I'm setting up a login/logout and I'm trying to send the users id number to other pages in the website so that I can manipulate the database when I want.
I use a query to match email/password and log in user(n.b. this is not the full code and not the problem, I'm matching emails and passwords)
$find= mysqli_query("SELECT * FROM users WHERE email='$ema' and password="$pw");
Then I fetch an array and start a session which I then check on pages further on in the website.
if(mysql_num_rows($find) == 1){
$row = mysql_fetch_array($result, MYSQL_BOTH);
$id= $row ['id'];
session_start();
$_SESSION['Login']= $id;
// Redirect - I use JS to send users to next page
}
else {
echo '<script type="text/javascript">';
echo 'alert("Invalid Username or Password");';
echo 'history.back();';
echo '</script>';
}
mysql_close($link);
On other pages I have code that checks for the session and redirects users if they aren't logged in. Here's that code:
<?php
session_start();
if(!isset($_SESSION['Register'])){
if(!isset($_SESSION['Login'])){
header("location:../notLoggedIn.php");
}
}
$get_id = $_SESSION['Register'];
$get_id = $_SESSION['Login'];
?>
Then, when I check what's in the id variable passed from the login page with this:
$profile = mysql_query("SELECT * FROM profiles WHERE id= $id");
var_export($id);
I get a null value. What's going wrong?
You must check if session is not started then use session_start();
if (session_status() == PHP_SESSION_NONE) {//php >5.4
session_start();
}
and use $_SESSION['Login'] instead of $id
$profile = mysql_query("SELECT * FROM profiles WHERE id=".$_SESSION['Login']);
Multiple mistakes i have seen.
1)First revise your query :
$find= mysqli_query("SELECT * FROM users WHERE email='$ema' and password='$pw');
2) Secondly start session on the top of file.
3) mysqli_close($link); instead of mysql_close($link);
4) In the Last check if the session is properly set.
if(isset($_SESSION['Login'])) {
$get_id = $_SESSION['Login'];
$profile = mysql_query("SELECT * FROM profiles WHERE id= $id");
var_export($id);
}
Hi Please note these points
1) Start session_start on the top of page (before any echo or white space).
2) I don't see your $_SESSION['Register']. Have you set it
3) You are passing session variable not simple variable so use this
$profile = mysql_query("SELECT * FROM profiles WHERE id = $_SESSION['Login']");
var_export( $_SESSION['Login']);
As $id will be null here always
Related
I'm a little new to PHP and MYSQL. I'm creating an admin panel, in the MySQL database I have a column called admin.
I want it to check the column, So if admin has 0 on it, it will header to index.php but if it has 1 it will header to admin.php.
I would also like some help, For admin.php I want something like, if you were not on the database (checks if admin has 1 in the username), it will head somewhere else.
Admin.php code:
<?php
session_start();
include_once 'dbconnect.php';
if (isset($_SESSION['user']) != "") {
header("Location: home.php");
}
if (isset($_POST['btn-login'])) {
$uname = mysql_real_escape_string($_POST['uname']);
$admin = mysql_real_escape_string($_POST['admin']);
$upass = mysql_real_escape_string($_POST['pass']);
$res = mysql_query("SELECT * FROM users WHERE admin = '1'");
$row = mysql_fetch_array($res);
if ($row['admin'] == 1) {
header("Location: admin.php");
}
else {
echo 'Shithead';
}
}
?>
For a start you need to fetch the right row for the user. You are fetching only rows that are admins !!! Something like this.
$res=mysql_query("SELECT * FROM users WHERE uname='$uname' and pass='$pass'");
assuming that your db fields are called uname and pass.
You need to get this working and then ask a new question for the rest.
I know I can't use two session start codes in a same php page but for the sake of updating user account, I need the below code and I need to use session_start twice. One, to check if the user is not logged in, then redirect them and banned them from seeing the update info page and also the other session start has to be there so that my session variables could be set automatically in the update info page if the user is logged in.
anyways, I am getting this error can you guys please show me a work around way? if there's any?
thanks.
Notice: A session had already been started - ignoring session_start() in ....
<?php session_start();
if(isset($_SESSION['userid'])) {
} else {
header('Location: login.php');
}
?>
<?php
$user = $_SESSION['userid'];
$myquery = "SELECT * FROM our_users WHERE `userid`='$user'";
$result = mysqli_query($conn, $thequery);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
session_start(); /* Basically this right here gets ignored. */
$_SESSION["user_first_name"] = $row['fn'];
$_SESSION["user_last_name"] = $row['ln'];
$_SESSION["user_email"] = $row['em'];
$_SESSION["user_password"] = $row['pw'];
?>
In this index page of mine I have an error coming up with the code so I printed off the Query to see if the error is there and strangely enough I get the ID and Password of the query but not the username.
This is the print out:
SELECT * FROM admin WHERE id='3' AND username='' AND password='alan' LIMIT 1You data dont exist in the database
where username field is empty should be Alan
here is my PHP:
<?php
session_start();
if (!isset($_SESSION["manager"])){
header("location: admin_login.php");
exit();
}
$managerID = preg_replace('#[^0-9]#i','',$_SESSION["id"]);
$manager = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]);
include"db_connection.php";
$q = "SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1";
$sql = mysql_query($q);
echo $q;
$existCount=mysql_num_rows($sql);
if ($existCount ==0){
//header ("location: index.php");
echo "You data dont exist in the database";
exit();
}
?>
Using the following, I was able to successfully echo all three session variables.
Therefore, I am under the impression that either the username session variable is not set (from a previous form/HTML), and/or the form input element is not named or contains a typo.
Since you did not provide additional information in your (original) question in regards to how you are using it (from a form, or other) am submitting the following as a successful test.
I left out the first conditional statement from your code and filled in my own session variables.
<?php
session_start();
$_SESSION["id"] = "3";
$_SESSION["username"] = "FRED";
$_SESSION["password"] = "12345";
$managerID = preg_replace('#[^0-9]#i','',$_SESSION["id"]);
$manager = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]);
echo $_SESSION["id"];
echo "<br>";
echo $_SESSION["username"];
echo "<br>";
echo $_SESSION["password"];
Which echo'ed:
3
FRED
12345
I am questioning this line though, since there is no other reference to it:
if (!isset($_SESSION["manager"]))
since it seems to be related to the word "manager"
$managerID = preg_replace('#[^0-9]#i','',$_SESSION["id"]);
where you might have meant to use:
if (!isset($_SESSION["id"]))
or:
$managerID = preg_replace('#[^0-9]#i','',$_SESSION["manager"]);
I have a login page that is directed towards another php page. This php page takes the username the user entered, stores it as a session variable, then redirects to home.php (this code is run after the information is validated).
$username = $_POST['username'];
$update = mysql_query("UPDATE usertable SET loginStatus='Logged in' WHERE userName = '$username'");
session_start();
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $_POST['username'];
header("Location: home.php");
This will update the appropriate column without an issue. I put the following code in the home.php page to display each users login status
session_start();
$username = $_SESSION['username'];
if(empty($_SESSION['username'])){
header("Location: login.php");
}
$result = mysql_query("SELECT * FROM usertable");
echo "Logged in as ". $_SESSION['username'];
echo "<br />";
while($row = mysql_fetch_array($result))
{
echo $row['userName'] . " " . $row['emailAddress'] . " " .$row['loginStatus'];
echo "<br />";
}
?>
<p><a href=logout.php>Click here to logout</a></p>
When the user clicks the logout link, it directs them to the following php page:
<?php
session_start();
$username = $_SESSION['username'];
$update1 = mysql_query("UPDATE usertable SET loginStatus='' WHERE userName = '$username'");
echo $username;
?>
<?php
session_destroy();
?>
<h1>You are now logged out</h1>
<p><a href=login.php>login</a></p>
This is where I have my issue. MySQL is not updating the loginStatus of the corresponding username. All the variables I have ($username, $username1) print out the correct information when I test them. In the case of the logout page I know that $_SESSION['username'] is storing the correct user name, but I can not figure out why it will not update the value in the database.
If this is all to your page, you might have no database connection. Check the return value of your query with at least
$update1 = mysql_query("UPDATE usertable SET loginStatus='' WHERE userName = '$username'") or die(mysql_error());
and you should see the real cause.
Besides, you should consider switching to either mysqli or PDO, because mysql_* functions are deprecated by now.
Where exactly is your problem??...database updating on login or database fetching on home.php page or database updating on logout page...also how many times do you start your sessions all three pages have session start functions on them.
My Profile php
<?php
//profile.php
require_once 'includes/global.php';
//check to see if they're logged in
if(!isset($_SESSION['logged_in'])) {
header("Location: login.php");
}
// finding user and viewing it
$tools = new FindUser();
$user = $tools->get($_REQUEST['userID']);
?>
This is my php for viewing user profile.
http://mywebsite.com/profile.php?userID=5 its working fine in this way.
i want my code to check if user is available in database for example if i add ?userID=10 which is not present in database it gives out mysql error or even if i use http://mywebsite.com/profile.phpthen also it give error.
so now i want if user is not available in database it should give that user is not available and when we use simple http://mywebsite.com/profile.php it should give auto add it to userID=1 OR REDIRECT it to home.php
If there is other way of doing this please let me know. well im very newbie in this field
Thanks for looking my question and answering :)
Solved
<?php
//profile.php
require_once 'includes/global.php';
//check to see if they're logged in
if(!isset($_SESSION['logged_in'])) {
header("Location: login.php");
}
$UserID = $_GET['userID'];
$CheckQuery = mysql_query("SELECT * FROM users WHERE id='$UserID'");
$CheckNumber = mysql_num_rows($CheckQuery);
if ($CheckNumber !== 1)
{
header("Location: index.php");
}
// finding user and viewing it
$tools = new FindUser();
$user = $tools->get($_REQUEST['userID']);
?>
You shouldn't use MySQL As it's depreciated,
If you really wish to use MySQL You could check at the start of the script if there is a row count for the User ID, Example:
<?
$UserID = $_GET['UserID'];
$UserID = mysql_real_escape_string($UserID);
$CheckQuery = mysql_query("SELECT * FROM users WHERE userID='$UserID'");
$CheckNumber = mysql_num_rows($CheckQuery);
if ($CheckNumber !== 1)
{
// Do something If user is Not Found
// Redirect to Another Page OR Something
}
?>
than check that query give with result if it wont found data in database than redirect
$result = mysql_query(...);
if(mysql_num_rows($result) !=1){ //
header("Location:signup.php");
exit();
}
You shouldn't use MySQL As it's depreciated, either use PDO or mysqli