mcurtis Posted August 23, 2011 Share Posted August 23, 2011 Hello, I've been racking my brains (and spending sleepless nights) trying to get a login system to work by where the member will insert their email address as [username] and password (already stored in the DB) - then the page to divert to an administration panel with their User_id for them to only edit their information. The Code I have so far..... The login_form.php <?php //Start session session_start(); //Unset the variables stored in session unset($_SESSION['SESS_CLIENT_EMAIL']); unset($_SESSION['SESS_MAIN_ID']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Client Admin Panel</title> <link href="style.css" rel="stylesheet" type="text/css" media="screen" /> </head> <body> <div id="wrapper"> <div id="header"> <h1>CLIENT LOGIN</h1> <h2>CLIENT ADMINISTRATION PANEL</h2> version 2.10 </div> <div id="menu"> </div> <div id="content"> <div id="right"> <div class="post"> <h2>CLIENT ADMINISTRATION PANEL - CLIENT LOGIN</h2><br /> <h3><span class="err"><strong><font color="#800000">PLEASE LOGIN</font></strong></span></h3><form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="315" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="150"><b>Email Address:</b></td> <td width="157"><input name="login" type="text" class="textfield" id="client_email" /></td> </tr> <tr> <td><b>Secret Word:</b></td> <td><input name="password" type="password" class="textfield" id="client_password" /></td> </tr> <tr bgcolor='#f1f1f1'> <td> </td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td><b>Forgot SecretWord?:</b></td> <td><font face='tahoma, arial, helvetica' size='2' ><a href='forgot-password.php'>Click Here</a></font></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td><b>New Client?:</b></td> <td><font face='tahoma, arial, helvetica' size='2' ><a href='../dhsite/webpages/reg_1.php'> Register Here</a></font></td> </tr> </table> <br /> </form></p> </div> </div> </div> <div id="footer"> <p class="copyright">Copyright © *****************</p> </div> </div> </body> </html> And the handler: login_exec.php <?php //Start session session_start(); $_SESSION['var'] = $val; //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $client_email = clean($_POST['login']); $client_password = clean($_POST['password']); //Input Validations if($client_email == '') { $errmsg_arr[] = 'Email Address missing'; $errflag = true; } if($client_password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT client_email, client_password, main_id FROM users WHERE client_email='$client_email' AND client_password='$client_password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_CLIENT_EMAIL'] = $member['client_email']; $_SESSION['SESS_MAIN_ID'] = $member['main_id']; session_write_close(); header("Location: test_admin_panel.php?user_id=".$main_id.""); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Any help would be VERY much appreciated!! Quote Link to comment Share on other sites More sharing options...
doddsey_65 Posted August 23, 2011 Share Posted August 23, 2011 you want to carry the user id to the next page after they login? You could append it to the url when redirecting after the login: www.mysite.com/?user_id=1 or you could save it to a session to be called later session_start(); $_SESSION['user_id'] = $user_id; Quote Link to comment Share on other sites More sharing options...
mcurtis Posted August 23, 2011 Author Share Posted August 23, 2011 Thanks Doddsey for your reply! you want to carry the user id to the next page after they login? You could append it to the url when redirecting after the login: www.mysite.com/?user_id=1 This is exactly what I would like it to do but it just doesn't seem to want to carry over.. The bottom of my login_exec.php has what I thought would carry it in the header, but to no avail: //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_CLIENT_EMAIL'] = $member['client_email']; $_SESSION['SESS_MAIN_ID'] = $member['main_id']; session_write_close(); header("Location: test_admin_panel.php?user_id=".$main_id.""); exit(); }else { The reason why there are "user_id" & "main_id" is that the user db uses "user" and their information is held in a separate db using "main_id" (I know, I should have made them the same ) Quote Link to comment Share on other sites More sharing options...
doddsey_65 Posted August 23, 2011 Share Posted August 23, 2011 header("Location: test_admin_panel.php?user_id=".$main_id.""); I cant see where you have defined $main_id. Is it defined earlier in the script? if so does it return the correct id. also you dont need .""); at the end of your header redirect header("Location: test_admin_panel.php?user_id=".$main_id); Quote Link to comment Share on other sites More sharing options...
mcurtis Posted August 23, 2011 Author Share Posted August 23, 2011 Thanks again Doddsey!!! Your assistance was VERY much appreciated and got me looking in the right place! header("Location: test_admin_panel.php?user_id=".$main_id.""); I cant see where you have defined $main_id. Is it defined earlier in the script? if so does it return the correct id. also you dont need .""); at the end of your header redirect header("Location: test_admin_panel.php?user_id=".$main_id); I took out the ."" from the end of the header line and whilst there noticed: $_SESSION['SESS_MAIN_ID'] = $member['main_id']; session_write_close(); header("Location: test_admin_panel.php?user_id=".$main_id.""); and changed it to $_SESSION['SESS_MAIN_ID'] = $member['main_id']; session_write_close(); header("Location: test_admin_panel.php?user_id=".$member['main_id']); It was part after the ?user_id= which needed to reflect the $_SESS_MAIN_ID Thanks again - Now I can sleep! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.