Jump to content

please help!


wikedawsum

Recommended Posts

Okay, the amount of code here is starting to confuse me.

Where is $username ever initially set, before it is supposed to go in the URL? Before you ever try and $_GET it, where is it ever set to be printed out in that link?
Link to comment
Share on other sites

The whole point is your users are allready logged in by this stage. No need to pass there username around in the url, make your query grab it from the $_SESSION array. eg;

[code=php:0]
$sql = "SELECT * FROM report WHERE username = '{$_SESSION['username']}'";
[/code]
Link to comment
Share on other sites

if it isn't too late, I have made a script for you that will get the user login, process it, then display user information, it is 3 files big, where each file is no more than 15 lines long, Hope it helps you.

Login.html
[code]<form action="check.php" method="post">
Name: <input type="text" name="username"><br>
Pass: <input type="password" name="password">
</form>[/code]

check.php
[code]
<?php
$conn = mysql_connect("mysql.aacapartsandsupplies.com", "bconger", "bmc5106") or die($msg_no_connect);
mysql_select_db("tokens") or die(mysql_error());

$sql = mysql_query("SELECT * FROM report WHERE username='{$_POST['username']}' AND password='{$_POST['password']}'")or die(mysql_error());
$row = mysq_fetch_array($sql);
if($row){
session_start();
$_SESSION['username'] = $row['username'];
$_SESSION['login'] = 1;
header("Location: reports.php");
}else{
header("Location: login.html");
}
?>[/code]

reports.php
[code]<?php
session_start();
if($_SESSION['login']!=1){
header("Location: login.html");
}

echo 'Welcome: '.$_SESSION['username'];
?>[/code]
Link to comment
Share on other sites

Ok.. this is following the PHP and MySQL Web Development book by Luke Welling. I'm learning this as I go, which I know is probably a bad idea, but I learn best by actually doing things.. not reading it.

I have an index page that contains a login form. The script for the login form is contained in member.php (landing page).

member.php is as follows:

[code]<?php

// include function files for this application
require_once('tokens_fns.php');
session_start();

if (!isset($_SESSION['valid_user'])){
  //create short variable names
  $username = $_POST['username'];
  $passwd = $_POST['passwd'];

$conn = mysql_connect("*****", "*****", "*****")
  or die($msg_no_connect);
  mysql_select_db("*****")
  or die(mysql_error());

  // Run query
  $sql = "SELECT * FROM user WHERE username='$username' and passwd=sha1('$passwd')";
  $r = mysql_query($sql);
  if(!$r){
    $err=mysql_error();
    echo $err;
    exit();
  }

  if(mysql_num_rows($r) > 0){
    echo "no such login in the system. please try again.";
    exit();
  }
  else{
  $_SESSION['valid_user'] = $username;
  }
}


do_html_header('');

display_user_menu('');

check_valid_user('');

?>

<div id="right">
    <div id="title">
      <h1>Welcome to your AACA Locker <? echo $_SESSION['valid_user']; ?></h1>
    </div>
<?
if (isset($_SESSION['valid_user']))
{
  echo '<p>Thanks for logging in! You may now view your custom reports, vote in our
      polls, and be sure to check for any rewards you may have won!</p>';
}
  else
  {
  if (isset($username))
  {
  // if they've tried and failed to log in
  echo 'Could not log you in.<br />';
  }
  else
  {
  //they have not tried to log in yet or have logged out
  echo 'You are not logged in.<br />';
  }
  }
  ?>
  </div>
 
<?
do_html_footer('');
?>[/code]

The link to my reports page is contained in the user menu which is contained in my display_user_menu() function. It's simple HTML with this: <a href="reports.php?username=<?=$username?>">Reports</a> added for the reports link.

Complete reports.php page:

[code]<?php

require_once('tokens_fns.php');
session_start();

if (isset($_SESSION['valid_user'])){

$username = $_GET['username'];
if  (isset($username)) {
    echo "This is the dang username: $username";
    } else {
    echo "There is nothing in this variable";
}

  $conn = mysql_connect("******", "******", "******")
  or die($msg_no_connect);
  mysql_select_db("******")
  or die(mysql_error());
 
  $sql = "SELECT * FROM report WHERE username='$username'";
  $res = mysql_query($sql);
  if(!$res){
    $err=mysql_error();
    echo $err;
    exit();
  }

do_html_header('');

display_user_menu('');

check_valid_user('');

}
else {
echo 'You are not authorized to view this page.';
}

?>

<div id="right">
    <div id="title">
      <h1>Reports for <? echo $_SESSION['valid_user']; ?></h1>
    </div>
<p>To download your report, click on the report name.</p>
<?
if (mysql_num_rows($res) > 0 ) {
    while ($row = mysql_fetch_assoc($res)) {
    echo '<table border="0" cellpadding="5">';
      echo "<tr>
  <td><img src='../images/download_icon.gif' align='left' hspace='10'><a href='{$row['report_url']}'>{$row['report_name']}</a></td>
</tr>";
  }
    echo '</table>';
  }
  else
  echo 'Your reports have not been set up. Please check back soon.';
  ?>
<p>In order to view PDF documents, you must have Adobe Reader installed on
      your computer. If you do not, you may <a href="http://www.aacapartsandsupplies.com/adobe_reader.exe">download
      it here</a>.</p>
  </div>
 
<?
do_html_footer('');
?>[/code]


I hope that clarifies both of your questions..
Link to comment
Share on other sites

I was able to solve my problem by using thorpe's suggestion. I was also able to get my results by using a subquery like so:

[code]$sql = "SELECT * FROM report WHERE username IN (SELECT username FROM user)";[/code]

Thank you all for your input and bearing with me. This board has taught me a lot, and I greatly appreciate it!
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.