L Posted June 27, 2007 Share Posted June 27, 2007 Hey, I got a register and login system going with sessions. The last piece i need is a member control panel page where a member can view all of his information that was entered into the database at registration. I'm new to sessions so it owuld be apreciated if someone could show me and explain to me how I can use the session data to get the info from the database and echo it onto a page. Here is my current script url, http://taizkul.prohosts.org Thank you for all your help...you guys must be tired of my numerous requests for help, but please point me in the right direction with this. ~L Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 if you have a lot of info don't over load your sessions, but instead only load the username into a session then requery on that c-pannel page with the sessioned username. Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 See thats a problem, i'm not sure how to echo out what's stored in the session....basically i stored the user's password and username when they sign in...so when they enter the cp they can see their username, and their email. But I'm not sure how I would get their email from the database when not stored in a session, or the username. I don't know how i would use $_GET on the session...if i would. Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 27, 2007 Share Posted June 27, 2007 Well, I am assuming that you have stored a session that is some sort of unique value that relates to that user, which is also stored in the database. Lets say that you have a session storing the users ID number, we will call the session $userID. <?php //Make the query to the database to get the users information $query = mysql_query("SELECT * FROM users WHERE userID='$userID'")or die(mysql_error()); $row = mysql_fetch_assoc($query); //This is example information that you could echo out. echo '<b>Username:</b> '.$row['username'].'</b><br>'; echo '<b>Name:</b> '.$row['name'].'</b>'; ?> The key is the query. It selects the information from the database specifically for the user you are wanting, and the $userID variable is making that possible. Hope this helps =] Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 $_SESSION['sessionname']; that is the session info, but don't over store the sessions, instead just store what you need for page to page and on the page where you need it all run a mysql query say WHERE `Username` = $_SESSION['username'] so to speak Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 yes using the primary key is a better method to ensure no errors Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 Well to Pocobueno, should i make a new field in my database for this userid? Because i have a session storing the user's username and password when they log in. And also can you explain to me how you got that code, more specifically the 'username' and 'name'? are those being retrieved from the database using the userid? And I also apologize for not being able to grasp this concept. :-\ And to cooldude, could i just go, echo '$_SESSION['username']; ? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 okay how do your users login? Also userID is the primary key to the table it auto_increments so that each row has a unque value to it that can be used for querying Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 well, i have two input fields, each named user and pass so I get use POST to set them into sessions. But if you mean register, I just register their username, pass(encrypted), and their other info. But from you post it would seem that i need to add a field call userid that autoincrements so i can call upon that id; thus, giving me the info from that id? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 show us your login script, you might have a bit of secruity issues in it, also it will help to explain this page Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 27, 2007 Share Posted June 27, 2007 Well to Pocobueno, should i make a new field in my database for this userid? Well, it would probably be a good idea to have an auto-incremented field in your DB that is called something along the lines of "userID". That will guarantee that you have a unique field for every user to work with. also can you explain to me how you got that code, more specifically the 'username' and 'name'? I am assuming that you have fields in the database that are called "username" and "name"...I was just using those as an example. It sounds like you are trying to jump in over your head. I would suggest learning the basics of PHP and database usage before you continue taking on things you can't handle. It will make things a lot easier on yourself, and also enable you to produce more efficient code when it comes time to programming what you are trying to do. Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 Well I did read up on php before attempting this, and I don't feel like im in way over my head...but maybe I might be, who knows? But I did do my research so i thought i got it down. Here is my login script, <? function confirmUser($username, $password){ global $conn; if(!get_magic_quotes_gpc()) { $username = addslashes($username); } $q = "select password from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } function checkLogin(){ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } if(isset($_SESSION['username']) && isset($_SESSION['password'])){ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } else{ return false; } } function displayLogin(){ global $logged_in; if($logged_in){ echo "Logged In<br />"; echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <br><br>" ."<a href=\"cp.php?user=$_SESSION[username]\">My Account</a><br /> "; echo "<a href=\"logout.php\">Logout</a>"; } else{ ?> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td></tr><tr><td><input type="text" name="user" size="15" maxlength="30"/></td></tr> <tr><td>Password:</td></tr><tr><td><input type="password" name="pass" size="15" maxlength="30"></td></tr> <tr><td>Remember Me:<input type="checkbox" name="remember"> <input type="submit" name="sublogin" value="Login" style="font-size: 8pt; color: #000000; word-spacing: 0; margin-top: 0; margin-bottom: 0" /></td></tr> </table> </form> <? } } if(isset($_POST['sublogin'])){ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); if($result == 1){ die('That username doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">"; return; } $logged_in = checkLogin(); ?> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 Your checking method is a bit unorthodox try this one (mod where needed) $url is the url they are sent on success, you can just use this page as success/failure <?php $start = session_start(); // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = trim($_POST['url']); //Connects to DB require("includes/mysql_include.php"); $table = "users"; $sql="SELECT * FROM $table WHERE Username='$username' and Password='$cryptpassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $storage= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Registers sesions and redirect to file "login_success.php" //Sessions here header("location: $url"); } else { echo "Wrong Username or Password"; } ?> edit: The Magic quotes isn't needed here or mysql_escape_string is not really needed because password is md5() in my case so it destroys any hack attempt, but that is of course if you are protecting passwords with an encryption such as md5() (i recommend it, however passwords are a 1 way street and to recover is impossible, you must resend a new password Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 unorthodox, an interesting to describe php code, but i guess it was, lol. Ok, the url they will get sent to is their control panel. Here is the modifiedcode. <?php $start = session_start(); // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = trim($_POST['/cp.php?user=$username']); //Connects to DB require("database.php"); $table = "users"; $sql="SELECT * FROM $table WHERE Username='$username' and Password='$cryptpassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $storage= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Registers sesions and redirect to file "login_success.php" //Sessions here header("location: $url"); } else { echo "Wrong Username or Password"; } ?> I'll just add the remember me thing in later...first i want to get this down. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 first change $url = trim($_POST['/cp.php?user=$username']); with $url = '/cp.php?user=$username'; secondly if your passwords aren't using md5() then adjust that part too. thridly add in your sessions in that part i said //sessions here Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 Opps, my bad, and I am using md5 passwords so here is the script....also should i be modifying this with the newsid? <?php $start = session_start(); // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = '/cp.php?user=$username'; //Connects to DB require("database.php"); $table = "users"; $sql="SELECT * FROM $table WHERE Username='$username' and Password='$cryptpassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $storage= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Registers sesions and redirect to file "login_success.php" //Sessions here $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $md5pass; header("location: $url"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 don't store password in a session, not only security risk, but pointless. Also store the userID in a session and I think you got it Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 I was going to have a change pass thing, but since it's encrypted it would be useless so your right.... <?php $start = session_start(); // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = '/cp.php?user=$username'; //Connects to DB require("database.php"); $table = "users"; $sql="SELECT * FROM $table WHERE Username='$username' and Password='$cryptpassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $storage= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Registers sesions and redirect to file "login_success.php" //Sessions here $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $userID; header("location: $url"); } else { echo "Wrong Username or Password"; } ?> I have a question about the user id though. Should I have, $query = mysql_query("SELECT * FROM users WHERE userid='$userID'")or die(mysql_error()); $row = mysql_fetch_assoc($query); in the code as well so it knows where to get the userid from? If not does it automatically get the userid from the row of the username when it logs in? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 this was set up for my needs, for you all you need is $sql="SELECT `UserID` FROM $table WHERE Username='$username' and Password='$cryptpassword'"; and then to get the UserID returned its not $userid but $storage['UserID'] $storage takes what ever you have selected from the query and puts it into an array Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 So can you check over my full login to see if it's correct?...because when i upload it is gives me a wrong password before i log in or attempt to, and the rest of the pageis missing from my index, http://taizkul.prohosts.org <?php $start = session_start(); // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = '/cp.php?user=$username'; $sql="SELECT `userid` FROM $table WHERE username='$username' and password='$cryptpassword'"; //Connects to DB require("database.php"); $table = "users"; // Mysql_num_row is counting table row $count=mysql_num_rows($result); $storage= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Registers sesions and redirect to file "login_success.php" //Sessions here $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $userID; header("location: $url"); } else { echo "Wrong Username or Password"; } ?> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td></tr><tr><td><input type="text" name="username" size="15" maxlength="30"/></td></tr> <tr><td>Password:</td></tr><tr><td><input type="password" name="password" size="15" maxlength="30"></td></tr><tr><td> <input type="submit" name="sublogin" value="Login" style="font-size: 8pt; color: #000000; word-spacing: 0; margin-top: 0; margin-bottom: 0" /></td></tr> </table> </form> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 Yeah it will because the else case is absolute try this So can you check over my full login to see if it's correct?...because when i upload it is gives me a wrong password before i log in or attempt to, and the rest of the pageis missing from my index, http://taizkul.prohosts.org <?php $start = session_start(); if (ISSET($_POST['sublogin']) || $_POST['sublogin'] == "Login") { // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = '/cp.php?user=$username'; $sql="SELECT `userid` FROM $table WHERE username='$username' and password='$cryptpassword'"; //Connects to DB require("database.php"); $table = "users"; // Mysql_num_row is counting table row $count=mysql_num_rows($result); $storage= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Registers sesions and redirect to file "login_success.php" //Sessions here $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $userID; header("location: $url"); } else { echo "Wrong Username or Password"; } } ?> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td></tr><tr><td><input type="text" name="username" size="15" maxlength="30"/></td></tr> <tr><td>Password:</td></tr><tr><td><input type="password" name="password" size="15" maxlength="30"></td></tr><tr><td> <input type="submit" name="sublogin" value="Login" style="font-size: 8pt; color: #000000; word-spacing: 0; margin-top: 0; margin-bottom: 0" /></td></tr> </table> </form> edit: I didn't see you modified your submit try it now Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 hmm...the problem is still there except the wrong password is gone, the page is still missing and I can't login. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 try <form action="" method="post"> replace with: <form action="index.php" method="post"> Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 same result....the page is cut off, and i can't log in ??? EDIT: Here's the code now <?php $start = session_start(); if (ISSET($_POST['submit'])) { // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = '/cp.php?user=$username'; $sql="SELECT `userid` FROM $table WHERE username='$username' and password='$cryptpassword'"; //Connects to DB require("database.php"); $table = "users"; // Mysql_num_row is counting table row $count=mysql_num_rows($result); $storage= mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Registers sesions and redirect to file "login_success.php" //Sessions here $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $userID; header("location: $url"); } else { echo "Wrong Username or Password"; } } ?> <form action="index.php" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td></tr><tr><td><input type="text" name="username" size="15" maxlength="30"/></td></tr> <tr><td>Password:</td></tr><tr><td><input type="password" name="password" size="15" maxlength="30"></td></tr><tr><td> <input type="submit" name="sublogin" value="Login" style="font-size: 8pt; color: #000000; word-spacing: 0; margin-top: 0; margin-bottom: 0" /></td></tr> </table> </form> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 you didn't change the ISSET($_POST['submit'] should be: if (ISSET($_POST['sublogin']) || $_POST['sublogin'] == "Login") also make sure the $start is at the top of the page right after the doc type Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.