mjurmann Posted September 28, 2006 Share Posted September 28, 2006 Guys, could you please point me in the right direction. I need to take input in a form field (USERNAME) on a login page, and once a login name that is submitted that matches one in my database, go to an account information page that will be able to take that username entered in the form field, and pull all information related to that username out into the web page. Php echo? I don't know...I can't figure it out. Should I have sessions enabled, should I use cookies? Thank you in advance...I have such a headache. Quote Link to comment Share on other sites More sharing options...
mjurmann Posted September 28, 2006 Author Share Posted September 28, 2006 Sorry, that was very vague. I have fixed part of the problem, let me go a little more in detail with the next problem and see if you can help me.I was trying to take form information (username) at a login screen, have it be passed to the next page upon successful login, and then have all information related to the username be displayed on the page via recordsets. I could not get this to work, until I removed the user authentication validation.Once I removed that, it all worked fine. Only problem is now if someone enters a username that doesn't exist in the database, they can still gain access to the members only page. How can I use form validation AND have my username input information be passed to the next page and have all relating information be displayed with it via recordset query? Here is the code WITHOUT user authentication that works...but allows anyone to enter my members only area: <form action="account.php" method="post" name = "frm_login"> Username: <input name = "userName" type = "text" id="userName" value = "" size = "14" maxlength = "12"> <br><br> Password: <input name = "pwd" type = "password" id="pwd" value = "" size = "14" maxlength = "12"> <br><br> <input type="checkbox" NAME="music" VALUE="Rock" CHECKED>Remember Me <br /> <br /> <label> <center><input name="Submit" type="submit" value="Submit" /> </center> </label> <br /> </form>Here is the code WITH user authentication, which doesn't display any information on the next page:<?php require_once('../Connections/mrptest.php'); ?><?php// *** Validate request to login to this site.if (!isset($_SESSION)) { session_start();}$loginFormAction = $_SERVER['PHP_SELF'];if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck'];}if (isset($_POST['userName'])) { $loginUsername=$_POST['userName']; $password=$_POST['pwd']; $MM_fldUserAuthorization = "userGroup"; $MM_redirectLoginSuccess = "account.php"; $MM_redirectLoginFailed = "login_failed.php"; $MM_redirecttoReferrer = true; mysql_select_db($database_mrptest, $mrptest); $LoginRS__query=sprintf("SELECT userName, pwd, userGroup FROM tbl_users WHERE userName='%s' AND pwd='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $mrptest) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'userGroup'); //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && true) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); }} <form action="<?php echo $loginFormAction; ?>" method="POST" name = "frm_login"> Username: <input name = "userName" type = "text" id="userName" value = "" size = "14" maxlength = "12"> <br><br> Password: <input name = "pwd" type = "password" id="pwd" value = "" size = "14" maxlength = "12"> <br><br> <input type="checkbox" NAME="music" VALUE="Rock" CHECKED>Remember Me <br /> <br /> <label> <center><input name="Submit" type="submit" value="Submit" /> </center> </label> <br /> </form>AND LASTLY, here is the code from the next page (account info page)...this is the recordset query info<?phpmysql_select_db($database_mrptest, $mrptest);$query_Recordset1 = "SELECT id, firstName, lastName FROM tbl_users WHERE userName= '".$_POST['userName']."'";$Recordset1 = mysql_query($query_Recordset1, $mrptest) or die(mysql_error());$row_Recordset1 = mysql_fetch_assoc($Recordset1);$totalRows_Recordset1 = mysql_num_rows($Recordset1);?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.