Jump to content

Archived

This topic is now archived and is closed to further replies.

zorra

Help with session variables

Recommended Posts

I have three webpages in my first site that I am having trouble with. The flow of the 3 pages is : Register, then go to Welcome, then go to Login.
The Register page has a form with 11 entries. This page is supposed to set a session variable to contain all the input info and use it to populate blanks in the other pages. The welcome page should be able to display username and pw, but just shows up as blank. I eventually want a page where a user can edit their profile (fields from the database). I think everything works except for the session variable, which is supposed to be named UserID (same name as the key database field). Attached is a snippet of the Register user code. I can post the others if needed.
[code]
<?php require_once('../Connections/con_elders_local.php'); ?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
  $MM_dupKeyRedirect="register_user.php?repeat=true";
  $loginUsername = $_POST['username'];
  $LoginRS__query = "SELECT username FROM elders1 WHERE username='" . $loginUsername . "'";
  mysql_select_db($database_con_elders_local, $con_elders_local);
  $LoginRS=mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);

  //if there is a row in the database, the username was found - can not add the requested username
  if($loginFoundUser){
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");
    exit;
  }
}

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "newUser"))

{

// ob_start()

  $insertSQL = sprintf("INSERT INTO elders1 (firstname, lastname, username, password, church, address, city, state, zip, phone, email) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['firstname'], "text"),
                       GetSQLValueString($_POST['lastname'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['church'], "text"),
                       GetSQLValueString($_POST['address'], "text"),
                       GetSQLValueString($_POST['city'], "text"),
                       GetSQLValueString($_POST['state'], "text"),
                       GetSQLValueString($_POST['zip'], "text"),
                       GetSQLValueString($_POST['phone'], "text"),
                       GetSQLValueString($_POST['email'], "text"));

  mysql_select_db($database_con_elders_local, $con_elders_local);
  $Result1 = mysql_query($insertSQL, $con_elders_local) or die(mysql_error());

  $insertGoTo = "welcome.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
 
//  ob_end_flush()
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
[/code]

Share this post


Link to post
Share on other sites
Oops.  Attached is a snippet from the login page.  It has the session variable code.
[code]
<?php require_once('../Connections/con_elders_local.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['UserName'])) {
  $loginUsername=$_POST['UserName'];
  $password=$_POST['Password'];
  $MM_fldUserAuthorization = "UserID";
  $MM_redirectLoginSuccess = "../index.php";
  $MM_redirectLoginFailed = "login.php?failed=true";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_con_elders_local, $con_elders_local);
 
  $LoginRS__query=sprintf("SELECT username, password, UserID FROM elders1 WHERE username='%s' AND password='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
   
  $LoginRS = mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
   
    $loginStrGroup  = mysql_result($LoginRS,0,'UserID');
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
[/code]

Share this post


Link to post
Share on other sites
Please edit your post to surround th posted code with [b][nobbc][code][/code][/nobbc][/b] tags.

Ken

Share this post


Link to post
Share on other sites
Remove this condition

[code=php:0]if (!isset($_SESSION)) {
  session_start();
}
[/code]

As any page that uses session variables must output it.

Regards
Huggie

Share this post


Link to post
Share on other sites
I am either making this too difficult for myself or I don't have a good grasp of what's going on.  Is it possible to have a user log in using his username and pw, then go to another page to update all of his 11 entered fields (like username, pw, address, email, etc) even though he only entered his username & pw in the login page?  My MySQL db is working fine, it's the PHP session variable code that is the problem.  Is there a tutorial or something that I can use as a guide to accomplish this?

Share this post


Link to post
Share on other sites
Yes, it's actually quite simple.

1. User goes to login.php and provides his username and password in a form.
2. Submitting the form posts back to itself and connects to the database to retrieve details, use something like this:

[code]
<?php
// Start session
session_start()

// Connect to the database
include_once('connect.php')

// Execute the query
$sql = "SELECT id FROM users WHERE username = '{$_POST['username']}' AND password = '$_POST['password']'";
$result = mysql_query($sql);
if (!$result){
  // If query didn't execute
  echo "Unable to execute:<br>\n$sql<br>\n" . mysql_error();
}
else {
  if (mysql_num_rows($result) == 1){
      // Assign the unique ID to a session variable
      $_SESSION['id'] = mysql_result($result, 0);
      echo "You have been authenticated\n";
  }
  else {
      echo "Unable to authenticate you\n";
  }
}
?>
[/code]

This should authenticate you if you exist in the database and now has your unique id stored in a session variable for use when editing.

3. User goes to profile.php which has the following code...

[code]
<?php
// Start session
session_start();

// Connect to the database
include_once('connect.php');

// Execute the query
$sql = "SELECT * FROM users WHERE id = '{$_SESSION['id']}'";
$result = mysql_query($sql);
if (!$result){
  // If query didn't execute
  echo "Unable to execute:<br>\n$sql<br>\n" . mysql_error();
}
else {
  if (mysql_num_rows($result) == 1){
      $row = mysql_fetch_array($result, MYSQL_ASSOC);
      // Echo the form here with the default values like so
      echo "<input type=\"text\" name=\"firstname\" value=\"{$row['firstname']}\">";
  }
  else {
      echo "Unable to retrieve your profile\n";
  }
}
?>
[/code]

This should be enough to get you started and on track.

Regards
Huggie

Share this post


Link to post
Share on other sites
The queries are going to need changing a little I'm sure, but I just wanted a basic example to show you the principle of the way it could work using a simple structure.

Regards
Huggie

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.