Jump to content

Php - mysql store data and use it later?

zero_ZX

By zero_ZX
in PHP Coding Help

 Share

Recommended Posts

zero_ZX Regular Member

zero_ZX

Posted
Posted

Hi, i' making a login page at the moment, however my username + password is stored many different places, and is kinda hard to get, so I have written this entire code:

<?php
session_start();
// dBase file
include 'inc/config.php';

if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
  {
  die("You need to provide a username and FG-Pass.");
  }

// Create query
  $id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

$q = "SELECT * FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' "
  ."AND `p_locked`=0 "
  ."AND SELECT field_13 FROM `pfields_content` "
  ."WHERE `id`='".$id."' "
  ."AND WHERE `field_13`=('".$_POST["password"]."') "
  
  ."LIMIT 1";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
  {
  // Login good, create session variables
  $_SESSION["valid_id"] = $obj->id;
  $_SESSION["valid_user"] = $_POST["username"];
  $_SESSION["valid_time"] = time();

  // Redirect to member page
  Header("Location: shop.php");
  }
else
  {
  // Login not successful
  die("Sorry, could not log you in. Wrong login information.
  <br> Or your fg has been locked. Please contact Smilie.");
  }
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "FG-Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}

?>

 

So, the process:

1. I get and store the member id:

// Create query
  $id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

 

Then:

Check if:

-Account is not locked

-Get password for a different table, using the member id we got above.

-Check if username + password matches.

-login

$q = "SELECT * FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' "
  ."AND `p_locked`=0 "
  ."AND SELECT field_13 FROM `pfields_content` "
  ."WHERE `id`='".$id."' "
  ."AND WHERE `field_13`=('".$_POST["password"]."') "
  
  ."LIMIT 1";
// Run query
$r = mysql_query($q);

But this doesn't appear to be the case that it works..

I think it has something to do with that i need to run the query, but i'm not sure, how would i fix this? :)

 

Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/186373-php-mysql-store-data-and-use-it-later/
Share on other sites
monkeytooth Advanced Member

monkeytooth

Posted
Posted

What errors are you getting in specific when you try to run your script? We always need that. As much as we all like to help here, without know what the exact problem is we can't help. We don't know what we are looking for.

oni-kun Member

oni-kun

Posted
Posted

Bump :)

 

Well how about storing their ID and password in the same table? If it appears "Wrong info submitted", Than check the query, Does the query lead anywhere that physically exists in your database? This isn't the hardest debug.

Buddski Newbie

Buddski

Posted
Posted

The main issue that I can see if you arent retrieving the id from the Database..

You are only calling one sql query..

This query isnt being called its just being passed into the second query..

$id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

 

zero_ZX Regular Member

zero_ZX

Posted
  • Author
Posted

The main issue that I can see if you arent retrieving the id from the Database..

You are only calling one sql query..

This query isnt being called its just being passed into the second query..

$id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";

 

Hm, i tried this:

// Create query
  $id = "SELECT member_id FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' ";
  $result = mysql_query($query);

$q = "SELECT * FROM `members` "
  ."WHERE `name`='".$_POST["username"]."' "
  ."AND `p_locked`=0 "
  ."AND SELECT field_13 FROM `pfields_content` "
  ."WHERE `id`='".$query."' "
  ."AND WHERE `field_13`=('".$_POST["password"]."') "

But it didn't seems to work :/

Buddski Newbie

Buddski

Posted
Posted

That will never work..

$sql = "SELECT `member_id`, `field_13` 
FROM `members`
Inner Join `pfields_content` USING(`member_id`)
WHERE `p_locked`= 0 AND `name`='".$_POST['username']."' AND `field_13`='".$_POST['password']."'";

Should be what your after..

Buddski Newbie

Buddski

Posted
Posted

Ok..

The Inner Join will join the FROM table ('member') to the Inner Join table ('pfields_content') USING the member_id.

Which basically means that you can now access all the fields from both of these tables..

There are also LEFT Join, Right Joins, and Outer Joins but ill explain the Inner join for now..

With the use of inner join BOTH fields must have a member_id the same.. so if you have an id in the members table and nothing in the pfields_content table your sql query will return no results because it doesnt exist in both..

 

Have a read of the MySQL ref. manual if you wanna know more.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.