Jump to content


Photo

Passing form input information & php recordset queries


  • Please log in to reply
1 reply to this topic

#1 mjurmann

mjurmann
  • Members
  • PipPipPip
  • Advanced Member
  • 159 posts

Posted 28 September 2006 - 05:34 AM

Guys, could you please point me in the right direction. I need to take input in a form field (USERNAME) on a login page, and once a login name that is submitted that matches one in my database, go to an account information page that will be able to take that username entered in the form field, and pull all information related to that username out into the web page. Php echo? I don't know...I can't figure it out. Should I have sessions enabled, should I use cookies? Thank you in advance...I have such a headache.

#2 mjurmann

mjurmann
  • Members
  • PipPipPip
  • Advanced Member
  • 159 posts

Posted 28 September 2006 - 06:08 AM

Sorry, that was very vague. I have fixed part of the problem, let me go a little more in detail with the next problem and see if you can help me.

I was trying to take form information (username) at a login screen, have it be passed to the next page upon successful login, and then have all information related to the username be displayed on the page via recordsets.  I could not get this to work, until I removed the user authentication validation.

Once I removed that, it all worked fine. Only problem is now if someone enters a username that doesn't exist in the database, they can still gain access to the members only page. How can I use form validation AND have my username input information be passed to the next page and have all relating information be displayed with it via recordset query?

Here is the code WITHOUT user authentication that works...but allows anyone to enter my members only area:



<form action="account.php" method="post" name = "frm_login">

Username:
<input name = "userName" type = "text" id="userName" value = "" size = "14" maxlength = "12">
<br><br>
Password:
<input name = "pwd" type = "password" id="pwd" value = "" size = "14" maxlength = "12">
<br><br>
<input type="checkbox" NAME="music" VALUE="Rock" CHECKED>Remember Me
   
<br />
<br />
<label>
<center><input name="Submit" type="submit" value="Submit" />
</center>
</label>
<br />
  </form>


Here is the code WITH user authentication, which doesn't display any information on the next page:

<?php require_once('../Connections/mrptest.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['userName'])) {
  $loginUsername=$_POST['userName'];
  $password=$_POST['pwd'];
  $MM_fldUserAuthorization = "userGroup";
  $MM_redirectLoginSuccess = "account.php";
  $MM_redirectLoginFailed = "login_failed.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_mrptest, $mrptest);
 
  $LoginRS__query=sprintf("SELECT userName, pwd, userGroup FROM tbl_users WHERE userName='%s' AND pwd='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
 
  $LoginRS = mysql_query($LoginRS__query, $mrptest) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
   
    $loginStrGroup  = mysql_result($LoginRS,0,'userGroup');
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}




<form action="<?php echo $loginFormAction; ?>" method="POST" name = "frm_login">

Username:
<input name = "userName" type = "text" id="userName" value = "" size = "14" maxlength = "12">
<br><br>
Password:
<input name = "pwd" type = "password" id="pwd" value = "" size = "14" maxlength = "12">
<br><br>
<input type="checkbox" NAME="music" VALUE="Rock" CHECKED>Remember Me
   
<br />
<br />
<label>
<center><input name="Submit" type="submit" value="Submit" />
</center>
</label>
<br />
  </form>


AND LASTLY, here is the code from the next page (account info page)...this is the recordset query info

<?php
mysql_select_db($database_mrptest, $mrptest);
$query_Recordset1 = "SELECT id, firstName, lastName FROM tbl_users WHERE userName= '".$_POST['userName']."'";
$Recordset1 = mysql_query($query_Recordset1, $mrptest) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

?>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users