Page 1 of 1

Display logged in username

Posted: Thu May 17, 2007 3:33 pm
by nhwood
Hello, I'm working on a website that needs a login, when you login I want to have a variable set to whatever the Username of who logged in was. For example if I logged in a variable would be set and store my username. I also would like it to be attached to a cookie or something so that it stays constant throught the user's entire stay in the site. Here is my code for the index page so far and it hasn't worked...

Code: Select all

<?php require_once('Connections/tara1.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "index.php?logout=yes";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php?";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}

$user123 = $_POST['username'];
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_tara1, $tara1);
$query_Recordset1 = "SELECT * FROM news_1";
$Recordset1 = mysql_query($query_Recordset1, $tara1) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Welcome to Tara of Barrington</title>
<link href="tara.css" rel="stylesheet" type="text/css" />
<script src="SpryAssets/SpryCollapsiblePanel.js" type="text/javascript"></script>
<link href="SpryAssets/SpryCollapsiblePanel.css" rel="stylesheet" type="text/css" />
</head>

<body>
<table width="829" border="0" align="center">
  <tr>
    <td width="117" height="411">&nbsp;</td>
    <td colspan="5" class="box1"><table width="560" border="0" align="center">
      <tr>
        <td height="107"><div align="center">Welcome to the Tara of Barrington community website (THIS IS WHERE I WANT THE USERNAME DISPLAYED!), please choose from a link below or feel free to read the latest news below.</div></td>
      </tr>
      <tr>
        <td><div align="center">
          <div id="CollapsiblePanel1" class="CollapsiblePanel">
            <div class="CollapsiblePanelTab">Click to read latest news</div>
            <div class="CollapsiblePanelContent">
              <div class="box2"><?php echo $row_Recordset1['title']; ?></div>
              <?php echo $row_Recordset1['body']; ?><br />
            </div>
          </div>
        </div>
          
          <p align="center" class="box2"><a href="<?php echo $logoutAction ?>">Logout</a></p></td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td width="138" align="center" valign="top"><a href="members.php"><img src="buttons/members.png" alt="Member Directory" width="112" height="51" border="0" /></a></td>
    <td width="138" align="center" valign="top"><a href="bb.php"><img src="buttons/bulletin_board.png" alt="Bulletin Board" width="112" height="51" border="0" /></a></td>
    <td width="138" align="center" valign="top"><a href="news.php"><img src="buttons/news.png" alt="News" width="112" height="51" border="0" /></a></td>
    <td width="134" align="center" valign="top"><a href="documents.php"><img src="Connections/documents.png" alt="Documents" width="112" height="51" border="0" /></a></td>
    <td width="138" align="center" valign="top"><a href="calendar.php"><img src="Connections/calendar.png" alt="Calendar" width="112" height="51" border="0" /></a></td>
  </tr>
</table>
<script type="text/javascript">
<!--
var CollapsiblePanel1 = new Spry.Widget.CollapsiblePanel("CollapsiblePanel1", {contentIsOpen:false});
//-->
</script>
</body>

</html>
<?php
mysql_free_result($Recordset1);
?>

Posted: Thu May 17, 2007 8:47 pm
by califdon
Did you write this code or is it something you copied from somewhere? It seems to be missing some things and it doesn't seem to be consistent. I'm not sure, but I don't think it's valid to check $_SESSION without a session variable. Anyway, it looks like you're recalling the script if the session is to be logged out, with a GET variable logout = yes, but you never check that GET variable. I just don't follow your logic.

I suggest that you might profit by reading something like:
http://www.tizag.com/phpT/phpsessions.php