php forum need help

J@mes · December 29, 2007

Hello everyone sorry before hand if this because a long post but i really do need so help as i have only been working with PHP for a few weeks now. my university project this year is to create a forum and include all features such as a moderator , being able to post, view and delete topics.

so here is my problem so far i have created a logging script which works fine as i have been following a tutorial on how to get this working what i'm trying to do is get the usersid and send it to the next page (login_success.php) to tell if this user is a moderator.

checklogin.php:-


<<?php

ini_set( 'display_errors', '1' );
error_reporting( E_ALL | E_STRICT );  

ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=mysql_escape_string($_POST['myusername']); //edited 12/27/07
$mypassword=mysql_escape_string($_POST['mypassword']); 


$sql="SELECT * FROM $tbl_name WHERE username = '$myusername' and password = '$mypassword'";  
$result=mysql_query($sql);

$id_result ="SELECT id FROM $tbl_name WHERE username = '$myusername'and password = '$mypassword'"; 
$id=mysql_query($id_result);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row



if($count==1)
{
    session_register("myusername");
    session_register("mypassword");

    
    
    header("location:login_success.php?id=$id");

}
    else 
    {
        
    echo "Wrong Username or Password";

    }

ob_end_flush();

?>

login_success.php


<?
session_start();
if(!session_is_registered(myusername))
{
header("location:main_login.php");
}
?>

<html>
<body>


</body>
</html>

<?

echo "you are logged in as: ",$_SESSION[myusername];
$id = intval( $_GET['id'] );
echo $id; //echo for testing 

?>

Thanks James

[attachment deleted by admin]

revraz · December 29, 2007

I hope they are teaching you to code with Register Globals Off.

The User ID shouldn't tell the script if they are a Moderator, there should be some sort of access level in the user table instead.

Also, no need to do two sql queries when your first query gets the ID as well, since you are doing a SELECT *.

Make sure you put session_start(); at the top of your login_success.php page, and use

$_SESSION['myusername'] = $myusername;

$_SESSION['mypassword'] = $mypassword;

instead of

session_register("myusername");

session_register("mypassword");

Not really sure why you need the PW in a session though. You should add one more session from the user table for their access level, and then you can check that on each page or action that requires a certain access.

J@mes · December 29, 2007

Thank you for the fast reply

"The User ID shouldn't tell the script if they are a Moderator, there should be some sort of access level in the user table instead".

how to i go about doing this? sorry to ask so much but i'm on a major learning curve i have changed my code to what you recommended

Thanks

James

revraz · December 29, 2007

Add some sort of access level field in your database, then when you do your query just read that variable.

You can set it up anyway you like, using numbers or names, it's all up to you.

J@mes · December 29, 2007

ok so add another field into my php myadmin database? how do i know if it is a access level field?

revraz · December 29, 2007

You determine that. You need to design the field and decide if you want to use a VARCHAR or INT (alpha or numbers).

J@mes · December 29, 2007

ok i think i understand i will create another field, which mysql command will allow me to the that value as i have learned that mysql_query() only returns true or false if the statment where executed rather then the data.

Thanks for your time

James

revraz · December 29, 2007

You are already getting all the info here

$sql="SELECT * FROM $tbl_name WHERE username = '$myusername' and password = '$mypassword'";

You'll want to do a mysql_fetch command on this and turn the resource into either an array or object.

J@mes · December 29, 2007

as in something like this:



$sql="SELECT * FROM $tbl_name WHERE username = '$myusername' and password = '$mypassword'";  
$result=mysql_query($sql);


$result = mysql_fetch_array($result)

redarrow · December 29, 2007

database structure like his:

users

-----

users_id

users_name

users_password

users_ip

users_date_added

users_email_activation

users_member_type

Sign In

php forum need help

Recommended Posts

J@mes

Link to comment

Share on other sites

revraz

Link to comment

Share on other sites

J@mes

Link to comment

Share on other sites

revraz

Link to comment

Share on other sites

J@mes

Link to comment

Share on other sites

revraz

Link to comment

Share on other sites

J@mes

Link to comment

Share on other sites

revraz

Link to comment

Share on other sites

J@mes

Link to comment

Share on other sites

redarrow

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information