Extracting Data

ddluc32 · March 2, 2012

I usually only do design work, but a client wanted a log in system to his website, so I decided to do it.

I set everything up correctly, and users can sign up, login, and log out. However, he wants to be informed when a user logs into his site.

So say (user x) wants logs in, my client wants to receive an email with all of (user x)'s account information. How do I pull a row from mysql based on the login information provided?

My database is has 7 columns: user, pass, name, address, state, phone, email

The Little Guy · March 2, 2012

add a column with user_id:

alter table table_name add column user_id int AUTO_INCREMENT;

next when a user logs in save the information in a session:

<?php
// Connect to database
$user = mysql_real_escape_string($_POST['user']);
$pass = md5($_POST['pass']);
$sql = mysql_query("select * from users_table where user = '$user' and pass = '$pass'");
if(mysql_num_rows($sql) == 1){
session_start();
$row = mysql_fetch_assoc($sql);
$id = $_SESSION['user_id'] = $row['user_id'];
$name = $_SESSION['name'] = $row['name'];
$addr = $_SESSION['address'] = $row['address'];
$state = $_SESSION['state'] = $row['state'];
$phone = $_SESSION['phone'] = $row['phone'];
$email = $_SESSION['email'] = $row['email'];
$message = <<<OPT
User ID: $id
Name: $name
Address: $addr
State: $state
Phone: $phone
Email: $email
OPT;
mail("[email protected]", "Title", $message);
}
?>

ddluc32 · March 2, 2012

<?php // rnlogin.php
include_once 'rnheader.php';

echo "<h3>Member Log in</h3>";
$error = $user = $pass = "";

if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);


if ($user == "" || $pass == "")
{
	$error = "Not all fields were entered<br />";
}
else
{
	$query = "SELECT user,pass FROM rnmembers
			  WHERE user='$user' AND pass='$pass'";

	if (mysql_num_rows(queryMysql($query)) == 0)
	{
		$error = "Username/Password invalid<br />";
	}
	else
	{
                        $user = mysql_real_escape_string($_POST['user']);
		$pass = md5($_POST['pass']);
		$sql = mysql_query("select * from rnmembers where user = '$user' and pass = '$pass'");
		if(mysql_num_rows($sql) == 1){
			$row = mysql_fetch_assoc($sql);
			$id = $_SESSION['user_id'] = $row['user_id'];
			$name = $_SESSION['name'] = $row['name'];
			$addr = $_SESSION['address'] = $row['address'];
			$state = $_SESSION['state'] = $row['state'];
			$phone = $_SESSION['phone'] = $row['phone'];
			$email = $_SESSION['email'] = $row['email'];


			echo "$id <br />";
			echo "$name<br />";
			echo "$addr<br />";
			echo "$state<br />";
			echo "$phone<br />";
			echo "$email<br />";
									}
		die("You are now logged in. Please
		   <a href='home.php?view=$user'>click here</a>.");
	}
}
}




echo <<<_END
<form method='post' action='rnlogin.php'>$error
Username <input type='text' maxlength='16' name='user'value='$user' /><br />
Password <input type='password' maxlength='16' name='pass' value='$pass' /><br />
<br />
<br />
<input type='submit' value='Login' />
</form>
_END;
?>

Where rnheader.php includes:

session_start();

if (isset($_SESSION['user']))
{
$user = $_SESSION['user'];
$loggedin = TRUE;
}
else $loggedin = FALSE;

It doesn't come up with any errors, but it doesn't display anything (i changed it just from mailing to just displaying for now). It displays the $id, which is 1. but the other fields are blank.

I appreciate the help! Thanks!

The Little Guy · March 2, 2012

why are you doing the query twice?

ddluc32 · March 2, 2012

That was just me being sloppy, copy and pasting your code into mine.

Here is what I did. Mind you, I am not even 50% sure of what I'm doing, so if it looks wrong, it probably is.

updated code:

<?php // rnlogin.php
include_once 'rnheader.php';

echo "<h3>Member Log in</h3>";
$error = $user = $pass = "";

if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);


if ($user == "" || $pass == "")
{
	$error = "Not all fields were entered<br />";
}
else
{
     $sql = mysql_query("select * from rnmembers where user = '$user' and pass = '$pass'");

	if (mysql_num_rows(queryMysql($sql)) == 0)
	{
		$error = "Username/Password invalid<br />";
	}
	else
	{
		$user = mysql_real_escape_string($_POST['user']);
		$pass = md5($_POST['pass']);
		if(mysql_num_rows($sql) == 1){
			$row = mysql_fetch_assoc($sql);
			$id = $_SESSION['user_id'] = $row['user_id'];
			$name = $_SESSION['name'] = $row['name'];
			$addr = $_SESSION['address'] = $row['address'];
			$state = $_SESSION['state'] = $row['state'];
			$phone = $_SESSION['phone'] = $row['phone'];
			$email = $_SESSION['email'] = $row['email'];

			echo "$id <br />";
			echo "$name <br />";
			echo "$addr <br />";
			echo "$state<br />";
			echo "$phone<br />";
			echo "$email<br />";

		die("You are now logged in. Please
		   <a href='home.php?view=$user'>click here</a>.");
	}
}
}

}



echo <<<_END
<form method='post' action='rnlogin.php'>$error
Username <input type='text' maxlength='16' name='user'value='$user' /><br />
Password <input type='password' maxlength='16' name='pass' value='$pass' /><br />
<br />
<br />
<input type='submit' value='Login' />
</form>
_END;
?>

The Little Guy · March 2, 2012

what is:

queryMysql()?

ddluc32 · March 2, 2012

function queryMysql($query)
{
$result = mysql_query($query) or die(mysql_error());
return $result;
}

The Little Guy · March 2, 2012

remove it from the code.

ddluc32 · March 2, 2012

Yes. Thank you so much!

Sign In

Extracting Data

Recommended Posts

ddluc32

Link to comment

Share on other sites

The Little Guy

Link to comment

Share on other sites

ddluc32

Link to comment

Share on other sites

The Little Guy

Link to comment

Share on other sites

ddluc32

Link to comment

Share on other sites

The Little Guy

Link to comment

Share on other sites

ddluc32

Link to comment

Share on other sites

The Little Guy

Link to comment

Share on other sites

ddluc32

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information