zorra Posted October 19, 2006 Share Posted October 19, 2006 I have three webpages in my first site that I am having trouble with. The flow of the 3 pages is : Register, then go to Welcome, then go to Login. The Register page has a form with 11 entries. This page is supposed to set a session variable to contain all the input info and use it to populate blanks in the other pages. The welcome page should be able to display username and pw, but just shows up as blank. I eventually want a page where a user can edit their profile (fields from the database). I think everything works except for the session variable, which is supposed to be named UserID (same name as the key database field). Attached is a snippet of the Register user code. I can post the others if needed.[code]<?php require_once('../Connections/con_elders_local.php'); ?><?php// *** Redirect if username exists$MM_flag="MM_insert";if (isset($_POST[$MM_flag])) { $MM_dupKeyRedirect="register_user.php?repeat=true"; $loginUsername = $_POST['username']; $LoginRS__query = "SELECT username FROM elders1 WHERE username='" . $loginUsername . "'"; mysql_select_db($database_con_elders_local, $con_elders_local); $LoginRS=mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); //if there is a row in the database, the username was found - can not add the requested username if($loginFoundUser){ $MM_qsChar = "?"; //append the username to the redirect page if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername; header ("Location: $MM_dupKeyRedirect"); exit; }}function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue;}$editFormAction = $_SERVER['PHP_SELF'];if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);}if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "newUser")) {// ob_start() $insertSQL = sprintf("INSERT INTO elders1 (firstname, lastname, username, password, church, address, city, state, zip, phone, email) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['firstname'], "text"), GetSQLValueString($_POST['lastname'], "text"), GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['church'], "text"), GetSQLValueString($_POST['address'], "text"), GetSQLValueString($_POST['city'], "text"), GetSQLValueString($_POST['state'], "text"), GetSQLValueString($_POST['zip'], "text"), GetSQLValueString($_POST['phone'], "text"), GetSQLValueString($_POST['email'], "text")); mysql_select_db($database_con_elders_local, $con_elders_local); $Result1 = mysql_query($insertSQL, $con_elders_local) or die(mysql_error()); $insertGoTo = "welcome.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); // ob_end_flush()}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"[/code] Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/ Share on other sites More sharing options...
HuggieBear Posted October 19, 2006 Share Posted October 19, 2006 I see no reference anywhere to $_SESSION variables of any kind.RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111355 Share on other sites More sharing options...
zorra Posted October 19, 2006 Author Share Posted October 19, 2006 Oops. Attached is a snippet from the login page. It has the session variable code.[code]<?php require_once('../Connections/con_elders_local.php'); ?><?php// *** Validate request to login to this site.if (!isset($_SESSION)) { session_start();}$loginFormAction = $_SERVER['PHP_SELF'];if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck'];}if (isset($_POST['UserName'])) { $loginUsername=$_POST['UserName']; $password=$_POST['Password']; $MM_fldUserAuthorization = "UserID"; $MM_redirectLoginSuccess = "../index.php"; $MM_redirectLoginFailed = "login.php?failed=true"; $MM_redirecttoReferrer = true; mysql_select_db($database_con_elders_local, $con_elders_local); $LoginRS__query=sprintf("SELECT username, password, UserID FROM elders1 WHERE username='%s' AND password='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'UserID'); //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && true) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); }}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" [/code] Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111417 Share on other sites More sharing options...
kenrbnsn Posted October 19, 2006 Share Posted October 19, 2006 Please edit your post to surround th posted code with [b][nobbc][code][/code][/nobbc][/b] tags.Ken Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111420 Share on other sites More sharing options...
zorra Posted October 19, 2006 Author Share Posted October 19, 2006 Sorry, didn't know. I hope all is well now. Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111568 Share on other sites More sharing options...
HuggieBear Posted October 19, 2006 Share Posted October 19, 2006 Remove this condition[code=php:0]if (!isset($_SESSION)) { session_start();}[/code]As any page that uses session variables must output it.RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111571 Share on other sites More sharing options...
zorra Posted October 20, 2006 Author Share Posted October 20, 2006 I am either making this too difficult for myself or I don't have a good grasp of what's going on. Is it possible to have a user log in using his username and pw, then go to another page to update all of his 11 entered fields (like username, pw, address, email, etc) even though he only entered his username & pw in the login page? My MySQL db is working fine, it's the PHP session variable code that is the problem. Is there a tutorial or something that I can use as a guide to accomplish this? Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111622 Share on other sites More sharing options...
HuggieBear Posted October 20, 2006 Share Posted October 20, 2006 Yes, it's actually quite simple.1. User goes to login.php and provides his username and password in a form.2. Submitting the form posts back to itself and connects to the database to retrieve details, use something like this:[code]<?php// Start sessionsession_start()// Connect to the databaseinclude_once('connect.php')// Execute the query$sql = "SELECT id FROM users WHERE username = '{$_POST['username']}' AND password = '$_POST['password']'";$result = mysql_query($sql);if (!$result){ // If query didn't execute echo "Unable to execute:<br>\n$sql<br>\n" . mysql_error();}else { if (mysql_num_rows($result) == 1){ // Assign the unique ID to a session variable $_SESSION['id'] = mysql_result($result, 0); echo "You have been authenticated\n"; } else { echo "Unable to authenticate you\n"; }}?>[/code]This should authenticate you if you exist in the database and now has your unique id stored in a session variable for use when editing.3. User goes to profile.php which has the following code...[code]<?php// Start sessionsession_start();// Connect to the databaseinclude_once('connect.php');// Execute the query$sql = "SELECT * FROM users WHERE id = '{$_SESSION['id']}'";$result = mysql_query($sql);if (!$result){ // If query didn't execute echo "Unable to execute:<br>\n$sql<br>\n" . mysql_error();}else { if (mysql_num_rows($result) == 1){ $row = mysql_fetch_array($result, MYSQL_ASSOC); // Echo the form here with the default values like so echo "<input type=\"text\" name=\"firstname\" value=\"{$row['firstname']}\">"; } else { echo "Unable to retrieve your profile\n"; }}?>[/code]This should be enough to get you started and on track.RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111736 Share on other sites More sharing options...
zorra Posted October 20, 2006 Author Share Posted October 20, 2006 Thank you. I will try that. Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111753 Share on other sites More sharing options...
HuggieBear Posted October 20, 2006 Share Posted October 20, 2006 The queries are going to need changing a little I'm sure, but I just wanted a basic example to show you the principle of the way it could work using a simple structure.RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/24452-help-with-session-variables/#findComment-111756 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.