Jump to content

Passing form input information & php recordset queries

mjurmann

By mjurmann
in PHP Coding Help

 Share

Recommended Posts

mjurmann Member

mjurmann

Posted
Posted
Guys, could you please point me in the right direction. I need to take input in a form field (USERNAME) on a login page, and once a login name that is submitted that matches one in my database, go to an account information page that will be able to take that username entered in the form field, and pull all information related to that username out into the web page. Php echo? I don't know...I can't figure it out. Should I have sessions enabled, should I use cookies? Thank you in advance...I have such a headache.
Link to comment
Share on other sites
mjurmann Member

mjurmann

Posted
  • Author
Posted
Sorry, that was very vague. I have fixed part of the problem, let me go a little more in detail with the next problem and see if you can help me.

I was trying to take form information (username) at a login screen, have it be passed to the next page upon successful login, and then have all information related to the username be displayed on the page via recordsets.  I could not get this to work, until I removed the user authentication validation.

Once I removed that, it all worked fine. Only problem is now if someone enters a username that doesn't exist in the database, they can still gain access to the members only page. How can I use form validation AND have my username input information be passed to the next page and have all relating information be displayed with it via recordset query?

Here is the code WITHOUT user authentication that works...but allows anyone to enter my members only area:



<form action="account.php" method="post" name = "frm_login">

Username:
<input name = "userName" type = "text" id="userName" value = "" size = "14" maxlength = "12">
<br><br>
Password:
<input name = "pwd" type = "password" id="pwd" value = "" size = "14" maxlength = "12">
<br><br>
<input type="checkbox" NAME="music" VALUE="Rock" CHECKED>Remember Me
   
<br />
<br />
<label>
<center><input name="Submit" type="submit" value="Submit" />
</center>
</label>
<br />
  </form>


Here is the code WITH user authentication, which doesn't display any information on the next page:

<?php require_once('../Connections/mrptest.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['userName'])) {
  $loginUsername=$_POST['userName'];
  $password=$_POST['pwd'];
  $MM_fldUserAuthorization = "userGroup";
  $MM_redirectLoginSuccess = "account.php";
  $MM_redirectLoginFailed = "login_failed.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_mrptest, $mrptest);
 
  $LoginRS__query=sprintf("SELECT userName, pwd, userGroup FROM tbl_users WHERE userName='%s' AND pwd='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
 
  $LoginRS = mysql_query($LoginRS__query, $mrptest) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
   
    $loginStrGroup  = mysql_result($LoginRS,0,'userGroup');
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}




<form action="<?php echo $loginFormAction; ?>" method="POST" name = "frm_login">

Username:
<input name = "userName" type = "text" id="userName" value = "" size = "14" maxlength = "12">
<br><br>
Password:
<input name = "pwd" type = "password" id="pwd" value = "" size = "14" maxlength = "12">
<br><br>
<input type="checkbox" NAME="music" VALUE="Rock" CHECKED>Remember Me
   
<br />
<br />
<label>
<center><input name="Submit" type="submit" value="Submit" />
</center>
</label>
<br />
  </form>


AND LASTLY, here is the code from the next page (account info page)...this is the recordset query info

<?php
mysql_select_db($database_mrptest, $mrptest);
$query_Recordset1 = "SELECT id, firstName, lastName FROM tbl_users WHERE userName= '".$_POST['userName']."'";
$Recordset1 = mysql_query($query_Recordset1, $mrptest) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

?>
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.