESSION['loggedIn'] = true;
$_SESSION['userName'] = $row['username']; 
$_SESSION['userMail'] = $row['email'];
$_SESSION['name'] = $row['name'];
$_SESSION['userID'] = $row['id'];
header('Location: '.$user_area_location);
die('<a href="'.$user_area_location.'">Go to your user account</a> or go back to <a href=choose_character.php>choose_character.php</a>');
}else{
array_push($error, 'The username or password you provided were not correct');
}
}
?>

 

But it's not updating. What did I do wrong?

[Zane]

well first of all..you actually have to be storing the userID in those tables to begin with.  from what I understood to begin with you have the usernames themselves in the table.  So querying the table for characters where the userID .. is whatever...will give you nothing.

 

Also you are searching in the wrong column anyway...assuming you actually did have the userID in there

update mdark_warrior SET active = 0 WHERE id = '$_SESSION[userID]'

 

that will search for the character id NOT the userID..should be like it was

update mdark_warrior SET active = 0 WHERE username = '$_SESSION[userID]'

 

and the username column should hold nothing but IDs...  if you'd checked out that normalization article that redarrow pointed out you'd be pretty well informed already.

 

 

and Thirdly,  it's $_SESSION['userID'] not $_SESSION[userID]

$sql = "update mdark_warrior SET active = 0 WHERE id = '$_SESSION[userID]';";

$sql .= "update scouts SET active = 0 WHERE id = '$_SESSION[userID]';";

$sql .= "update knights SET active = 0 WHERE id = '$_SESSION[userID]';";

$sql .= "update fdark_warrior SET active = 0 WHERE id = '$_SESSION[userID]';";

 

[twilitegxa]

Why does username have to be ids? My usernames are the username the visitor registers. I haven't read the normalization article yet. I don't think I'm going to get this. :-( Thanks for the help anyway.

 

I have the id in both tables set to the same number, but I'm not sure the right logic to do this the right way. :-(

[Zane]

It's not that you HAVE to use ids...I'm just saying that it is the best route to go.  There are 80,000 users or more here do you think we query the database by name? No..we'd be idiots to do that. You set the id in your table to autoincrement for a reason. 

 

Say in your table you have row 539... this is user John.  Imagine you had 2000 users and you want to ban John for some particular reason.  Well what do you do if there are 28 more users with the same username...I guess they're all screwed huh.  You can put the same scenario into perspective when you're changing the stats for people.

 

The proper way to do it is to say...user 539 is banned...doesn't matter what his name is.  And no you wouldn't have all these numbers memorized or anything because you have PHP, HTML and CSS to thank for making these aesthetically pleasing buttons for deleting/banning/editing users at a mouse click.

 

I'm done ranting now..I guess I'll post you something useful.

$sql = "update mdark_warrior SET active = 0 WHERE username = '{$_SESSION['userName']}';";
$sql .= "update scouts SET active = 0 WHERE username = '{$_SESSION['userName']}';";
$sql .= "update knights SET active = 0 WHERE username = '{$_SESSION['userName']}';";
$sql .= "update fdark_warrior SET active = 0 WHERE username = '{$_SESSION['userName']}';";
$result = mysql_query($sql); //Poof...characters disabled

This should work for you..

 

but if it's the ID route you're looking for I would just get this project working for now the way you have planned and you will soon realize what I was talking about...at which point you can start a new topic.

[PrinceOfDragons]

Unless the Usernames are unique then you would not have to use IDs . Or would there still be a problem with that?