Jump to content

Recommended Posts

Can someone help me I have been working on this problem for some time. I have coded my page to welcome, firstname. At first in my insert I had used the id I have not switched it to the username as id was including everyone of my test names in the welcome. It looks like the sessions are continuing as I am able to go to the private section of the pages. However I am not sure what I have to do to produce the welcome, firstname to go to all the pages and let me know it is allowing the one member to access the private sessions.

Also when I use the login form it does not recognize the users. It is like the connection to the database dies i guess.

 

here is my codes.

 

<?php
session_start();

ini_set ("display_errors", "1");
error_reporting(E_ALL);
?>		
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome</title>
<style type="text/css">
.background {color: #B56AFF;
}
</style>
</head>

<body>
<p>

<?php
/* Program: login.php
* Desc:	Displays the new member welcome page. Greets
*			member by name and gives a choice to enter
*			restricted section or go back to main page.
*/ 
if (isset($_SESSION['username'])) {	            
// Set the users session ID
  
include("Connections/connect_to_mysql.php");

//Formulate Query
//This is the best way to perform an SQL query
$query = mysql_query ("SELECT * FROM `Members` WHERE username={$_SESSION['username']}"); 
$result = mysql_query($query);
$numrows = mysql_num_rows($query);

//Check result
//This shows the actual query sent to MySQL and the error. Useful for debugging.

if(!$result){
$message = 'Invalid query:' . mysql_error() . "\n";
$message .= 'Whole query:' . $query;
die($message);
}
//Use result
//Attempting to print $result won't allow access to information in the resource
//One of the mysql result functions must be used
//See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
if($numrows!=0){

while($row = mysql_fetch_assoc($query));
	$dbusername = $row['username'];
	$dbpassword = $row['password'];

	//check to see if they match!
	if($username==$dbusername&&md5($password)==$dbpassword){
		echo "Welcome, ".$_SESSION['firstname']. "!<br><a href='logout_test.php'>Logout</a>";
	}
}
}
?>
</p>
<p>  </p>
<p>Your new Member accounts lets you enter the members only section
  of our web site. You'll find special discounts, a profile of matches,
live advise from experts, and much more.</p>
<p>Your new Member ID and password were emailed to you. Store them
carefully for future use.</p>
<div style="text-align: center">
<p style="margin-top: .5in; font-weight: bold">
Glad you could join us!</p>
<form action="profile.php" method="post">
<input type="submit"
	value="Enter the Members Only Section">
	</form>
<form action="index.php" method="post">
<input type="submit" value="Go to Main Page">
</form>		
	</div>
</body>
</html>

 

<?php
session_start();

ini_set ("display_errors", "1");
error_reporting(E_ALL);
?>		
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome</title>
<style type="text/css">
.background {color: #B56AFF;
}
</style>
</head>

<body>
<p>

<?php
/* Program: login.php
* Desc:	Displays the new member welcome page. Greets
*			member by name and gives a choice to enter
*			restricted section or go back to main page.
*/ 
if (isset($_SESSION['username'])) {	            
// Set the users session ID
  
include("Connections/connect_to_mysql.php");

//Formulate Query
//This is the best way to perform an SQL query
$query = mysql_query ("SELECT * FROM `Members` WHERE username={$_SESSION['username']}"); 
$result = mysql_query($query);
$numrows = mysql_num_rows($query);

//Check result
//This shows the actual query sent to MySQL and the error. Useful for debugging.

if(!$result){
$message = 'Invalid query:' . mysql_error() . "\n";
$message .= 'Whole query:' . $query;
die($message);
}
//Use result
//Attempting to print $result won't allow access to information in the resource
//One of the mysql result functions must be used
//See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
if($numrows!=0){

while($row = mysql_fetch_assoc($query));
	$dbusername = $row['username'];
	$dbpassword = $row['password'];

	//check to see if they match!
	if($username==$dbusername&&md5($password)==$dbpassword){
		echo "Welcome, ".$_SESSION['firstname']. "!<br><a href='logout_test.php'>Logout</a>";
	}
}
}
?>

:'(

//Formulate Query
//This is the best way to perform an SQL query
$query = mysql_query ("SELECT * FROM `Members` WHERE username={$_SESSION['username']}"); 
$result = mysql_query($query);
$numrows = mysql_num_rows($query);

You are calling mysql_query twice.  First to execute the query and then again to query the same query you created; which won't work.

Change it to this.

//Formulate Query
//This is the best way to perform an SQL query
$sql= "SELECT * FROM `Members` WHERE username={$_SESSION['username']}"; 
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);

This was the error message.

 

Notice: Undefined index: username in /home/ebermy5/public_html/login.php on line 34

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/ebermy5/public_html/login.php on line 36

 

Notice: Undefined variable: result in /home/ebermy5/public_html/login.php on line 41

Invalid query:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Whole query:

I changed this part and get all users welcome no error messages. I updated users in the insert to id I thought that would single out the members.????

 

if (isset($_SESSION['id'])) {	            
// Set the users session ID
  $id=$_SESSION['id'];

I updated users in the insert to id I thought that would single out the members.????

It should, perhaps you don't have auto-increment checked in your id field... in which case you probably don't have a primary key set either.

Well, if it's displaying every user, then you obviously have duplicate ids somewhere in your table.  I can't think of any other reason why it would show every user when you are restricting it to an id that you claim is both auto increment and a primary key.  Talking to your host won't help anything, it might just make it worse.  Something is defunct in your code and I can't seem to spot it.

 

All I can really say is to go check your database and see if there are duplicates.

this is what I have I. Is the email field better to remove I can't remember why I made it like this.

 

Action    Keyname      Type      Unique      Packed    Field    Cardinality    Collation  Null  Comment

              PRIMARY      BTREE      Yes            No            id          191                A 

              email          BTREE      Yes            No        email        191                A

 

I am not sure if you mean this.

 

Field Type Collation Attributes Null Default Extra Action

  id int(20)  No None auto_increment             

  username varchar(100) latin1_swedish_ci  No None               

  firstname varchar(100) latin1_swedish_ci  No None               

  lastname varchar(100) latin1_swedish_ci  No None               

  email varchar(255) latin1_swedish_ci  No None               

  password varchar(100) latin1_swedish_ci  No None

 

Members

Field Type Null Default Comments

id  int(20) No     

username  varchar(100) No     

firstname  varchar(100) No     

lastname  varchar(100) No     

email  varchar(255) No     

password  varchar(100) No   

             

 

There is about 7 pages of testing here are the last group of names

id      username      firstname      lastname                email                                  password  
182    Peanuts          Fred              Trott            peanuts@fred.com    6d42f9acbb25c12ace0208d7d6bd9809     0000-00-00                 
183      Slick             Roger            Smith             slick@roger.com       71d8d973e2bd9bc7b220c4df75c06dd4     0000-00-00                 
184   Cupcake         Kathy         Wilkinson        cupcake@kathy.com   7bb06121c41632bcf7c69f88078f3402     0000-00-00                 L
185 Takelonger       Peter            Wilcox         takelonger@peter.com 525c5db35814592cba76eb5bc0c018d3     0000-00-00    
186    Jahsyi           Jahsyi            Turini               jahsyi@turini.com     0ce341d37457bb13e53773ebe8d437c1 

If it's showing all the users, then it has to be your query.  Furthermore, since you only expect ONE result... why use a loop?

 

The loop is creating all the names, but it will only loop through what your query retrieves so you must have some query issues.

Post your revised code and let's see if we can't spot it this time.

I had checked the if statement

 

This code echos everyone in the db

if($numrows!=0){

while($row=mysql_fetch_assoc($result)){
  echo "Welcome, {$row['firstname']}";
  }

 

 

this one does not echo anyone

if($numrows<1){

while($row=mysql_fetch_assoc($result)){
  echo "Welcome, {$row['firstname']}";
  }

 

this one echos everyone.

if($numrows=1){

while($row=mysql_fetch_assoc($result)){
  echo "Welcome, {$row['firstname']}";
  }

post your revised query,

echo the $sql variable if there is one.... there should be if there's not.

 

Neither of those examples you showed should make the script echo every user in the table. 

The only problem with the last one is that you're declaring $numrows to 1 instead of comparing it.

Otherwise, they should all work fine.

 

It's the query that's getting all the users, it's the only possible reason.

Either post the revised code or post the echoed query.

This is my revised query that gets all the members in the query.

 

*/ 
if (isset($_SESSION['id'])) {	            
// Set the users session ID
  $id=$_SESSION['id'];
include("Connections/connect_to_mysql.php");

//Formulate Query
//This is the best way to perform an SQL query
$query = "SELECT id, firstname FROM `Members` WHERE id={$_SESSION['id']}";
$result = mysql_query($query);
$numrows = mysql_num_rows($result);

//Check result
//This shows the actual query sent to MySQL and the error. Useful for debugging.

if(!$result){
  $message = 'Invalid query:' . mysql_error() . "\n";
  $message .= 'Whole query:' . $query;
    die($message);}
//Use result
//Attempting to print $result won't allow access to information in the resource
//One of the mysql result functions must be used
//See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
if($numrows!=0){

while($row=mysql_fetch_assoc($result)){
  echo "Welcome, {$row['firstname']}";
  }
  //Free the resources associated with the result set
  mysql_free_result($result);
}

According to your code, there is no reason for it to show all users.  Even if the id in the SESSION was incorrect, you should still get either an error or the wrong result.

 

There is a fix to this, but it will not answer this mind boggling question.

On your query... add LIMIT 1 to the end.

//Formulate Query
//This is the best way to perform an SQL query
$query = "SELECT id, firstname FROM `Members` WHERE id={$_SESSION['id']} LIMIT 1";

Then you're sure to only get one result, but like I said... this is, how you say... afro-engineered.

Boy this is some puzzle and the sad thing is it is something so easy but I am missing it somewhere.

 

my error message.

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/ebermy5/public_html/login.php on line 36

Invalid query:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1 Whole query:SELECT id, firstname FROM `Members` WHERE id=idLIMIT 1

SELECT id, firstname FROM `Members` WHERE id=idLIMIT 1

 

There is no space between id and LIMIT.  Also, the fact that you have id=id in your query answers this puzzle.  Essentially, that query says Get all users whose id is equal to their id... which is all of them.

So now I'm back to my second post on this thread.. or third I can't remember.

 

You never set $_SESSION['id'] to contain an actual id.  Once you do that, you should have a working query... you won't even need that LIMIT duct tape.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.