Page 1 of 3

need help on user login

Posted: Fri Aug 08, 2008 12:45 am
by zplits
hello everyone, good day.

I have created a script that has a username and password field, like normal login pages appear. But in my database there are 3 fields. The username, pwd, and realname. I have created values to that fields. When the user access the login area and typed admin in the username field and 1234 in the password field. It successfully loads my main.php page, but my problem is that, I want to show in the main.php page WELCOME realName. Could you please help me?

here are the codes for my files.
check.php:

<?php
ob_start();
$host = "localhost"; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name = "admin"; // Database name
$tbl_name = "users"; // Table name

mysql_connect("$host", "root")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];


// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and pwd='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);


ob_end_flush();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Lourdes C - Login</title>
</head>

<body>
<table width="974" border="0" cellpadding="0" cellspacing="0" align="center">
<!--DWLayoutTable-->
<tr>
<td width="974" height="518" valign="top"><p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<table width="227" border="0" align="center">
<tr>
<td width="221" height="79" colspan="8"><div align="center"><img src="images/lourdesC-logo.png" alt="lourdes C logo" width="221" height="77" /></div></td>
</tr>
<tr class="invalidLogin">
<td height="36" colspan="8"><?php
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "Success.php"
session_register("myusername");
session_register("mypassword");
//session_register("levelName");
header("location:Success.php");
}
else {
echo "<b>ERROR:</b> Invalid Username / Password";
}
?></td>
</tr>
<tr>
<td colspan="8"><form action="check.php" method="post" name="loginForm" target="_self" id="loginForm">
<p><span class="form-label"><img src="images/icons/personal.png" width="16" height="16" /> Username</span><br />
<input name="username" type="text" class="formFields" id="username" tabindex="1"/>
</p>
<p><span class="form-label"><img src="images/icons/password.png" width="16" height="16" /> Password</span><br />
<input name="password" type="password" class="formFields" id="password" tabindex="2"/>
</p>
<p align="right">
<input name="Submit" type="submit" class="form-button" id="button" tabindex="3" value=" Log In " />
</p>
</form> </td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>


here is the Success.php:
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Welcome to Lourdes C</title>
</head>

<body>
<table width="974" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="254" height="41" valign="top">
<form method = "POST" action = "logout.php">
<?php
// check session variable is set
$greet = $_SESSION['$myusername'];
// if set, greet by name
echo "Welcome ".$greet;
?><input type = "submit" name="logout" value = "Logout">
</form>
</td>
<td width="720">&nbsp;</td>
</tr>
<tr>
<td height="959">&nbsp;</td>
<td>&nbsp;</td>
</tr>
</table>
</body>
</html>


and lastly,
here is the logout.php:
<?php
session_start();
$_SESSION = array();
session_destroy();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Lourdes C - Logged Out</title>
</head>

<body>
<table width="974" border="0" cellpadding="0" cellspacing="0" align="center">
<!--DWLayoutTable-->
<tr>
<td width="974" height="518" valign="top"><p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<table width="227" border="0" align="center">
<tr>
<td width="221" height="79" colspan="8"><div align="center"><img src="images/lourdesC-logo.png" alt="lourdes C logo" width="221" height="77" /></div></td>
</tr>
<tr class="loggedOut">
<td height="36" colspan="8"><?php
echo "You are now logged out.";
?></td>
</tr>
<tr>
<td colspan="8"><form action="login.php" method="post" name="loginForm" target="_self" id="loginForm">
<p><span class="form-label"><img src="images/icons/personal.png" width="16" height="16" /> Username</span><br />
<input name="username" type="text" class="formFields" id="username" tabindex="1"/>
</p>
<p><span class="form-label"><img src="images/icons/password.png" width="16" height="16" /> Password</span><br />
<input name="password" type="password" class="formFields" id="password" tabindex="2"/>
</p>
<p align="right">
<input name="Submit" type="submit" class="form-button" id="button" tabindex="3" value=" Log In " />
</p>
</form> </td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>


</body>
</html>


Please help. Really need your help everyone. Is there anything wrong with my code?

Re: need help on user login

Posted: Fri Aug 08, 2008 1:23 am
by Stryks
Well .... my first advice would be to move that login success / fail code to the top of the page. If you insert it amongst all that HTML, the header redirect is never going to work.

After a quick reshuffle, I'd recommend something more like this for check.php.

Code: Select all

<?php
//ob_start();
$host = "localhost"; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name = "admin"; // Database name
$tbl_name = "users"; // Table name
 
mysql_connect("$host", "root")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
 
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
 
 
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
$sql="SELECT id, realname FROM $tbl_name WHERE username='$myusername' and pwd='$mypassword'";
$result=mysql_query($sql);
 
if($result) {
    $data = mysql_fetch_assoc($result);
    $_SESSION['user'] = array('id' => $data['id'], 'realname'=>$data['realname']);
    header("location:Success.php");
    exit();
} else $error = "Incorrect Username or Password";
 
//ob_end_flush();
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Lourdes C - Login</title>
</head>
 
<body>
<table width="974" border="0" cellpadding="0" cellspacing="0" align="center">
<!--DWLayoutTable-->
<tr>
<td width="974" height="518" valign="top"><p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<table width="227" border="0" align="center">
<tr>
<td width="221" height="79" colspan="8"><div align="center"><img src="images/lourdesC-logo.png" alt="lourdes C logo" width="221" height="77" /></div></td>
</tr>
<tr class="invalidLogin">
<td height="36" colspan="8"><?php if(isset($error)) echo $error; ?></td>
</tr>
<tr>
<td colspan="8"><form action="check.php" method="post" name="loginForm" target="_self" id="loginForm">
<p><span class="form-label"><img src="images/icons/personal.png" width="16" height="16" /> Username</span><br />
<input name="username" type="text" class="formFields" id="username" tabindex="1"/>
</p>
<p><span class="form-label"><img src="images/icons/password.png" width="16" height="16" /> Password</span><br />
<input name="password" type="password" class="formFields" id="password" tabindex="2"/>
</p>
<p align="right">
<input name="Submit" type="submit" class="form-button" id="button" tabindex="3" value=" Log In " />
</p>
</form> </td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>
You'll notice that I removed your ob_start and flush functions. I don't really think you need them. You possibly put them there to remove the 'headers already sent' issue, but moving the redirect up before any output will solve that nicely.

As for the data I put into your sessions ... I didn't put the username or password because ... well ... they aren't needed or desired after the user has logged in. In fact, it opens up a security vulnerability should your session files ever be compromised.

For most use, you will only ever need their user id, and as you said, their real name.

On subsequent pages, to see their real name just use ...

Code: Select all

echo $_SESSION['user']['realname']
Hope this helps.

P.S - those stripslashes aren't really doing much in the way of making things more secure for you there. You might as well get rid of them.

Cheers 8)

Re: need help on user login

Posted: Fri Aug 08, 2008 1:29 am
by zplits
Thanks for the quick reply sir, You're the only one who has been helping me.
Please wait while i test what you have recommended.

Thanks a lot

Re: need help on user login

Posted: Fri Aug 08, 2008 1:32 am
by Stryks
I probably just answered before anyone else got a chance. There are a lot of very knowledgeable people floating around who are happy to help. I just happen to be hanging around a lot at the moment, and you happen to be asking the questions I like to answer. :lol:

Anyhow ... let us know how you go.

Re: need help on user login

Posted: Fri Aug 08, 2008 1:44 am
by zplits
here is the code that you have advise sir, i made some revisions to the database fields.

here is the revised code:

Code: Select all

<?php
//ob_start();
$host = "localhost"; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name = "minda"; // Database name
$tbl_name = "users"; // Table name
  
mysql_connect("$host", "root")or die("Connection Error: Cannot connect to Server");
mysql_select_db("$db_name")or die("MySQL Error: Cannot select Database");
 
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
 
 
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
$sql="SELECT id, firstName FROM $tbl_name WHERE loginName='$myusername' and passWord='$mypassword'";
$result=mysql_query($sql);
  
if($result) {
     $data = mysql_fetch_assoc($result);
     [b]$_SESSION['user'] = array('id' => $data['id'], 'loginName'=>$data['loginName']);[/b]
     header("location:Success.php");
     exit();
} else $error = "Incorrect Username or Password";
 
 
//ob_end_flush();
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Lourdes C - Login</title>
</head>
 
<body>
<table width="974" border="0" cellpadding="0" cellspacing="0" align="center">
  <!--DWLayoutTable-->
  <tr>
    <td width="974" height="518" valign="top"><p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <table width="227" border="0" align="center">
      <tr>
        <td width="221" height="79" colspan="8"><div align="center"><img src="images/lourdesC-logo.png" alt="lourdes C logo" width="221" height="77" /></div></td>
      </tr>
      <tr class="invalidLogin">
        <td height="36" colspan="8"><?php if(isset($error)) echo $error; ?></td>
      </tr>
      <tr>
        <td colspan="8"><form action="checklogin.php" method="post" name="loginForm" target="_self" id="loginForm">
          <p><span class="form-label"><img src="images/icons/personal.png" width="16" height="16" /> Username</span><br />
            <input name="username" type="text" class="formFields" id="username" tabindex="1"/>
</p>
          <p><span class="form-label"><img src="images/icons/password.png" width="16" height="16" /> Password</span><br />
            <input name="password" type="password" class="formFields" id="password" tabindex="2"/>
          </p>
          <p align="right">
            <input name="Submit" type="submit" class="form-button" id="button" tabindex="3" value=" Log In " />
          </p>
        </form>        </td>
      </tr>
    </table></td>
  </tr>
</table>
</body>
</html>
 
please check the line of code that is being bolded, I think i have mess it up. I'm sorry, I'm a newbie

Re: need help on user login

Posted: Fri Aug 08, 2008 1:48 am
by zplits
by the way sir, what does this code do?
$sql="SELECT id, firstName FROM $tbl_name WHERE loginName='$myusername' and passWord='$mypassword'";

I mean the SELECT id? because i don't have any id field in my database. My primary key is loginName. Is it okay? or i need to create a id field in my table?

Thank you very much for the help sir, i truly appreciate it.

Re: need help on user login

Posted: Fri Aug 08, 2008 2:09 am
by Stryks
Well .. this line ...

Code: Select all

$sql="SELECT id, firstName FROM $tbl_name WHERE loginName='$myusername' and passWord='$mypassword'";
... dictates what will be returned from the database. It's always preferable to specify which fields you want returned as opposed to a wildcard (*) which returns all fields.

In this case it is returning 'id and 'firstname', which you can access a few lines down. You can only access what you return, and you can only return what is there. So 'firstName' will need to be 'loginName', and 'id' the name of the integer primary key, should you decide to go that way.

You *can* use the realname as a primary key, but it's a better practice I feel to use an autonumber as your primary key.

As I mentioned above (as an edit ... so you may have missed) this ...

Code: Select all

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
... is not really required to make that data safe. It's complex.

Apart from that the line you highlighted is fine, though 'id' wont work if you aren't getting it from the database.

This is probably confusing ... let me know if you need clarification.

Re: need help on user login

Posted: Fri Aug 08, 2008 2:22 am
by zplits
Yes sir, i find it really confusing. I'm sorry.

I think it's better if you'll edit my code. Do you have YIM? Can we chat? If you don't mind.

here is the code for my checkLogin.php:

Code: Select all

<?php
//ob_start();
$host = "localhost"; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name = "minda"; // Database name
$tbl_name = "users"; // Table name
  
mysql_connect("$host", "root")or die("Connection Error: Cannot connect to Server");
mysql_select_db("$db_name")or die("MySQL Error: Cannot select Database");
 
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
 
 
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
$sql="SELECT id, firstName FROM $tbl_name WHERE loginName='$myusername' and passWord='$mypassword'";
$result=mysql_query($sql);
  
    if($result) {
         $data = mysql_fetch_assoc($result);
         $_SESSION['user'] = array('id' => $data['id'], 'firstName'=>$data['firstName']);
         header("location:loginSuccess.php");
         exit();
    } 
    else {
        $error = "<b>ERROR</b>: Invalid Username / Password";
    }
 
//ob_end_flush();
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Lourdes C - Login</title>
</head>
 
<body>
<table width="974" border="0" cellpadding="0" cellspacing="0" align="center">
  <!--DWLayoutTable-->
  <tr>
    <td width="974" height="518" valign="top"><p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <table width="227" border="0" align="center">
      <tr>
        <td width="221" height="79" colspan="8"><div align="center"><img src="images/lourdesC-logo.png" alt="lourdes C logo" width="221" height="77" /></div></td>
      </tr>
      <tr class="invalidLogin">
        <td height="36" colspan="8"><?php if(isset($error)) echo $error; ?></td>
      </tr>
      <tr>
        <td colspan="8"><form action="checklogin.php" method="post" name="loginForm" target="_self" id="loginForm">
          <p><span class="form-label"><img src="images/icons/personal.png" width="16" height="16" /> Username</span><br />
            <input name="username" type="text" class="formFields" id="username" tabindex="1"/>
</p>
          <p><span class="form-label"><img src="images/icons/password.png" width="16" height="16" /> Password</span><br />
            <input name="password" type="password" class="formFields" id="password" tabindex="2"/>
          </p>
          <p align="right">
            <input name="Submit" type="submit" class="form-button" id="button" tabindex="3" value=" Log In " />
          </p>
        </form>        </td>
      </tr>
    </table></td>
  </tr>
</table>
</body>
</html>
 
and here is the loginSuccess.php

Code: Select all

<?php
    session_start();
    if(!session_is_registered(myusername)){
    header("location:login.php");
    }
?>
 
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Welcome to Lourdes C</title>
</head>
 
<body>
<table width="974" border="0" cellpadding="0" cellspacing="0">
  <!--DWLayoutTable-->
  <tr>
    <td width="254" height="41" valign="top">
    <?php
        echo "Welcome ".$_SESSION['loginName']['firstName'];
    ?>                                   
    <form method = "POST" action = "logout.php">
    <input type = "submit" name="logout" value = "Logout">
    </form>
    </td>
    <td width="720">&nbsp;</td>
  </tr>
  <tr>
    <td height="959">&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>
here is the login.php

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Lourdes C - Login</title>
</head>
 
<body>
<table width="974" border="0" cellpadding="0" cellspacing="0" align="center">
  <!--DWLayoutTable-->
  <tr>
    <td width="974" height="518" valign="top"><p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <table width="227" border="0" align="center">
      <tr>
        <td width="221" height="79" colspan="8"><div align="center"><img src="images/lourdesC-logo.png" alt="lourdes C logo" width="221" height="77" /></div></td>
      </tr>
      <tr>
        <td colspan="8"><form action="checklogin.php" method="post" name="loginForm" target="_self" id="loginForm">
          <p><span class="form-label"><img src="images/icons/personal.png" width="16" height="16" /> Username</span><br />
            <input name="username" type="text" class="formFields" id="username" tabindex="1"/>
</p>
          <p><span class="form-label"><img src="images/icons/password.png" width="16" height="16" /> Password</span><br />
            <input name="password" type="password" class="formFields" id="password" tabindex="2"/>
          </p>
          <p align="right">
            <input name="Submit" type="submit" class="form-button" id="button" tabindex="3" value=" Log In " />
          </p>
        </form>        </td>
      </tr>
    </table></td>
  </tr>
</table>
</body>
</html>
 
and finally the logout.php

Code: Select all

<?php
    session_start();
    $_SESSION = array();
    session_destroy();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles/login.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="images/favicon.ico">
<title>Lourdes C - Logged Out</title>
</head>
 
<body>
<table width="974" border="0" cellpadding="0" cellspacing="0" align="center">
  <!--DWLayoutTable-->
  <tr>
    <td width="974" height="518" valign="top"><p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <table width="227" border="0" align="center">
      <tr>
        <td width="221" height="79" colspan="8"><div align="center"><img src="images/lourdesC-logo.png" alt="lourdes C logo" width="221" height="77" /></div></td>
      </tr>
      <tr class="loggedOut">
        <td height="36" colspan="8"><?php
                                    echo "You are now logged out.";
                                    ?></td>
      </tr>
      <tr>
        <td colspan="8"><form action="checklogin.php" method="post" name="loginForm" target="_self" id="loginForm">
          <p><span class="form-label"><img src="images/icons/personal.png" width="16" height="16" /> Username</span><br />
            <input name="username" type="text" class="formFields" id="username" tabindex="1"/>
</p>
          <p><span class="form-label"><img src="images/icons/password.png" width="16" height="16" /> Password</span><br />
            <input name="password" type="password" class="formFields" id="password" tabindex="2"/>
          </p>
          <p align="right">
            <input name="Submit" type="submit" class="form-button" id="button" tabindex="3" value=" Log In " />
          </p>
        </form>        </td>
      </tr>
    </table></td>
  </tr>
</table>
</body>
</html>
 
 
</body>
</html>

Re: need help on user login

Posted: Fri Aug 08, 2008 2:30 am
by Stryks
I don't have access to YIM here, but it's best we work it out here anyhow ... it might help someone else who is having similar problems.

As for correcting the lines, it depends on what the structure of your database is.

Are you looking at using an integer primary key (autonumber) or are you staying with 'loginName'? If you're going for the autonumber, what is that row named in the database?

Re: need help on user login

Posted: Fri Aug 08, 2008 2:35 am
by zplits
Okay sir. I want to thank you. Thank you so much.

here is my database stucture:
database name = minda
table name = users

id loginName passWord firstName lastName emailAdd
1 admin 1234 JV Vergara jv_V@yahoo.com

Re: need help on user login

Posted: Fri Aug 08, 2008 2:57 am
by Stryks
Well ... now that we know what is in the database, we can define what we want to pull.

Code: Select all

$sql="SELECT id FROM $tbl_name WHERE loginName='$myusername' and passWord='$mypassword'";
Assuming that $myusername and $mypassword are correct, you will have access to that users id with ...

Code: Select all

$_SESSION['user'] = array('id' => $data['id'], 'firstName'=>$myusername);
 
// and display with
 
echo $_SESSION['user']['id'];
 
Notice that there is no need to return the username as we are passing it to the query, so if we get a result, it must be right.

Now, let's say you wanted to keep the users email address in their session, knowing that you have that information for that user in the database, you could go ...

Code: Select all

$sql="SELECT id, emailAdd FROM $tbl_name WHERE loginName='$myusername' and passWord='$mypassword";
This would return emailAdd from the database for you, so then you could ...

Code: Select all

$_SESSION['user'] = array('id' => $data['id'], 'firstname'=>$myusername, 'email'=>$data['emailAdd']);
 
// and display with
 
echo $_SESSION['user']['email'];
See what I mean? The data flows from the database, so you can access it easily .... but you have to specify in the query that the data you are after is being returned.

Using the same method, you could return all kinds of data .... like authentication level, in case you want to have different user and administrator privileges ... assuming that data was available in the database.

Just a suggestion for consideration .... you might want to use the users email address as their login instead of their first name. It's just that you can be sure that only one email address exists .... whereas there is a good chance there is more than one 'John'.

Food for thought anyhow.

Cheers :)

Re: need help on user login

Posted: Fri Aug 08, 2008 3:09 am
by zplits
yes sir, that's really a good idea. What if i'll use in the loginSuccess.php a message that displays, WELCOME VERGARA JV. Would it be better?

Wait up, I'll be trying your code. :) Hope this will work.

Re: need help on user login

Posted: Fri Aug 08, 2008 3:18 am
by zplits
:cry: still it doesn't work sir, It went worst. Now i can't login, when i enter admin in username and 1234 in password, it doesn't do anything, as to what i can see, it just refreshes the page.

I also tried to enter a wrong password, but it still just refreshes the page, it doesn't display invalid username / password.

What did i do wrong?

Re: need help on user login

Posted: Fri Aug 08, 2008 3:31 am
by Stryks
Well ... what happened when you tried to log in? Did you wind up at loginsuccess.php but with an error?

Just that at the start of loginsuccess.php, this code ...

Code: Select all

<?php
     session_start();
     if(!session_is_registered(myusername)){
     header("location:login.php");
    }
?>
... should be more like ...

Code: Select all

<?php
     session_start();
     if(!isset($_SESSION['user']){
     header("location:login.php");
    }
?>
Give that a go and we'll go from there.

Re: need help on user login

Posted: Fri Aug 08, 2008 3:38 am
by Stryks
Oh ... I also found another error. All of this is untested by the way, so it's a bit of a hit an miss affair sometimes. :lol:

Code: Select all

   if($result) {
         $data = mysql_fetch_assoc($result);
         $_SESSION['user'] = array('id' => $data['id'], 'firstName'=>$data['firstName']);
         header("location:loginSuccess.php");
         exit();
    }
... would work better as ...

Code: Select all

   if (mysql_num_rows($result) > 0) {
         $data = mysql_fetch_assoc($result);
         $_SESSION['user'] = array('id' => $data['id'], 'firstName'=>$data['firstName']);
         header("location:loginSuccess.php");
         exit();
    }
Yeah ... that looks better.