Jump to content

how do I do this using session variables

webguync

By webguync
in PHP Coding Help

 Share

Recommended Posts

webguync Advanced Member

webguync

Posted
Posted

Hi,

 

I currently have a  login page which the user enters an email address and password ID and it's authenticated against data in a mysql database. The login if successful redirects to another page with content, if denied a login error is given. This part works fine, but what I want to do instead of echoing the current 'username' is to echo 'name' which is in the database, but not being captured in the form. What is the best way to do this?

 

below is my current code

 

session_start();

$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());

mysql_select_db("dbname") or die(mysql_error());




// Same checking stuff all over again.
if(isset($_POST['submit'])) {
   if(empty($_POST['username']) || empty($_POST['pwid']) ) {
    echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif'>Please fill in both your username and password to access your exam results.</h2>";
  echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
                exit;
   }
   // Create the variables again.
   
   $username = mysql_real_escape_string($_POST['username']);
   $pwid = $_POST['pwid'];

  

   // Store the SQL query inside a variable. 
   // ONLY the username you have filled in is retrieved from the database.
   $query = "SELECT username,pwid
           FROM   table_name
           WHERE
           pwid = '$pwid'
           AND
           username='$username'";

   $result = mysql_query($query) or die(mysql_error());
   if(mysql_num_rows($result) == 0) { 
      // Gives an error if the username/pw given does not exist.
      // or if something else is wrong.
     echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif'>You have entered a username or password that does not match our database records. You will be redirected back to the login screen in 5 seconds, please try again.</h2> " . mysql_error();
echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
exit();

   } else {
      
      $row = mysql_fetch_object($result);
     
     $_SESSION['username'] = $username;
      $_SESSION['sid'] = session_id(); 
      // Make it more secure by storing the user's IP address.
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      // Now give the success message.
      // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
      
   }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:ExamLogin.php");
exit;
}
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['username'] . "</h3>";//I want to echo out name instead of username

//echo "<a class='logout' href='logout.php'>Logout</a></div>";

?>

wildteen88 Regular Member

wildteen88

Posted
Posted
but what I want to do instead of echoing the current 'username' is to echo 'name' which is in the database,

I'm guessing you mean the name field in your database.

 

The following code is your sql query, which at the moment only selects the username and password.

   $query = "SELECT username,pwid
           FROM   table_name
           WHERE
           pwid = '$pwid'
           AND
           username='$username'";

You'll want to change your query to this. Now the name field will be returned from your query.

   $query = "SELECT username, pwid, name
           FROM   table_name
           WHERE
           pwid = '$pwid'
           AND
           username='$username'";

 

To save the name in the session add this line

$_SESSION['name'] = $row['name'];

 

Before this line

$_SESSION['username'] = $username;

 

webguync Advanced Member

webguync

Posted
  • Author
Posted

thanks this makes sense, but nothing echoes for my 'name variable' and yes that is the field name in mySQL

 

" . $_SESSION['name'] . "

 

the code as it stands now

 

<?php
//ini_set("display_errors","1");
//ERROR_REPORTING(E_ALL);

session_start();

$con = mysql_connect("localhost","uusername","password") or die('Could not connect: ' . mysql_error());

mysql_select_db("dbname") or die(mysql_error());




// Same checking stuff all over again.
if(isset($_POST['submit'])) {
   if(empty($_POST['username']) || empty($_POST['pwid']) ) {
    echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif'>Please fill in both your username and password to access your exam results.</h2>";
  echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
                exit;
   }
   // Create the variables again.
   
   $username = mysql_real_escape_string($_POST['username']);
   $pwid = $_POST['pwid'];


   // Store the SQL query inside a variable. 
   // ONLY the username you have filled in is retrieved from the database.
   $query = "SELECT username,pwid,name
           FROM   table_name
           WHERE
           pwid = '$pwid'
           AND
           username='$username'";

   $result = mysql_query($query) or die(mysql_error());
   if(mysql_num_rows($result) == 0) { 
      // Gives an error if the username/pw given does not exist.
      // or if something else is wrong.
     echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif'>You have entered a username or password that does not match our database records. You will be redirected back to the login screen in 5 seconds, please try again.</h2> " . mysql_error();
echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
exit();
/*
this would benefit from a redirect to a page giving better information to
the user and maybe logging some errors.
*/
   } else {
     
      $row = mysql_fetch_object($result);
     
    $_SESSION['name'] = $row['name'];
     $_SESSION['username'] = $username;
      $_SESSION['sid'] = session_id(); 
      // Make it more secure by storing the user's IP address.
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      // Now give the success message.
      // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
      
   }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:ExamLogin.php");
exit;
}
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>";

//echo "<a class='logout' href='logout.php'>Logout</a></div>";

?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.