I'm trying to display username (cocname), but nothing happened. Do you see why? there is no error but the username is missing also and "Hello" is not displayed.Thank you.
<?php
session_start();
include_once 'config.php';
$prepend = "<span class='cocname'>";
$append = "</span>";
if (!isset($_SESSION['email'])) {
header("Location: signin.php");
}
$query = "SELECT cocname FROM users WHERE email=".$_SESSION['email'];
$result = $connect->query($query);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc())
{
echo $prepend."Hello ".$row['cocname'].$append;
}
}
?>
Well you need to use sessions here. For all the pages where you need login to work. Add this statement.
session_start();
Now, add session_start(); as the first line of your login page. Update your login page as below.
if ($result->num_rows > 0)
{
//user logged in
$_SESSION['logged'] =1;
$_SESSION['email']=$user;
//now since this would only return 1 result, you don't need to use a white loop.
$user_details = $result->fetch_assoc();
}
Read more :- http://www.w3schools.com/php/php_sessions.asp
Try this
Do write this in signing.php
$query = "SELECT email, password FROM users WHERE email ='$user' and
password='$pass'" ;
$result = $connect->query($query);
if ($result->num_rows == 0) {
header('Location: signin.php?failed=1');
}
if ($result->num_rows > 0) {
//Email and password matched
$_SESSION['logged_in'] = true;
$_SESSION['User'] = $result->fetch_assoc();
}
And in main.php check if user is logged in or not as
if($_SESSION['logged_in']){
echo "Successfully logged in";
}else{
echo "Login first to view this page";
}
Don't forget to start session on the top of page. And use $_SESSION["User"] to show user info on main page.
Update :
You should submit your form on the "signin.php" itself. If the user is successfully logged in, save a session like $_SESSION["is_login"] = true; and another session containing user info and redirect to the main.php. In the main.php check if "is_login" session is set and is true. If true user is logged in and show there user info from info session. If "is_login" session is not set redirect the user to "signin.php" to signin again.
Update 2
The only solution i found for you is
replace
$query = "SELECT cocname FROM users WHERE email=".$_SESSION['email'];
with
$email = $_SESSION['email'];
$query = "SELECT cocname FROM users WHERE email='$email'";
Update 3
Replace
$query = "SELECT cocname FROM users WHERE email=".$_SESSION['email'];
With
$query = "SELECT cocname FROM users WHERE email='{$_SESSION['email']}'";
Related
I am using PHP to get the user id to display the profile details of logged in user but i am unable to fetch the id Here is my code in login page
$email = mysqli_real_escape_string($con,$_POST['email']);
$q = "select * from users where email = '$email'";
$rows=mysql_fetch_assoc($q);
$id = $rows['$id'];
$result = mysqli_query($con, $q);
$num = mysqli_num_rows($result);
if($num == 1){
$_SESSION['user'] = $email;
header("location:home.php?id=$id");
}else{
$reg = "insert into users(email) values ('$email')";
mysqli_query($con, $reg);
header('location:index.php?msg');
}
Here is my home page code
<?php
session_start();
if(!isset($_SESSION['user'])) {
header("Location:index.php");
exit;
}
$id = $_REQUEST['id'];
include_once('conn.php');
$query="select * from users WHERE id= '$id' ";
$result=mysql_query($query);
?>
Looks like you appended the $id from your login page to home.php?id=$id and then in your home.php file, you are trying to fetch that $_GET['id'] value.
Here are the things to help you debug.
First check if from your loginpage that upon successful login you are redirected to home.php?id=$id. Then check the URL if you have correct id
Use $_GET['id'] instead. You can try to echo $_GET['id']; to see if there's any value.
Creating an admin and normal user login, but getting error when running code. Admin log in and directed to index.php and when guest logs in directed too display.php but when log in nothing happpens. Anyoneable to help?
Here is my code for authen_login.php:
<?php
session_start();
require('config2.php');
if (isset($_POST['user_id']) and isset($_POST['user_pass'])){
// Assigning POST values to variables.
$username = $_POST['user_id'];
$password = $_POST['user_pass'];
// CHECK FOR THE RECORD FROM TABLE
$query = "SELECT * FROM `user_login` WHERE username='$username' and Password='$password'";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
$count = mysqli_num_rows($result);
$_SESSION['user_type'] = $count['user_type'];
if($_SESSION['type'] == 'admin'){ //check if user or password is correct from query
header("Location: index.php"); //if normal user redirect to app.php
}
elseif ($_SESSION['type']) == 'guest'){
header("Location: display.php"); //if admin user redirect to admin.php
}
}
?>
you have missed a bracket
elseif (($_SESSION['type']) == 'guest') // add '(' before $_SESSION['type']
hey every one i have on query plse help me
i want if user login with his login detail his id should be pass and should be visible in link bar ?id=000 like this.
i am trying lot but not able to resolve it plse help me guys...
<?php
include('db.php');
session_start();
if (isset($_POST['submit'])){
//$id= $_POST["id"];
$email = $_POST['email'];
$pwd = $_POST['pwd'];
$query = "SELECT * FROM register WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['email'] = $email;
header("Location:Employee/dashboard.php"); //here if user successfully log in his user id should be also visible in url bar
}else{
$query = "SELECT * FROM art WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['email'] = $email;
header("Location:Recruiter/dashboard.php");
}else{
echo "<script>alert('Incorrect user id and password')</script>";
}
}
}
?>
Below is the modification to your code that needs to be done. You will need to fetch id from the table, if the credentials are valid and append that id to the URL:
$query = "SELECT id FROM register WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_fetch_array($result);
if(isset($rows['id']) && $rows['id'] > 0){
$_SESSION['email'] = $email;
header("Location:Employee/dashboard.php?id=" . $rows['id']);
You don't have to send user_id from POST or GET, Set user_id in session at login time. and fetch it from session where you need it..this is the best solution..
OR
You can send it in your form as a hidden input
<input type="hidden" name="id" value="{$id}">
You probably get the answer from previous answers but I am adding this answer as the best practices to use the session to this kind of activity.
begins the session, you need to say this at the top of a page or before you call session code session_start();
put a user id in the session to track who is logged in $_SESSION['user'] = $user_id; . Then for Check if someone is logged in or not.
if (isset($_SESSION['user'])) {
// if logged in
} else {
// if not logged in
}
Find the logged in user ID $_SESSION['user'].
to redirect use this function:
function redirect($url){
if (headers_sent()){
die('<script type="text/javascript">window.location.href=\'' . $url . '\';</script>');
}else{
header('Location: ' . $url);
die();
}
}
save user id in $_SESSION['id'] = $_POST['user_id']; and change your code like this:
if($rows==1){
$_SESSION['email'] = $email;
redirect(SITE_URL.'Employee/dashboard.php?id='.$_SESSION['id']); //here if user successfully log in his user id should be also visible in url bar
}
after user logged in check url everywhere you want like blow and if id not exist redirect again:
if(!isset($_GET['id'])){
$url = CURRENT_URL;
$url .= '?id='.$_SESSION['id']; //or $url .= '&id='.$_SESSION['id']; if some variables set befor
redirect($url);
}
Why did you want to display id in URL ?After login, you can access it from the user session. If you still want then here is the code.
<pre>
$query = "SELECT id FROM art WHERE email='$email' and pwd='$pwd'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$data = mysql_fetch_assoc($result);
$_SESSION['email'] = $email;
header("Location:Recruiter/dashboard.php?id=".$data['id']);
}else{
echo "<script>alert('Incorrect user id and password')</script>";
}
}
}
</pre>
I have already put user name and password in database, now what I am trying to do is when admin puts that user name and password that I have stored in database, they can access next page otherwise error.
if(isset($_REQUEST['submit'])) {
$user=$_REQUEST['user'];
$password=$_REQUEST['password'];
$q = mysql_fetch_assoc( mysql_query("SELECT * FROM adminlogin"));
$r = mysql_query($q);
if ( $user == "admin" && $password == "adminadmin" ) {
echo "welcome";
Header("Location: index.php");
}
}
Try with this:
if(isset($_REQUEST['submit'])) {
$user=$_REQUEST['user'];
$password=$_REQUEST['password'];
//Execute query, adjust the name of the columns to the one you've used in your table
$q = mysql_query("SELECT * FROM adminlogin WHERE user = '$user' and password = '$password'");
//Get the results from the query
$r = mysql_fetch_array($q);
//If any rows, the login is okay
if (mysql_num_rows($q) > 0) {
//User okay, redirect him to the success page
header("location: index.php");
}
Here is the code
I dont know whats wrong with it.
<?php
//Logout code
//Starting Session
session_start();
//Include
include ("includes/mass.php");
//Check if the user is logged in
$username = $_SESSION['username'];
$logged_in_query = "SELECT * FROM user WHERE loggedin='1' AND username='$username'";
$check_if_logged_in = mysql_query($logged_in_query);
if (isset($username))
{ while ($row = mysql_fetch_array($check_if_logged_in))
{
$logged_in = $row['loggedin'];
if ($logged_in == 1)
{
//User becomes logged out on database records
$sql_logout = "UPDATE user SET loggedin='0' WHERE loggedin='1' AND username='$username'";
$logout_query = mysql_query($logout_query);
//Logout page
session_destroy();
echo "You have been logged out.","<br>"."<a href='index.php'>Click Here To Go Back</a>";
}
}
} else
{
echo"You are not logged in"."<br><a href='register.php'>Click To Sign Up</a>";
}
?>
Do you have a mysql link object (from mysql_connect() / mysql_select_db() ?) From your comments below, it doesn't sound that way.
This SQL is wrong:
$sql_logout = "UPDATE user WHERE loggedin='1' AND username='$username'";
Should be:
$sql_logout = "UPDATE user SET loggedin=0 WHERE loggedin='1' AND username='$username'";
?
You probably also mean to be using mysql_fetch_assoc() instead of mysql_fetch_array().
This line:
$logout_query = mysql_query($logout_query);
Should be
$logout_query = mysql_query($sql_logout);
Put in your correct mysql connection and db information and try to run this. Please post the output.
<?php
//Logout code
//Starting Session
session_start();
echo "hello<br />";
//Include
include ("includes/mass.php");
echo "no problem in mass.php!<br />";
// FILL ME IN
$my_link = mysql_connect($server, $username, $password, TRUE);
mysql_select_db('your_db', $link);
//Check if the user is logged in
$username = $_SESSION['username'];
$logged_in_query = "SELECT loggedin FROM user WHERE loggedin='1' AND username='$username'";
echo $logged_in_query . "<br />";
$check_if_logged_in = mysql_query($logged_in_query, $my_link);
var_dump(mysql_num_rows($check_if_logged_in));
if (isset($username))
{
while ($row = mysql_fetch_assoc($check_if_logged_in))
{
var_dump($row);
$logged_in = $row['loggedin'];
if ($logged_in == 1)
{
//User become logged out on database records
$sql_logout = "UPDATE user SET loggedin=0 WHERE loggedin='1' AND username='$username'";
$logout_query = mysql_query($sql_logout, $my_link);
//Logout page
session_destroy();
echo "You have been logged out.","<br>"."<a href='index.php'>Click Here To Go Back</a>";
}
else
{
echo"You are not logged in"."<br><a href='register.php'>Click To Sign Up</a>";
}
}
}
?>
what you have written is very bad code. i would suggest you do like this
1. create a session in the login page once their username and password matches with the entry in the db
2. destroy that session when they say log out.
your implementation of checking the user using db is not scalable. everytime it gets executed and its not the right idea of doing it.
I would use something like this:
<?php
//Logout code
//Starting Session
session_start();
//Include
include ("includes/mass.php");
//Check if the user is logged in
$username = $_SESSION['username'];
if (isset($username))
{
$logged_in_query = "SELECT * FROM user WHERE loggedin='1' AND username='".$username."' LIMIT 1";
$check_if_logged_in = mysql_query($logged_in_query);
$logged_in = mysql_fetch_field($check_if_logged_in);
if ($logged_in == 1)
{
//User becomes logged out on database records
$sql_logout = "UPDATE user SET loggedin='0' WHERE loggedin='1' AND username='".$username."' LIMIT 1";
$logout_query = mysql_query($logout_query);
if ($logout_query)
{
//Logout page
session_destroy();
echo "You have been logged out.","<br>"."<a href='index.php'>Click Here To Go Back</a>";
}
else
{
//Couldn't update the user table to set your login status.
echo "MYSQL Error, please contact admin LO-2";
exit();
}
}
else
{
echo "You are not logged in"."<br><a href='register.php'>Click To Sign Up</a>";
}
}
else
{
echo "You are not logged in"."<br><a href='register.php'>Click To Sign Up</a>";
}
?>
Not tested
Max