MFA Posted January 3, 2013 Share Posted January 3, 2013 Hey guys. i'm new at coding and need some help. I'm tryin to get my site to say "Welcome, $first_name $surname ! .... etc etc" after the individual logs in and it's not working for some mysterious reason. Currently, it's saying everything else I want it to but it's ommiting the $first_name and $surname fields that i want it to show. Could someone please let me know why its not working and how I can fix it. Thanks. Here's what I've got: this file below is called checkuser.php <? /* Check User Script */ session_start(); // Start Session include 'db.php'; // Conver to simple variables $email_address = $_POST['email_address']; $password = $_POST['password']; if((!$email_address) || (!$password)){ echo "Please enter ALL of the information! <br />"; include 'login_form.html'; exit(); } // Convert password to md5 hash !!!!DELETED!!!! - for security reasons // check if the user info validates the db $sql = mysql_query("SELECT * FROM users WHERE email_address='$email_address' AND password='$password' AND email_activated='1'"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ foreach( $row AS $key => $val ){ $$key = stripslashes( $val ); } // Register some session variables! session_register('first_name'); $_SESSION['first_name'] = $first_name; session_register('surname'); $_SESSION['surname'] = $surname; session_register('email_address'); $_SESSION['email_address'] = $email_address; session_register('special_userY1'); $_SESSION['account_type'] = $account_type; mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: login_success.php"); } } else { echo "You could not be logged in! Either the email_address and password do not match or you have not validated your membership!<br /> Please try again!<br />"; include 'login_form.html'; } ?> this file below is called login_success.php <? session_start(); echo "Welcome ". $_SESSION['first_name'] ." ". $_SESSION['surname'] ."! You have made it to the members area!<br /><br />"; echo "Your user level is ". $_SESSION['account_type']." which enables you access to the following areas: <br />"; if($_SESSION['account_type'] == 1){ echo "- Forums<br />- Chat Room<br />"; } if($_SESSION['account_type'] == 2){ echo "- Forums<br />- Chat Room<br />- Moderator Area<br />"; } echo "<br /><a href=logout.php>Logout</a>"; ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 3, 2013 Share Posted January 3, 2013 That code is out of date by at least a decade, and is not at all secure. None of the form data is escaped before using it in the db query, there is no reason to use stripslashes() on data from the database except in the case it was improperly inserted to begin with, session_register() has been deprecated since the mid-1800s, I believe . . . Quote Link to comment Share on other sites More sharing options...
MFA Posted January 3, 2013 Author Share Posted January 3, 2013 Oh dear.. What do you mean by not being secure? - as in people will be able to login without registering or something worse? Also, I get the impression I need to start all over again for creating my membership system. Could you please advise on a tutorial I could follow? Quote Link to comment Share on other sites More sharing options...
NomadicJosh Posted January 4, 2013 Share Posted January 4, 2013 The mysql extension is deprecated and you should look into mysqli or PDO. Also, you will want to sanitize your data and hash passwords with a salt. Check out these resources: http://php.net/manual/en/book.mysqli.php http://php.net/manual/en/book.pdo.php http://www.openwall.com/phpass/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.