vherb Posted November 1, 2023 Share Posted November 1, 2023 (edited) Hello. So I decided to build a employee dashboard area for the company I work at. i followed some tutorials on setting up a log in system, it works perfectly. I ended up adding a few more fields in the registration for the user profile. The inputs get sent to the database. I can recall the username through the session. i would like to be able to display first name last name and phone number that are current stored in the database. I have spent waaay too long trying to figure this out on my own and its driving me insane to the point i am willing to ask for help here. Any help would be appriciated! registration.php <!DOCTYPE html> <html> <head> <title>KTS</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.4.3/css/mdb.min.css"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css"> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> <link rel="stylesheet" type="text/css" href="css/style.css"> </head> <body> <nav class="navbar fixed-top navbar-expand-sm " style="background-color: #f1f1f1"> <button class="navbar-toggler custom-toggler" type="button" data-toggle="collapse" data-target="#nav-content" aria-controls="nav-content" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="g-ytsubscribe" data-channelid="UCds5d45OsiuCkxSKjBy9UMQ" data-layout="full" data-theme="light" data-count="hidden"></div> <!-- Links --> <div class="collapse navbar-collapse" id="nav-content"> <ul class="navbar-nav"> <li class="nav-item"> <a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris/producers.html">To Do</a> </li> <li class="nav-item"> <a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris">Maintenance Logs</a> </li> <li class="nav-item"> <a class="nav-link navlinkfont active" href="http://lnmco.atspace.cc/lnm/Khris/soundcloud.html"></a> </li> </ul> </div> </nav> <br> <br> <br> <br> <div class="card" style="background-color: grey"> <?php require('db.php'); // When form submitted, insert values into the database. if (isset($_REQUEST['username'])) { // removes backslashes $username = stripslashes($_REQUEST['username']); //escapes special characters in a string $username = mysqli_real_escape_string($con, $username); $email = stripslashes($_REQUEST['email']); $email = mysqli_real_escape_string($con, $email); $password = stripslashes($_REQUEST['password']); $password = mysqli_real_escape_string($con, $password); $create_datetime = date("Y-m-d H:i:s"); $firstName = stripslashes($_REQUEST['firstName']); //escapes special characters in a string $firstName = mysqli_real_escape_string($con, $firstName); $lastName = stripslashes($_REQUEST['lastName']); $lastName = mysqli_real_escape_string($con, $lastName); $phone = stripslashes($_REQUEST['phone']); $phone = mysqli_real_escape_string($con, $phone); $query = "INSERT into `users` (username, password, email, create_datetime, firstName, lastName, phone) VALUES ('$username', '" . md5($password) . "', '$email', '$create_datetime', '$firstName', '$lastName', '$phone')"; $result = mysqli_query($con, $query); if ($result) { echo "<div class='form'> <h3>You are registered successfully.</h3><br/> <p class='link'>Click here to <a href='login.php'>Login</a></p> </div>"; } else { echo "<div class='form'> <h3>Required fields are missing.</h3><br/> <p class='link'>Click here to <a href='registration.php'>registration</a> again.</p> </div>"; } } else { ?> <form class="form" action="" method="post"> <h1 class="login-title">Registration</h1> <input type="text" class="login-input" name="username" placeholder="Username" required /> <input type="text" class="login-input" name="email" placeholder="Email Adress"> <input type="password" class="login-input" name="password" placeholder="Password"> <input type="text" class="login-input" name="firstName" placeholder="First Name" required /> <input type="text" class="login-input" name="lastName" placeholder="Last Name"> <input type="text" class="login-input" name="phone" placeholder="Phone Number" required /> <input type="submit" name="submit" value="Register" class="login-button"> <p class="link">Already have an account? <a href="login.php">Login here</a></p> </form> <?php } ?> </div> <script type="text/javascript" src="js/script.js"></script> </body> </html> login.php <?php session_start(); ?> <!DOCTYPE html> <html> <head> <title>KTS</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.4.3/css/mdb.min.css"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css"> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> <link rel="stylesheet" type="text/css" href="css/youtube.css"> </head> <body> <nav class="navbar fixed-top navbar-expand-sm " style="background-color: #f1f1f1"> <button class="navbar-toggler custom-toggler" type="button" data-toggle="collapse" data-target="#nav-content" aria-controls="nav-content" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="g-ytsubscribe" data-channelid="UCds5d45OsiuCkxSKjBy9UMQ" data-layout="full" data-theme="light" data-count="hidden"></div> <!-- Links --> <div class="collapse navbar-collapse" id="nav-content"> <ul class="navbar-nav"> <li class="nav-item"> <a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris/producers.html">To Do</a> </li> <li class="nav-item"> <a class="nav-link navlinkfont" href="http://lnmco.atspace.cc/lnm/Khris">Maintenance Logs</a> </li> <li class="nav-item"> <a class="nav-link navlinkfont active" href="http://lnmco.atspace.cc/lnm/Khris/soundcloud.html"></a> </li> </ul> </div> </nav> <br> <br> <br> <br> <div class="card" style="background-color: grey"> <?php require('db.php'); // When form submitted, check and create user session. if (isset($_POST['username'])) { $username = stripslashes($_REQUEST['username']); // removes backslashes $username = mysqli_real_escape_string($con, $username); $password = stripslashes($_REQUEST['password']); $password = mysqli_real_escape_string($con, $password); $firstName = stripslashes($_REQUEST['firstName']); //escapes special characters in a string $firstName = mysqli_real_escape_string($con, $firstName); $lastName = stripslashes($_REQUEST['lastName']); $lastName = mysqli_real_escape_string($con, $lastName); $phone = stripslashes($_REQUEST['phone']); $phone = mysqli_real_escape_string($con, $phone); $query = "SELECT * FROM `users` WHERE username='$username' AND password='" . md5($password) . "'"; $result = mysqli_query($con, $query) or die(mysql_error()); $rows = mysqli_num_rows($result); if ($rows >= 1) { $_SESSION['username'] = $username; // Redirect to user dashboard page echo "<script>window.location.href='/dashboard.php'</script>"; } else { echo "<div class='form'> <h3>Incorrect Username/password.</h3><br/> <p class='link'>Click here to <a href='login.php'>Login</a> again.</p> </div>"; } } else { ?> <form class="form" method="post" name="login"> <h1 class="login-title">Login</h1> <input type="text" class="login-input" name="username" placeholder="Username" autofocus="true"/> <input type="password" class="login-input" name="password" placeholder="Password"/> <input type="submit" value="Login" name="submit" class="login-button"/> <p class="link">Don't have an account? <a href="registration.php">Registration Now</a></p> </form> <?php } ?> </div> <script type="text/javascript" src="js/script.js"></script> </body> </html> auth_session.php <?php session_start(); if(!isset($_SESSION['username'])) { $_SESSION['firstName'] = $firstName; header("Location: login/login.php"); exit(); } ?> dashboard.php <?php //include auth_session.php file on all user panel pages include("login/auth_session.php"); ?> <!DOCTYPE html> <html> <head> <title>KTS</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css"> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> </head> <body> <div class="p-5 bg-primary text-center"> <h1>User Dashboard</h1> </div> <nav class="navbar navbar-expand-sm bg-dark"> <div class="container-fluid"> <ul class="navbar-nav me-auto mb-2 mb-lg-0"> <li class="nav-item"> <a class="nav-link active text-white active" aria-current="page" href="dashboard.php">Home</a> </li> <li class="nav-item"> <a class="nav-link text-secondary" aria-current="page" href="profile.php">Profile</a> </li> <li class="nav-item"> <a class="nav-link text-secondary" href="tasks.php">Tasks</a> </li> <li class="nav-item"> <a class="nav-link link-light text-secondary" href="#">Maintenance Logs</a> </li> <li class="nav-item"> <a class="nav-link link-light text-secondary" href="login/logout.php">Logout</a> </li> </ul> <p class="text-end text-white"> <?php date_default_timezone_set('US/Central'); //added line $b = time(); $hour = date("g", $b); $m = date("A", $b); if ($m == "AM") { if ($hour == 12) { echo "Good Evening,"; } elseif ($hour < 4) { echo "Good Evening,"; } elseif ($hour > 3) { echo "Good Morning,"; } } elseif ($m == "PM") { if ($hour == 12) { echo "Good Afternoon,"; } elseif ($hour < 6) { echo "Good Afternoon,"; } elseif ($hour > 5) { echo "Good Evening,"; } } ?> <?php echo $_SESSION['username']; ?> </p> </div> </nav> <div class="container mt-5"> <div class="row"> <div class="col-sm-4"> <p>Hey, <?php echo $_SESSION['username']; ?>!</p> <p>You have <span class="badge bg-danger">5</span> new tasks</p> </div> </div> </div> <div class="mt-5 p-4 bg-dark text-white text-center"> <p>some stuff here later</p> </div> <script type="text/javascript" src="js/script.js"></script> </body> </html> Edited November 1, 2023 by vherb Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 1, 2023 Share Posted November 1, 2023 Help with what? You didn't specify what part of this (too much) code is giving you difficulty Quote Link to comment Share on other sites More sharing options...
Strider64 Posted November 1, 2023 Share Posted November 1, 2023 (edited) I'd also point out that you aren't using prepared statements. I'd recommend learning PDO over mysqli. Additionally, you seem to rely heavily on sessions when ideally, only the user's ID should be stored in them and maybe a token. Edited November 1, 2023 by Strider64 Quote Link to comment Share on other sites More sharing options...
Phi11W Posted November 1, 2023 Share Posted November 1, 2023 In your login page, you need to extract the data from the data record you've retrieved and store it into the session, as you do for the username. $query = 'SELECT username, phone FROM users WHERE username=? AND password=?'; // bind parameters $result = mysqli_query($con, $query) or die(mysql_error()); $rows = mysqli_num_rows($result); if ($rows >= 1) { $_SESSION['username'] = $username; $_SESSION['phone'] = $result[ 'phone' ]; . . . Learn to use parameterised queries (which is much easier with PDO) to protect against SQL Injection attacks. Obligatory XKCD reference: Little Bobby Tables Never use "select *" in Production code. If somebody [else] adds some multi-Giga-byte columns holding the User's life story in video form, your super-quick login page suddenly slows to a crawl, having to read those massive fields that you've absolutely no interest in. Kudos for storing hashed passwords. Regards, Phill W. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.