L Posted June 13, 2007 Share Posted June 13, 2007 Hey, I need some help with my login script. It's seems to be going well, but I have a question. How would I make a user control panel so users can see their info and edit it if they want. I know using cookies you would go something like, <form id="1" name="1" method="post"><input type="text" name="email"> < input type="submit" name="change" value="Edit Email"></form> < ?PHP $email = addslashes($_POST['email']); $oldemail = $rowok['email']; $usertoedit = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `user`='".$rowok['user']."' "); echo "Users E-mail is currently: ".$oldemail; if ($_POST['change']) { mysql_query("UPDATE `users` SET `email`='".$email."' WHERE `user`='".$usertoedit['user']."' "); } ? > I want to know how to do this with sessions. also i want to know if it's more secure to use cookies or sessions because cookies seem easier to use, but I heard they are less secure as well. -Thank you for your time ~L Link to comment https://forums.phpfreaks.com/topic/55366-calling-from-database-onto-a-page/ Share on other sites More sharing options...
quickstopman Posted June 13, 2007 Share Posted June 13, 2007 the easiest thing to do is grab the info from the server using the users current id heres how you would do it <? start_session(); if ($_POST['change']) { $email = addslashes($_POST['email']); $oldemail = $rowok['email']; $usertoedit = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `user`='".$rowok['user']."' "); mysql_query("UPDATE `users` SET `email`='".$email."' WHERE `user`='".$usertoedit['user']."' "); echo "Your email has been changed!"; } else { // $_SESSION['userid'] should be set in your login script $sql = mysql_query("SELECT * FROM users WHERE userid = '{$_SESSION['userid']}'") or die(mysql_error()); // now this retrives the info from the data base in an array which you can use like // $row['username'] echo "Users E-mail is currently: ".$oldemail; $row = mysql_fetch_array($sql); echo '<form id="1" name="1" method="post"> <input type="text" name="email" value="{$row['email']}"> <input type="submit" name="change" value="Edit Email"> </form>'; } ?> Link to comment https://forums.phpfreaks.com/topic/55366-calling-from-database-onto-a-page/#findComment-273645 Share on other sites More sharing options...
lewis987 Posted June 13, 2007 Share Posted June 13, 2007 im creating the same thing same code as the previous poster with some minor edits ['code'] <? //PUT THIS AT THE START OF YOUR PAGE! /*************************************************************************/ /*************************************************************************/ /********* CREATED BY LEWIS987 @ PHPFREAKS */ /*************************************************************************/ /*************************************************************************/ start_session(); if(!session_is_registered("username"){ header("location: login.php"); //insert your own data here: $host=""; $username=""; $password=""; $tbl_users=""; $hash=""; mysql_connect($host, $username, $password) or die(mysql_error()); mysql_select_db($dbname) or die(mysql_error()); if ($_POST['email']) { $email = addslashes($_POST['email']); $oldemail = $rowok['email']; $usertoedit = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `user`='".$rowok['user']."' "); mysql_query("UPDATE `users` SET `email`='".$email."' WHERE `user`='".$usertoedit['user']."' "); echo "Your email has been changed!"; } elseif ($_POST['email']) { $oldpass = hash($hash,$_POST['oldpass']); $newpass = hash($hash,$_POST['newpass']); $newpassver = hash($hash,$_POST['newpassver']); $usertoedit = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `user`='".$rowok['user']."' "); //if new passwords do not match if($newpass != $newpassver){ echo 'ERROR: passwords do not match'; exit; } if($oldpass != $rows['password']){ echo 'ERROR: passwords do not match!'; exit; } mysql_query("UPDATE `users` SET `pass`='".$newpass."' WHERE `user`='".$usertoedit['user']."' "); echo "Your password has been changed!"; } else { // $_SESSION['userid'] should be set in your login script $sql = mysql_query("SELECT * FROM $users WHERE userid = '{$_SESSION['userid']}'") or die(mysql_error()); // now this retrives the info from the data base in an array which you can use like // $row['username'] echo "Users E-mail is currently: ".$oldemail; $row = mysql_fetch_array($sql); echo '<h3>Change your email address</h3> <form id="1" name="1" method="post" action="?email> New Email: <input type="text" name="email"> <input type="submit" name="email" value="Edit Email"> </form>'; echo '<h3>Change your password</h3> <form id="2" name="2" method="post" action="?pass"> Old Password: <input type="text" name="oldpass"> New Password: <input type="password" name="newpass"> Repeat Password: <input type="password" name="newpassver"> <input type="submit" name="changepass" Value="Change password"> } ?> code not tested! Link to comment https://forums.phpfreaks.com/topic/55366-calling-from-database-onto-a-page/#findComment-273762 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.