Page 1 of 1

user sessions

Posted: Wed Aug 16, 2006 1:13 pm
by Obadiah
ok....im not quite sure how i got rid of the registration errors but ladies and gents its finally working.....what i want to do now is create user sessions...i know absolutely nothing about this and im not even sure if i need to do thisbut what im trying to do is since the database has already recognized the user how do i get php to direct the user to his/her own personalized page....say to reveiw their own personal info....im guessing what id have to do would be to create some kind of case statement, because as of right now it directs all the users no matter the username to the same page

Code: Select all

session_start();
  include("functions_main.inc");                         
  $table_name = "Customer";                              
  $next_program = "SecretPage.php";//occurance 1

Code: Select all

if($num == 1)                                      
      {
         $sql = "SELECT user_name FROM $table_name 
                 WHERE user_name='$_POST[fusername]'
                 AND password=md5('$_POST[fpassword]')";
         $result2 = mysqli_query($cxn,$sql)
                   or die("Couldn't execute query 2.");  
         $row = mysqli_fetch_assoc($result2);            
         if($row)                                        
         {
           $_SESSION['auth']="yes";                      
           $_SESSION['logname'] = $_POST['fusername'];   
           header("Location: $next_program");//occurance 2            
         }
         else                                            
         {
           $message_1="The Login Name, '$_POST[fusername]' 
                   exists, but you have not entered the 
                   correct password! Please try again.<br>";
           extract($_POST);
           include("fields_login.inc");
           include("double_form.inc");
         }                                               
      }

Code: Select all

else                                              
      {   
        $today = date("Y-m-d");                         
        $fields_str = implode(",",$fields);
        $values_str = implode('","',$values);
        $fields_str .=",create_date";
        $values_str .='"'.",".'"'.$today;
        $fields_str .=",password";
        $values_str .= '"'.","."md5"."('".$password."')";
        $sql = "INSERT INTO $table_name ";
        $sql .= "(".$fields_str.")";
        $sql .= " VALUES ";
        $sql .= "(".'"'.$values_str.")";
        mysqli_query($cxn,$sql) or die(mysqli_error($cxn));
        $_SESSION['auth']="yes";                        
        $_SESSION['logname'] = $user_name;              
        /* send email to new Customer */
        $emess = "You have successfully registered. ";
        $emess .= "Your new user name and password are: ";
        $emess .= "\n\n\t$user_name\n\t";
        $emess .= "password\n\n";
        $emess .= "We appreciate your interest. \n\n";
        $emess .= "If you have any questions or problems,";
        $emess .= " email service@ourstore.com";        
        $subj = "Your new customer registration";       
        #$mailsend=mail("$email","$subj","$emess");     
        header("Location: $next_program");//occurance 3
      }
there are three occurances inwhich the code that im using points to $next_program in the tutorial...where should i place the case statement(assuming that i should or supposed to use a case statement) or am i miles away from home again?

also this line from the tutorial is commented out(i didnt notice it was until after i posted)

Code: Select all

$mailsend=mail("$email","$subj","$emess");
and when i ran it without the comment i got 2 errors that said

Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in C:\bla\bla\bla\PHP\Login.php on line 204

Warning: Cannot modify header information - headers already sent by (output started at C:\bla\bla\bla\PHP\Login.php:204) in C:\bla\bla\bla\PHP\Login.php on line 205


and here is the funny thing about it all....the username saves in the database....so the information is saving and everything works perfectly...the only problem is when i try to shoot the email to the customer i get that error....does anyone know why?

Posted: Wed Aug 16, 2006 1:25 pm
by s.dot
They should be all directed to the same page. However, this page should have a variable sent via $_GET

user1 -> page.php?user=user1
user2 -> page.php?user=user2
user3 -> page.php?user=user3

And so on.

Then you would pull information based on $_GET['user'].

Posted: Wed Aug 16, 2006 1:28 pm
by Obadiah
scottayy wrote:They should be all directed to the same page. However, this page should have a variable sent via $_GET

user1 -> page.php?user=user1
user2 -> page.php?user=user2
user3 -> page.php?user=user3

And so on.

Then you would pull information based on $_GET['user'].
what do you mean.....should this be done on the page that is posted here or on secret page?....im sorry but im not understanding what you mean.

Posted: Thu Aug 17, 2006 8:17 am
by Obadiah
new day plenty of hours later can anyone help me with this problem....perhaps shed some light on what scottay said....i think what hes meaning is to possibly create a php page and somewhere in the beginning put $_GET USER kinda like

Code: Select all

<?php
$_GET user_name;//this is the primary key field
echo "
<html>
<head>
<title></title>
<body>
<!--will contain specific users' content-->
</body>
</head>
</html>
";
?>
but where do i place

user1 -> page.php?user=user1
user2 -> page.php?user=user2
user3 -> page.php?user=user3

also if i have one site and i want the user to go to his own personalized version of it that has his information stored in it....where do i place his files....wouldent i have to direct php to the different files and such for user1 and so on....these are some of the things that im not understanding

Posted: Fri Aug 18, 2006 8:44 am
by Obadiah
:? can anyone help me figure this out....maybe a nice admin who could spare to shed some light on this newbies dark mind thats not understanding what scottayy said....anyone :cry:

Posted: Fri Aug 18, 2006 3:42 pm
by s.dot
A user logs in correct... Say you want to show them THEIR info & nobody elses. Here's the idea behind it

Login Form -> User Logs in -> Login is proceessed and validated -> user is redirected to a page containing their information.

A simple psuedo redirection would look like this

Code: Select all

$username = $_POST['username'];

//validation exists

header('Location: info.php?user='.$username);
Say they entered 'bob' as their username. They would be redirected to info.php?user=bob. Now, that's what makes it show THEIR info and nobody elses. You could get their username by using the get variable.

Code: Select all

$user = $_GET['user']
Now you display only information pertaining to that user? How? That's up to you. Usually it's done using a database query or two.

Code: Select all

SELECT * FROM `user_data` WHERE `username` = '$user'
Now, that query will only grab information for the user that you see in your URL query string. To simplify once again..

Bob logs in
Bob is redirected to info.php?user=bob
info.php queries for info for bob

Hope this makes sense. And it's what you're asking? :)

Posted: Fri Aug 18, 2006 3:45 pm
by s.dot
Wow, I think I totally missed the point of your question. Are you just trying to get emails to work?

:oops:

Posted: Fri Aug 18, 2006 5:20 pm
by Obadiah
ok....what your saying to do is something like this

Code: Select all

else                                              
      {   
        $today = date("Y-m-d");                         
        $fields_str = implode(",",$fields);
        $values_str = implode('","',$values);
        $fields_str .=",create_date";
        $values_str .='"'.",".'"'.$today;
        $fields_str .=",password";
        $values_str .= '"'.","."md5"."('".$password."')";
        $sql = "INSERT INTO $table_name ";
        $sql .= "(".$fields_str.")";
        $sql .= " VALUES ";
        $sql .= "(".'"'.$values_str.")";
        mysqli_query($cxn,$sql) or die(mysqli_error($cxn));                 
        $_SESSION['auth']="yes";                        
        $_SESSION['logname'] = $user_name;              
        /* send email to new Customer */
        $emess = "You have successfully registered. ";
        $emess .= "Your new user name and password are: ";
        $emess .= "\n\n\t$user_name\n\t";
        $emess .= "password\n\n";
        $emess .= "We appreciate your interest. \n\n";
        $emess .= "If you have any questions or problems,";
        $emess .= " email service@ourstore.com";        
        $subj = "Your new customer registration";       
        $mailsend=mail("$email","$subj","$emess");     
        $user_name= $_POST['user_name']
        header("Location: $next_program?user=.$username");  
      //or
      //header('Location: info.php?user='.$username);    
      }
    break;                                              

    default:                                            
           include("fields_login.inc");
           include("double_form.inc");
  }
and on info.php do something like

Code: Select all

<?php 
$user = _GET['user_name']
echo " 
<html> 
<head> 
<title></title> 
<body> 
<!--will contain specific users' content--> 
</body> 
</head> 
</html> 
"; 
?>
is this right?