RidgeandGable Posted August 30, 2014 Share Posted August 30, 2014 Hi guys I have managed to get a login script working with sessions, The aim that I am looking for is:Allow a customer to login, Once logged in they are taken to their own account page - Profile.phpOn this page, would like to upload their nvoces, estimates etchave the login workng wth passing the username wth a session. if log in is successful, it will direct to profile and say Welcome back "username" etc. So this part is working.What do I need to do to make this page unique to this user? How can I upload a PDF Invoice / Estimate and allow only this username to view? Quote Link to comment Share on other sites More sharing options...
trq Posted August 30, 2014 Share Posted August 30, 2014 Any data in your system relating to this user needs to be stored along with an id that identifies it as belonging to this user. Then, your simply filter any queries by that users id. Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 30, 2014 Author Share Posted August 30, 2014 HiThanks for the replyEvery customer is issued with a Customer ID HL2283 which would be displayed in everyform.Are you able to break down the routine a little?I have the login, username (customerid) and password, that sends them to Profile.php with an active sessions (Welcome "Username") I have a folder in the root called invoices & another called estimates, I have mysql running on my own server which is working, When a user hits the profile page although the name is correct, any text or links I create on that page is the same for everyuser. What I'm needing help with is how can I link a PDF document to Mysql Table - Invoices, display that on the Profile only for a user matching "Username"? Quote Link to comment Share on other sites More sharing options...
ginerjm Posted August 30, 2014 Share Posted August 30, 2014 When the users upload their files, you should control the filename it is stored under. Assign the uid as a prefix to every file stored and then when you are looking for docs you just go a glob() with the id as the start of the filename mask. Of course another solution would be to have a db that stores the user's files and identifies the document by date, user id, saved doc name, description... etc. A query for docs by uid would give you the list of filenames. Again you would want them to all be unique filenames so you should be assigning them Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 30, 2014 Author Share Posted August 30, 2014 Thanks, are you able to give a little more help or point towards some sort of guide? Completely new to php Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 30, 2014 Author Share Posted August 30, 2014 I have tried to play with the pages I have:http://scotair.noip.me username is alex password alex this takes you to the profile page, and I have tried to add a update record by table in there just to see if I was pulling the info correctly, but although the page welcomes "alex" it doesn't actually show any further data Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 30, 2014 Author Share Posted August 30, 2014 Will try and explain it anotherway after I've looked at it again.I have the profile page that say Welcome "Alex"I know how to create a recordset in dreamweaver so I can retrieve info from MYsql, is there a way I can re-use the session that was created from the login page to act at the filter in the recordset?Heres a copy of the code from Profile (Once logged in) <?php require_once('../Connections/new.php'); ?> <?php $maxRows_Recordset1 = 10; $pageNum_Recordset1 = 0; if (isset($_GET['pageNum_Recordset1'])) { $pageNum_Recordset1 = $_GET['pageNum_Recordset1']; } $startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1; $colname_Recordset1 = "1"; if (isset($_SESSION['$login_session'])) { $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_SESSION['$login_session'] : addslashes($_SESSION['$login_session']); } mysql_select_db($database_new, $new); $query_Recordset1 = sprintf("SELECT * FROM login WHERE username = '%s'", $colname_Recordset1); $query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1); $Recordset1 = mysql_query($query_limit_Recordset1, $new) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); if (isset($_GET['totalRows_Recordset1'])) { $totalRows_Recordset1 = $_GET['totalRows_Recordset1']; } else { $all_Recordset1 = mysql_query($query_Recordset1); $totalRows_Recordset1 = mysql_num_rows($all_Recordset1); } $totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1; $colname_Recordset1 = "1"; if (isset($_SESSION['<?php echo $login_session; ?> '])) { $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_SESSION['<?php echo $login_session; ?>'] : addslashes($_SESSION['<?php echo $login_session; ?>']); } mysql_select_db($database_new, $new); $query_Recordset1 = sprintf("SELECT * FROM login WHERE username = '%s'", $colname_Recordset1); $Recordset1 = mysql_query($query_Recordset1, $new) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); ?> <?php include('session.php'); ?> <html> <head> <title>Your Home Page </title> <link rel="stylesheet" type="text/css" href="style.css"> </head> <body> <div id="profile"> <b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b> <table border="1"> <tr> <td>id</td> <td>username</td> <td>password</td> </tr> <?php do { ?> <tr> <td height="36"><?php echo $row_Recordset1['id']; ?></td> <td><?php echo $row_Recordset1['username']; ?></td> <td><?php echo $row_Recordset1['password']; ?></td> </tr> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?> </table> <b id="logout"><a href="logout.php">Log Out</a></b> </div> </body> </html> <?php mysql_free_result($Recordset1); ?> Quote Link to comment Share on other sites More sharing options...
ginerjm Posted August 30, 2014 Share Posted August 30, 2014 Did you buy your first car before you learned how to drive? Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 30, 2014 Author Share Posted August 30, 2014 Ha ha i live in the scottish borders and the answer is yes i did. It was a blue ford escort cost me 100 had it for 5 mnths till i past my test. The login pages were a script that i found. So im just trying to use the session that they created to capture the username at login and use it to filter a recordset where i can hold my files in a db for each user. I have tried looking for all this info myself but having 2 young kids and a business to run i am short on time. Once i have the basic site setup i do intend on doing a home course on php to progress further. I do appreciate any help i can get Quote Link to comment Share on other sites More sharing options...
Digitizer Posted August 31, 2014 Share Posted August 31, 2014 (edited) I once wrote a login script, and put some modules to be displayed to authorized users only, I used cookies though, but to authorize specific users to those certain modules, (giving more control over app) I used another logic without using any OOP approach at all.. The logic was assigning a groupName to each user, "Standard" when user registers which can be changed by superAdmin (hardcoded in program) The pseudo logic I can write here, I know it was a bad practice // All this is just a hinting code, not proper code get_login_details ($username,$password); $query = mysql_query(select * from userTable where username='$username' AND password='$password'); // if a row is returned if(mysql_num_rows($query) == 1){ set_cookie_thing $row = mysql_fetch_array($query); $group = $row['group']; if($group == 'admin'){$isAdmin = true;}else{$isAdmin = false;} } else { die("The username or password is incorrect"); } if(isset($isAdmin)){// display the modules or whatever you want} I had issues at times with this code so dont use such logics, it is just as idea to get you going and may come up with a better idea Edited August 31, 2014 by Digitizer Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 31, 2014 Author Share Posted August 31, 2014 Thanks So there is no simply way to pickup the sessions already in use with the script to allow me to use it dreamweaver? Quote Link to comment Share on other sites More sharing options...
ginerjm Posted August 31, 2014 Share Posted August 31, 2014 A session usually ends when the browser closes. Maintaining a db connection is a similar thing, although it usually goes away at the end of a script when you send something to the user to see. Consequently, you should develop a good few lines of code to make your db connection and then include that module in each of your scripts that require db access. Something like this: function MakeDBConnection($dbname) { ( your php code to connect and select the database name) return $db_handle; } Be sure to use mysqlI or PDO and not the soon-to-gone MySQL_* functions. And if using pdo use it properly. There's probably a good sticky post here that gives you some correct info on using pdo, highly recommended. Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 31, 2014 Author Share Posted August 31, 2014 Hiya cheers for thatI already have the connection setup <?php require_once('../Connections/new.php'); ?> In the new.php file is the connection to the DB etcI have the login working (downloaded script) I think all I need to figure out is how I can use the session already being used to pass the username from the login.php to profile.php so I can filter on my recordset in dreamweaver.The profile page has Welcome <b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b> which displays Welcome Alex (Alex being the username), I need to somehow tell dreamweaver to use that bit of code to filter on the username and display only those records? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted August 31, 2014 Share Posted August 31, 2014 the answer to your question of can you use the logged in username (you should actually use the user's id, an auto increment column in your user table that corresponds to the user name, since this will be much faster than using a text string in queries. this is the id that trq mentioned in the first reply in this thread) as a filter in a query is yes, but this does require that you understand some basics about php, such as php variables, and to understand something about the code you are using, so that you know at what point in that code a variable exists. if your login script, which i am assuming is accessed via the session.php file, makes $login_session available, then you can only use $login_session after the point where you have included session.php. you have mentioned 'in dreamweaver' a couple of times. you do know that dreamweaver is just a tool, and a poor one when it comes to server-side php code. you should not be relying on a tool to do your work for you. a tool is something that you use to accomplish a goal. Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 31, 2014 Author Share Posted August 31, 2014 Ok I'm getting it a little. I only really use DW for the layout etc, like I said before it's just a basic site to hold the invoice & estimates for the customers to log into. Yes there is a page called session.php which is <include session.php> within the profile page.I added a formfield to the profile page and manually entered the username and linked that to my recordset and it displays correctly, so I'm just looking for the exact way to call on the session as the recordset filter. Obivously not able to achieve this through DW I understand that. and I have download PHP for dummies and I am currently working through that trying to understand sessions and variable etc I see there is a section in the code with $login_session, I assume that that is the session that is created and the part in sessions.php with $SESSION 'login_user' = $username I think it says if I remember is where it is getting the answer from. So if I edit my code with textpad or something and find the sections with recordset and change the filter from $login_session to login_user I should get somewhere?Cheers guys for your patience and help Quote Link to comment Share on other sites More sharing options...
landi Posted August 31, 2014 Share Posted August 31, 2014 Hi, While I realise that anything that writes some of your code for you may seem attractive, in your case I think dreamweaver is getting in the way. I use a lovely IDE which colours my syntax and auto completes code and everything, but IMHO, even notepad would be better for you than dreamweaver. I'd be happy to help you break this down into a number of steps so you can understand, and succeed in doing what you want, but I think it will be quicker for you to ignore the scripts you've got and start from scratch. The steps aren't too hard, but starting with someone else's script is usually unhelpful. I think the steps you want are: 1) Design your database so that you have a common key between login info and invoices etc. (you may have done this) a) Your login table will have a primary key which, as someone mentioned, will be your user_id. Often it's a auto incrementing value. You can't use username unless it is unique. b) Your invoices and every other user data will be stored in tables which also have a user_id column. Whether you have one table for all user data or different ones for invoices, estimates etc depends on you. 2) Learn how to write a simple php query to mysql: a) Don't use mysql_ functions – as someone has pointed out they are now obsolete. I don't use PDO (because of our database) but I think it's a good choice. b) I've copied this code from the php help, so here's a simple connection + query. (You can move the connection to a 'hidden' file once you've got your page working: If you can get this code working, you will have mastered enough php to write almost any SELECT statement: Connection: <?php // Connection try { $aDb = new PDO('mysql:host=localhost;dbname=test', $user, $pass); } catch (PDOException $aErr) { print "Error!: " . $aErr->getMessage() . "<br/>"; die(); } ?> Statement setup: <?php // Set up a select statement with parameters $aQry = $aDb->prepare('SELECT name, colour, calories FROM fruit WHERE calories < :calories AND colour = :colour'); $aQry->bindParam(':calories', $calories, PDO::PARAM_INT); $aQry->bindParam(':colour', $colour, PDO::PARAM_STR, 12); ?> Note: You may be tempted to construct sql like dreamweaver was: sprintf("SELECT * FROM login WHERE username = '%s'", $colname_Recordset1); But if you're not careful with 'escaping' the parameter (username), you can create a hack opportunity called 'sql injection'. By using parameters, you avoid this. Retrieve data: <? // Execute the SELECT $aQry->execute(); // Get a row // Return next row as an array indexed by column name\n" $aRow= $aQry->fetch(PDO::FETCH_ASSOC); print_r($aRow); // Individual columns are available as $aRow['column-name'] ?> 3) Learn some session handling: a) In EACH page (not just the first), call session_start(). By default, PHP uses cookies to keep track of a 'session – id'. Once you call session_start() you can reference the $_SESSION super-global variable. You can store a value in it on one page and retrieve it on another: e.g. <?php // page1.php session_start(); $_SESSION['my-value'] = 123; ?> <?php // page2.php session_start(); print 'Value=' . $_SESSION['my-value']; // Should output 123 ?> Typically you could store the user-id in $_SESSION, once the user has successfully logged in. And you can use isset($_SESSION['my-value']) to determine if the variable has a value. If it hasn't, then the user didn't log in etc. 4) Making it work a) Don't write a long script. You don't need much html to make a browser work, so use the least html you can to play with php. b) Test one thing at a time. Try the connection code. Did it throw an error? No, then chances are you're connected to the db. If it did, and you can't figure it out, post it here. A short script with the just the relevant stuff is easy to debug and more likely to make someone here 'bite'. You'll also avoid people answering the wrong question. 5) Tying it together. Here is the basic PHP application layout: a) Each page will connect to the database, and call session_start() b1) Except for the login page, each page will test some $_SESSION['...'] value and if it is not set, then the user is not logged in so you re-direct back to the login page. For pages that don't require login (e.g. contact-us) then obviously you won't do this! B2) The login page will test the username and password and if correct, will set the $_SESSION variable (probably storing the user id). c) Each page that needs to display user info e.g. name or invoices etc, will do a SELECT statement with a parameter that is the user-id from the session. 6) PHP Course? Or not... a) I'm sure a course is helpful. Personally I prefer to learn from my own mistakes. b) You might be better off spending the money on a PHP IDE. I use phpstorm but there are plenty out there. A good IDE will colour your syntax, highlight your coding errors and help you upload to your server. I know dreamweaver does some of that, but once you've seen the real thing, you won't go back. It can take some effort to set up an IDE, but it is worth it (and the vendors usually want to help you make it work!) Many offer you a 30 day trial. Good luck Scotland! -A Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 31, 2014 Author Share Posted August 31, 2014 Landi thanks for your help your a star.Just to add, I wasn't looking for someone to write the code for me, I would much rather do it myself, but with learning from a book a few years ago, some of what I knew was outdated.I prefered to use the username option to bring everything together and I will be assigning the usernames to customers and this is alway First & Last Initial with 4 digits so always unique also the PDFs that will be stored are always in this format with the addition of 1 and 2 digits at the end. But in the data there is an ID field Autoinc that could be used.I will look into everything you have said above tonight and will see what I can get done starting from scratch. not sure if I'm allowed to post this or not but my fb is facebook.com/harry.lodge.129 if you want to add meThanks again Quote Link to comment Share on other sites More sharing options...
RidgeandGable Posted August 31, 2014 Author Share Posted August 31, 2014 Hey guysThought I would just give a quick update. I managed to get it working in the "old" way using php, mysql and dreamweaver againsts everyones advice.I scraped the downloaded login script and did the old way through the dreamweaver inputs, recordsets etc, I set my filter for the username as I was trying before, but somehow I ovelooked a section of right at the top of the profile.php page which was <?php if (!isset($_SESSION)) { session_start(); } ?> The login.php username now sends to profile.php and says welcome "username" and under that I have the dynamic table displaying the links to their own invoices and estimates from mysql db. A simple little bit of code that I overlooked 3 days ago!!!I will still follow Landi advice and over the next week or two attempt to re-do everything using PDO as suggested.Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.