Page 1 of 1
PHP: Display data of logged on person
Posted: Sat Jan 19, 2008 3:47 pm
by SpyJoe
Hi everyone, I'm creating a social network website, like MySpace or Facebook, but a simple one. I used a code I found on a website for login, register and logout. What I'm trying to do now is display member's data (like name, gender, etc) that member has registered with. So just like a profile of someone who is logged in.
This is part of the code that I have already:
Code: Select all
<?
$conn = mysql_connect("###", "###", "###") or die(mysql_error());
mysql_select_db('###', $conn) or die(mysql_error());
$result = mysql_query("SELECT * FROM users",$conn);
printf("First Name: %s<br>\n", mysql_result($result,0,"firstname"));
printf("Last Name: %s<br>\n", mysql_result($result,0,"lastname"));
printf("Gender: %s<br>\n", mysql_result($result,0,"gender"));
mysql_close($conn);
?>
But this only displays the first row from my database. I need to do something like this:
Code: Select all
$result = mysql_query("SELECT * FROM users WHERE username=$username",$conn);
I'm not sure if the username of person who is logged in is stored in a cookie or somewhere else, because code is quite complicated.
What do I need to put, so that it displays information of a person who is logged in? Can someone reply asap plz. Thank you!
P.S. Sorry forgot the most important thing. This is where I got the code from:
http://www.evolt.org/article/comment/17 ... index.html
Re: PHP: Display data of logged on person
Posted: Sat Jan 19, 2008 4:03 pm
by Jonah Bron
Find a setcookie() function inside the code, and get the name. That will probably be it. If there are more than one, just use logic to figure out which one.
Re: PHP: Display data of logged on person
Posted: Sat Jan 19, 2008 5:21 pm
by SpyJoe
PHPyoungster wrote:Find a setcookie() function inside the code, and get the name. That will probably be it. If there are more than one, just use logic to figure out which one.
OK, i found this:
Code: Select all
if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}
Some other guy told me what to do as well, so now I have this:
Code: Select all
<?
Error_Reporting(E_ALL & ~E_NOTICE);
mysql_connect("###", "###", "###") or die(mysql_error());
mysql_select_db('###') or die(mysql_error());
$query = "SELECT * FROM users WHERE username='".$_COOKIE['username']."'";
$result = mysql_query($query);
if($result)
{
$ans = mysql_fetch_array($result);
printf("First Name: %s\n", $ans['firstname']);
printf("Last Name: %s\n", $ans['lastname']);
printf("Gender: %s\n", $ans['gender']);
}
?>
But it still doesnt work. All I see now is just field names, but not actual data...
Please help me fix this...
Re: PHP: Display data of logged on person
Posted: Sat Jan 19, 2008 5:22 pm
by John Cartwright
More likely than not your system uses sessions.
Include..
echo '<pre>';
print_r($_SESSION);
print_r($_COOKIE);
.. after you've logged in. Might give you a hint as to how your system stores the user

Re: PHP: Display data of logged on person
Posted: Sat Jan 19, 2008 5:25 pm
by John Cartwright
SpyJoe wrote:PHPyoungster wrote:Find a setcookie() function inside the code, and get the name. That will probably be it. If there are more than one, just use logic to figure out which one.
OK, i found this:
Code: Select all
if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}
Some other guy told me what to do as well, so now I have this:
Code: Select all
<?
Error_Reporting(E_ALL & ~E_NOTICE);
mysql_connect("###", "###", "###") or die(mysql_error());
mysql_select_db('###') or die(mysql_error());
$query = "SELECT * FROM users WHERE username='".$_COOKIE['username']."'";
$result = mysql_query($query);
if($result)
{
$ans = mysql_fetch_array($result);
printf("First Name: %s\n", $ans['firstname']);
printf("Last Name: %s\n", $ans['lastname']);
printf("Gender: %s\n", $ans['gender']);
}
?>
But it still doesnt work. All I see now is just field names, but not actual data...
Please help me fix this...
Please do not use this code, it is so incredibly insecure!
Firstly, never.... ever.... ever.... store the user's password in plaintext, and especially in a cookie! Instead, at minimum store a hash of the password (I recommend Sha256 encryption atleast).
Secondly, your query is vulnerably to SQL injection. At minimum, you should be passing the username through mysql_real_escape_string() to protect against this.
Code: Select all
$query = "SELECT * FROM users WHERE username='". mysql_real_escape_string($username) ."'";
Re: PHP: Display data of logged on person
Posted: Sun Jan 20, 2008 7:05 am
by SpyJoe
I managed to crack it. The username was stored in session after all...
As for security of the website, it's not really what I need to do for now. I just wanted to make it work. It won't be open to public anyway...
PHPyoungster and Jcart, thank you so much for your help.
Great forum btw, I never got a reply so fast in any other forum. Will be using this one from now on...
