benjyo Posted April 28, 2015 Share Posted April 28, 2015 Login page: <?php require_once('Connections/localhost.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "controlpanel.php"; $MM_redirectLoginFailed = "login.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_localhost, $localhost); $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $localhost) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/url] <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml">[/url] <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> </head> <body><form action="<?php echo $loginFormAction; ?>" method="POST" id="loginform"><table width="600" border="0"> <tr> <td><span id="sprytextfield1">username<br /> <label for="username"></label> <input type="text" name="username" id="username" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield2">password<br /> <label for="password"></label> <input type="password" name="password" id="password" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><input type="submit" name="login" id="login" value="login" /></td> </tr> <tr> <td> </td> </tr> </table> </form> <script type="text/javascript"> var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1"); var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2"); </script> </body> </html> Control panel: <?php require_once('Connections/localhost.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } }if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $colname_user = "-1"; if (isset($_SESSION['username'])) { $colname_user = $_SESSION['username']; } mysql_select_db($database_localhost, $localhost); $query_user = sprintf("SELECT * FROM users WHERE username = %s", GetSQLValueString($colname_user, "text")); $user = mysql_query($query_user, $localhost) or die(mysql_error()); $row_user = mysql_fetch_assoc($user); $totalRows_user = mysql_num_rows($user);$username_user = "-1"; if (isset($_SESSION['username'])) { $username_user = $_SESSION['username']; } mysql_select_db($database_localhost, $localhost); $query_user = sprintf("SELECT * FROM users WHERE %s = %s", GetSQLValueString($username_user, "text"),GetSQLValueString($username_user, "text")); $user = mysql_query($query_user, $localhost) or die(mysql_error()); $row_user = mysql_fetch_assoc($user); $totalRows_user = mysql_num_rows($user); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/url] <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml">[/url] <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> </head> <body> <a href="logout.php">logout</a> | <a href="user_epdate.php?username=<?php echo $row_user['username']; ?>">update</a> </body> </html> <?php mysql_free_result($user); ?> User update: <?php require_once('Connections/localhost.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "signup")) { $updateSQL = sprintf("UPDATE users SET firstname=%s, lastname=%s, email=%s, username=%s, password=%s WHERE userid=%s", GetSQLValueString($_POST['firstname'], "text"), GetSQLValueString($_POST['lastname'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['userid'], "int")); mysql_select_db($database_localhost, $localhost); $Result1 = mysql_query($updateSQL, $localhost) or die(mysql_error()); $updateGoTo = "controlpanel.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } $colname_Recordset1 = "-1"; if (isset($_GET['username'])) { $colname_Recordset1 = $_GET['username']; } mysql_select_db($database_localhost, $localhost); $query_Recordset1 = sprintf("SELECT * FROM users WHERE username = %s", GetSQLValueString($colname_Recordset1, "text")); $Recordset1 = mysql_query($query_Recordset1, $localhost) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); $username_Recordset1 = "-1"; if (isset($_GET['username'])) { $username_Recordset1 = $_GET['username']; } mysql_select_db($database_localhost, $localhost); $query_Recordset1 = sprintf("SELECT * FROM users WHERE %s = %s", GetSQLValueString($username_Recordset1, "text"),GetSQLValueString($username_Recordset1, "text")); $Recordset1 = mysql_query($query_Recordset1, $localhost) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = "%"; if (isset($_GET['username'])) { $totalRows_Recordset1 = $_GET['username']; } $colname_registeruser = "-1"; if (isset($_GET['username'])) { $colname_registeruser = $_GET['username']; } mysql_select_db($database_localhost, $localhost); $query_registeruser = sprintf("SELECT userid, firstname, lastname, email, username, password FROM users WHERE username = %s", GetSQLValueString($colname_registeruser, "text")); $registeruser = mysql_query($query_registeruser, $localhost) or die(mysql_error()); $row_registeruser = mysql_fetch_assoc($registeruser); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/url] <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml">[/url] <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> </head> <body><form action="<?php echo $editFormAction; ?>" method="POST" name="signup" id="signup"><table width="600" border="0"> <tr> <td><span id="sprytextfield1">username<br /> <label for="username"></label> <input name="username" type="text" id="username" value="<?php echo $row_registeruser['username']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield2">password<br /> <label for="password"></label> <input name="password" type="text" id="password" value="<?php echo $row_registeruser['password']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield3">firstname<br /> <label for="firstname"></label> <input name="firstname" type="text" id="firstname" value="<?php echo $row_registeruser['firstname']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield4">lastname<br /> <label for="lastname"></label> <input name="lastname" type="text" id="lastname" value="<?php echo $row_registeruser['lastname']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><span id="sprytextfield5">email<br /> <label for="email"></label> <input name="email" type="text" id="email" value="<?php echo $row_registeruser['email']; ?>" /> <span class="textfieldRequiredMsg">A value is required.</span></span></td> </tr> <tr> <td> </td> </tr> <tr> <td><input type="submit" name="submit" id="submit" value="Submit" /></td> </tr> <tr> <td><input name="userid" type="hidden" id="userid" value="<?php echo $row_registeruser['userid']; ?>" /></td> </tr> </table> <input type="hidden" name="MM_update" value="signup" /> </form> <script type="text/javascript"> var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1"); var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2"); var sprytextfield3 = new Spry.Widget.ValidationTextField("sprytextfield3"); var sprytextfield4 = new Spry.Widget.ValidationTextField("sprytextfield4"); var sprytextfield5 = new Spry.Widget.ValidationTextField("sprytextfield5"); </script> </body> </html> <?php mysql_free_result($Recordset1); ?> Please help. I am new to php and i am trying to get a session variable working. I am using dreamweaver cs6. I have got the login page working fine and connecting to my database. THis then loads the control panel,working fine. When i click edit on the control panel it is supposed to take me to a templated page with the session variable for the user logged in, this is not happening it is going to the username on the top row of my database. Quote Link to comment https://forums.phpfreaks.com/topic/295915-session-variables-on-login-and-edit-user-page/ Share on other sites More sharing options...
ginerjm Posted April 28, 2015 Share Posted April 28, 2015 1 - please use appropriate tags to wrap your way-too-much code. 2 - How about adding some echos to debug your code. See where it is going and decide if the flow is as you expect. Usually people start their session right at the top of their scripts so it is always readily available. Usually people separate their php code from the html code (and other stuff) to make it more manageable and easier to maintain as well as to read. 3 - please isolate your post to the area of the code that has the problem. You posted way more than most people want to wade thru to help you out. Why post a bunch of html if you are only concerned about your session vars? 1 Quote Link to comment https://forums.phpfreaks.com/topic/295915-session-variables-on-login-and-edit-user-page/#findComment-1510183 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.