Jump to content

Php - mysql store data and use it later?

zero_ZX

By zero_ZX
in PHP Coding Help

 Share

Recommended Posts

zero_ZX Regular Member

zero_ZX

Posted
Posted

Hi, i' making a login page at the moment, however my username + password is stored many different places, and is kinda hard to get, so I have written this entire code:

<?php
session_start();
// dBase file
include 'inc/config.php';

if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
  {
  die("You need to provide a username and FG-Pass.");
  }

// Create query
  $id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

$q = "SELECT * FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' "
  ."AND `p_locked`=0 "
  ."AND SELECT field_13 FROM `pfields_content` "
  ."WHERE `id`='".$id."' "
  ."AND WHERE `field_13`=('".$_POST["password"]."') "
  
  ."LIMIT 1";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
  {
  // Login good, create session variables
  $_SESSION["valid_id"] = $obj->id;
  $_SESSION["valid_user"] = $_POST["username"];
  $_SESSION["valid_time"] = time();

  // Redirect to member page
  Header("Location: shop.php");
  }
else
  {
  // Login not successful
  die("Sorry, could not log you in. Wrong login information.
  <br> Or your fg has been locked. Please contact Smilie.");
  }
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "FG-Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}

?>

 

So, the process:

1. I get and store the member id:

// Create query
  $id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

 

Then:

Check if:

-Account is not locked

-Get password for a different table, using the member id we got above.

-Check if username + password matches.

-login

$q = "SELECT * FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' "
  ."AND `p_locked`=0 "
  ."AND SELECT field_13 FROM `pfields_content` "
  ."WHERE `id`='".$id."' "
  ."AND WHERE `field_13`=('".$_POST["password"]."') "
  
  ."LIMIT 1";
// Run query
$r = mysql_query($q);

But this doesn't appear to be the case that it works..

I think it has something to do with that i need to run the query, but i'm not sure, how would i fix this? :)

 

Thanks in advance!

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

The main issue that I can see if you arent retrieving the id from the Database..

You are only calling one sql query..

This query isnt being called its just being passed into the second query..

$id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

 

Link to comment
Share on other sites
zero_ZX Regular Member

zero_ZX

Posted
  • Author
Posted

The main issue that I can see if you arent retrieving the id from the Database..

You are only calling one sql query..

This query isnt being called its just being passed into the second query..

$id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

 

Hm, i tried this:

// Create query
  $id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";
  $result = mysql_query($query);

$q = "SELECT * FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' "
  ."AND `p_locked`=0 "
  ."AND SELECT field_13 FROM `pfields_content` "
  ."WHERE `id`='".$query."' "
  ."AND WHERE `field_13`=('".$_POST["password"]."') "

But it didn't seems to work :/

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

That will never work..

$sql = "SELECT `member_id`, `field_13` 
FROM `members`
Inner Join `pfields_content` USING(`member_id`)
WHERE `p_locked`= 0 AND `name`='".$_POST['username']."' AND `field_13`='".$_POST['password']."'";

Should be what your after..

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

Ok..

The Inner Join will join the FROM table ('member') to the Inner Join table ('pfields_content') USING the member_id.

Which basically means that you can now access all the fields from both of these tables..

There are also LEFT Join, Right Joins, and Outer Joins but ill explain the Inner join for now..

With the use of inner join BOTH fields must have a member_id the same.. so if you have an id in the members table and nothing in the pfields_content table your sql query will return no results because it doesnt exist in both..

 

Have a read of the MySQL ref. manual if you wanna know more.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.