Storing info in session
Posted: Tue Aug 14, 2012 7:38 pm
Rather new to PHP but I am learning
I have a simple login system for a website, and a table for users.
user table has these fields;
id
firstname
lastname
email
username
password
What I would like to do is store the first and last name along with the username and passord in the session also in order to display "Welcome FIRSTNAME LASTNAME" on the site
Code is as follows;
main_login.php
and
checklogin.php
Any help is appreciated Thank You
Rab
I have a simple login system for a website, and a table for users.
user table has these fields;
id
firstname
lastname
username
password
What I would like to do is store the first and last name along with the username and passord in the session also in order to display "Welcome FIRSTNAME LASTNAME" on the site
Code is as follows;
main_login.php
Code: Select all
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
checklogin.php
Code: Select all
$host="localhost"; // Host name
$username="******"; // Mysql username
$password="*****"; // Mysql password
$db_name="*****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:index.php");
}
else {
echo "Wrong Username or Password";
}
?>
Rab