WOOOT!!!!(obi does a WoW undead rocker dance) i fixed it
check it out....ok...i kinda went back to some old code...but for a good reason....i couldent figure out why the application wasnt recognizing the password....i sanitized it though and my new login script is this
Code: Select all
session_start();
include("functions_main.inc");
$table_name = "Customer";
$next_program = "Secretpage.php";
switch (@$_POST['Button'])
{
case "Login":
$cxn = Connect_to_db("Vars.inc");
$sql = "SELECT user_name FROM $table_name
WHERE user_name='$_POST[fusername]'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query 1");
$num = mysqli_num_rows($result);
if($num == 1)
{
$sql = "SELECT user_name FROM $table_name
WHERE user_name='".mysqli_real_escape_string($cxn,$_POST['fusername'])."'
AND password=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$row = mysqli_fetch_assoc($result2);
if($row)
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = mysqli_real_escape_string($cxn,$_POST['fusername']);
header("Location: $next_program?user='.$user_name");
}
else
{
$message_1="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
extract($_POST);
include("fields_login.inc");
include("double_form.inc");
}
}
elseif ($num == 0) // login name not found
{
$message_1 = "The User Name you entered does not
exist! Please try again.<br>";
include("fields_login.inc");
include("double_form.inc");
}
break;
then i wrote a couple of post because i couldent figure out why the script on the secret page wasnt allowing me to show the user logged in....then BAMM!!!...while i was looking over the code i came across this small block
Code: Select all
$_SESSION['auth']="yes";
$_SESSION['logname'] = mysqli_real_escape_string($cxn,$_POST['fusername']);
and then i thought to myself, "self" my self said, "hum", what if i do somethin like this in the code of the secret page
Code: Select all
<?php
session_start();
$display_block="$_SESSION[logname] welcome to the secret page";
?>
<html>
<head>
<title>Secret Page</title>
</head>
<body>
<?php echo $display_block; ?>
</body>
</html>
and it worked, i dont quite understand it though....if i changed session[logname] to reflect in the value of[fusername] why doesnt it work....or am i understanding it wrong? many thanx to volka and spacegoat for making the ole internal hamster get off his butt and start to run on the wheel
[edited]
i got another question going along the same lines and was wondering if you guys could help me out....now that i got the secret page to show the users name via logname would i go about the same way as for like showing other information
maybe writing something like this
Code: Select all
$sql = "SELECT address FROM $table_name
WHERE user_name=$_SESSION[logname]";
will something like that work....if not any ideas on cleaning it up will be greatly apprieciated
