Jump to content

Recommended Posts

I have three webpages in my first site that I am having trouble with. The flow of the 3 pages is : Register, then go to Welcome, then go to Login.
The Register page has a form with 11 entries. This page is supposed to set a session variable to contain all the input info and use it to populate blanks in the other pages. The welcome page should be able to display username and pw, but just shows up as blank. I eventually want a page where a user can edit their profile (fields from the database). I think everything works except for the session variable, which is supposed to be named UserID (same name as the key database field). Attached is a snippet of the Register user code. I can post the others if needed.
[code]
<?php require_once('../Connections/con_elders_local.php'); ?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
  $MM_dupKeyRedirect="register_user.php?repeat=true";
  $loginUsername = $_POST['username'];
  $LoginRS__query = "SELECT username FROM elders1 WHERE username='" . $loginUsername . "'";
  mysql_select_db($database_con_elders_local, $con_elders_local);
  $LoginRS=mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);

  //if there is a row in the database, the username was found - can not add the requested username
  if($loginFoundUser){
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");
    exit;
  }
}

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "newUser"))

{

// ob_start()

  $insertSQL = sprintf("INSERT INTO elders1 (firstname, lastname, username, password, church, address, city, state, zip, phone, email) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['firstname'], "text"),
                       GetSQLValueString($_POST['lastname'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['church'], "text"),
                       GetSQLValueString($_POST['address'], "text"),
                       GetSQLValueString($_POST['city'], "text"),
                       GetSQLValueString($_POST['state'], "text"),
                       GetSQLValueString($_POST['zip'], "text"),
                       GetSQLValueString($_POST['phone'], "text"),
                       GetSQLValueString($_POST['email'], "text"));

  mysql_select_db($database_con_elders_local, $con_elders_local);
  $Result1 = mysql_query($insertSQL, $con_elders_local) or die(mysql_error());

  $insertGoTo = "welcome.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
 
//  ob_end_flush()
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
[/code]
Link to comment
https://forums.phpfreaks.com/topic/24452-help-with-session-variables/
Share on other sites

Oops.  Attached is a snippet from the login page.  It has the session variable code.
[code]
<?php require_once('../Connections/con_elders_local.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['UserName'])) {
  $loginUsername=$_POST['UserName'];
  $password=$_POST['Password'];
  $MM_fldUserAuthorization = "UserID";
  $MM_redirectLoginSuccess = "../index.php";
  $MM_redirectLoginFailed = "login.php?failed=true";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_con_elders_local, $con_elders_local);
 
  $LoginRS__query=sprintf("SELECT username, password, UserID FROM elders1 WHERE username='%s' AND password='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
   
  $LoginRS = mysql_query($LoginRS__query, $con_elders_local) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
   
    $loginStrGroup  = mysql_result($LoginRS,0,'UserID');
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
[/code]
I am either making this too difficult for myself or I don't have a good grasp of what's going on.  Is it possible to have a user log in using his username and pw, then go to another page to update all of his 11 entered fields (like username, pw, address, email, etc) even though he only entered his username & pw in the login page?  My MySQL db is working fine, it's the PHP session variable code that is the problem.  Is there a tutorial or something that I can use as a guide to accomplish this?
Yes, it's actually quite simple.

1. User goes to login.php and provides his username and password in a form.
2. Submitting the form posts back to itself and connects to the database to retrieve details, use something like this:

[code]
<?php
// Start session
session_start()

// Connect to the database
include_once('connect.php')

// Execute the query
$sql = "SELECT id FROM users WHERE username = '{$_POST['username']}' AND password = '$_POST['password']'";
$result = mysql_query($sql);
if (!$result){
  // If query didn't execute
  echo "Unable to execute:<br>\n$sql<br>\n" . mysql_error();
}
else {
  if (mysql_num_rows($result) == 1){
      // Assign the unique ID to a session variable
      $_SESSION['id'] = mysql_result($result, 0);
      echo "You have been authenticated\n";
  }
  else {
      echo "Unable to authenticate you\n";
  }
}
?>
[/code]

This should authenticate you if you exist in the database and now has your unique id stored in a session variable for use when editing.

3. User goes to profile.php which has the following code...

[code]
<?php
// Start session
session_start();

// Connect to the database
include_once('connect.php');

// Execute the query
$sql = "SELECT * FROM users WHERE id = '{$_SESSION['id']}'";
$result = mysql_query($sql);
if (!$result){
  // If query didn't execute
  echo "Unable to execute:<br>\n$sql<br>\n" . mysql_error();
}
else {
  if (mysql_num_rows($result) == 1){
      $row = mysql_fetch_array($result, MYSQL_ASSOC);
      // Echo the form here with the default values like so
      echo "<input type=\"text\" name=\"firstname\" value=\"{$row['firstname']}\">";
  }
  else {
      echo "Unable to retrieve your profile\n";
  }
}
?>
[/code]

This should be enough to get you started and on track.

Regards
Huggie
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.