I'm trying to develop a login system in PHP which has faculty_login.php which displays faculty_login_option.inc.php which has a login form and if $_SESSION['f_id'] is set it redirects to faculty_upload_option.php. where faculty details are fetched from faculty_table using $f_id = $_SESSION['f_id'] as the primary key.but $_SESSION['f_id'] is always returning 1 and user is logging in as the user whose f_id is 1.
<?php
//faculty login page.faculty_login.php
//if logged in show upload option/show login option.
require_once 'resources/core.inc.php';//session is set here
require_once 'resources/connect.inc.php';//init db connection
if(isset($_SESSION['f_id'])&&!empty($_SESSION['f_id'])){
require_once 'faculty_upload_option.inc.php';
}
else{
require_once 'faculty_login_option.inc.php';
}
?>
<?php
/* faculty_login_db.php
* Check if the faculty can login or the credentials are wrong.
*/
require_once 'resources/core.inc.php';
require_once 'resources/connect.inc.php';
if(isset($_POST['f_username'])&&isset($_POST['f_password'])){
if(!empty($_POST['f_username'])&&!empty($_POST['f_password'])){
$username = stripcslashes($_POST['f_username']);
$password = stripcslashes($_POST['f_password']);
$result = $conn->prepare("SELECT f_id FROM faculty_table WHERE f_username= :hjhjhjh AND f_password= :asas");
$result->bindParam(':hjhjhjh', $username);
$result->bindParam(':asas', $password);
$result->execute();
$rows = $result->fetch(PDO::FETCH_NUM);
if($result->rowCount() == 1) {
$_SESSION['f_id'] = $rows ;
$_SESSION['f_username'] = $username;
header('Location:faculty_login.php');
}
else{
header('Location:faculty_login.php?username='.$username);
}
}
else{
header('Location:faculty_login.php');
}
}
else{
header('Location:faculty_login.php');
}
?>
<?php
/* faculty_login_option.php
* faculty login page. check if user exists/ use faculty_login_db.php
*/
?>
<!DOCTYPE html>
<!--
To change this license header, choose License Headers in Project Properties.
To change this template file, choose Tools | Templates
and open the template in the editor.
-->
<html>
<head>
<title>Home</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0 , maximum-scale=1">
<link rel="stylesheet" href="resources/loginstyle.css">
</head>
<body>
<?php
//<img alt="full screen background image" src="images/orange.jpg" id="full-screen-background-image" />
?>
<div id="back">Home</div>
<div id="header">
<h3>FACULTY LOGIN</h3><br>
</div>
<hr>
<div id="container">
<center>
<form action="faculty_login_db.php" method="post">
<input type="text" onFocus="if(this.value=='Username'){this.value=''}" name="f_username" class="buttons" value="<?php
if(isset($_GET['username']))
{
echo $_GET['username'];
}else{echo 'Username';}
?>"><br>
<input type="password" onFocus="if(this.value=='Password'){this.value='';}" name="f_password" class="buttons" value="Password"><br>
<input type="submit" value="Login" class="lbutton">
</form>
</center>
<?php
if(isset($_GET['username'])){
?>
<div id="errormsg">Username or password is invalid.</div>
<?php
}
?>
</body>
<?php
/* this is faculty_upload_option.inc.php
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
require_once 'resources/core.inc.php';
require_once 'resources/connect.inc.php';
if(isset($_SESSION['f_id'])&&isset($_SESSION['f_username'])&&!empty($_SESSION['f_id'])){
$f_id=trim(isset($_SESSION['f_id']));
if(!empty($f_id)){
$result = $conn->prepare("SELECT * FROM faculty_table WHERE f_id=:id");
$result->bindparam(':id', $f_id);
$result->execute();
$rows = $result->fetchAll();
foreach($rows as $db_rows){
$f_username = $db_rows['f_username'];
$category = $db_rows['category'];
$branch = $db_rows['branch'];
}
//page which should be displayed if user logs in.?>
<html>
<head><title><?php echo $f_username; ?></title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0 , maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Indie+Flower|Yanone+Kaffeesatz' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="resources/upload_style.css">
</head>
<body><div id="parent">
<div id="header">
<img src="images/no-profile-image.png" width="30%" id="noimg">
<span id="addfont"><h1><?php echo $f_username;?></h1></span>
<h2><?php echo $category;?></h2>
<p><?php echo $branch;?></p>
<center><div class="buttons" id="left">Home</div><div class="buttons" id="right">Logout</div></center>
</div>
Are you destroying session correctly on logout? Are you setting session id before hitting the condition somewhere? What is the value before hitting the comparion condition?
Related
I was trying to make a website. So this is the index.php page.
When 'more info' of any of the form is clicked, the user is redirected to a payment.php page, where the user must make the payment. Once the payment is done, the user is redirected to success.php page, which is supposed to show these 3 lines for two seconds and then redirect the user to details.php page. However, for some reason, instead of redirecting to details.php, both details.php and index.php come up simultaneously like this. How can I avoid the index file from being there too? I just want to show the details file.
Here is the code of the success page:
<?php
include 'index.php';
if(!empty($_GET['tid'] && !empty($_GET['product']))) {
$GET = filter_var_array($_GET, FILTER_SANITIZE_STRING);
$tid = $GET['tid'];
$product = $GET['product'];
} else {
header('Location: payment.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<title>Thank You</title>
</head>
<body>
<div class="container mt-4">
<h2>Thank you for purchasing <?php echo $product; ?></h2>
<hr>
<p>Your transaction ID is <?php echo $tid; ?></p>
<p>Check your email for more info</p>
<?php header('Refresh: 2; URL=details.php?id='.$customer['id']);?>
</div>
</body>
</html>
I feel that this is the most important part of the success.php code:
<?php header('Refresh: 2; URL=details.php?id='.$customer['id']);?>
here's the details page:
<?php
include 'config/db_connect.php';
include 'config/db.php';
include 'index.php';
if (isset($_POST['delete'])) {
$id_to_delete = mysqli_real_escape_string($conn, $_POST['id_to_delete']);
$sql = "DELETE FROM customers WHERE id = $id_to_delete";
if (mysqli_query($conn, $sql)) {
header('Location: index.php');
} else {
echo 'query error: ' . mysqli_error($conn);
}
}
// check GET request id param
if (isset($_GET['id'])) {
// escape sql chars
$id = mysqli_real_escape_string($conn, $_GET['id']);
// make sql
$sql = "SELECT * FROM customers WHERE id = $id";
// get the query result
$result = mysqli_query($conn, $sql);
// fetch result in array format
$customer = mysqli_fetch_assoc($result);
mysqli_free_result($result);
//mysqli_close($conn);
}
?>
<!DOCTYPE html>
<html>
<?php include 'templates/header.php'; ?>
<div class="container center grey-text">
<?php if ($customer) : ?>
<h4><?php echo $customer['Job_Type']; ?></h4>
<p>Contact Number of loan enquirer: <?php echo $customer['Telephone']; ?></p>
<p>Annual income: <?php echo 12 * $customer['Monthly_salary']; ?></p>
<p>Existing loan amount: <?php echo $customer['Existing_loan_amount']; ?></p>
<p>Residential_Type: <?php echo $customer['Residential_Type']; ?></p>
<p>Job: <?php echo $customer['Job']; ?></p>
<p>Form submission time: <?php echo date($customer['Form_Submission_Time']); ?></p>
<!-- DELETE FORM -->
<form action="details.php" method="POST">
<input type="hidden" name="id_to_delete" value="<?php echo $customer['id']; ?>">
<input type="submit" name="delete" value="Delete" class="btn brand z-depth-0">
</form>
<?php else : ?>
<h5>No such customer exists.</h5>
<?php endif ?>
</div>
<?php include 'templates/footer.php'; ?>
</html>
Your details page starts with these three line:
include 'config/db_connect.php';
include 'config/db.php';
include 'index.php';
As you can see, in the third line, you include index.php. My best guess is that that is the reason you see it in the details page.
I am trying to insert form data to my profile table when I click the add button, but whenever I test my code below it just reloads my add.php page and clears the form instead of adding it to my table.
add.php code:
<?php
//connection to the database
$pdo = require_once 'pdo.php';
session_start();
//if user is not logged in redirect back to index.php with an error message
if(!isset($_SESSION['user_id'])){
die("ACCESS DENIED");
return;
}
//if the user requested cancel go back to index.php
if(isset($_POST['cancel'])){
header('Location: index.php');
return;
}
//handling incoming data
$uid = $_SESSION['user_id'];
if (isset($_POST['first_name']) && isset($_POST['last_name']) &&
isset($_POST['email']) && isset($_POST['headline']) && isset($_POST['summary'])){
if (strlen($_POST['first_name']) == 0 || strlen($_POST['last_name']) == 0 ||
strlen($_POST['email']) || strlen($_POST['headline']) == 0 || strlen($_POST['summary']) == 0){
$_SESSION['error'] = "All fields are required";
header("Location: add.php");
return;
}
if(strpos($_POST['email'], '#') === false){
$_SESSION['error'] = "Email address must contain #";
header("Location: add.php");
return;
}
$stmt = $pdo->prepare('INSERT INTO profile
(user_id, first_name, last_name, email, headline, summary)
VALUES ( :uid, :fn, :ln, :em, :he, :su)');
$stmt->execute(array(
':uid' => $uid,
':fn' => $_POST['first_name'],
':ln' => $_POST['last_name'],
':em' => $_POST['email'],
':he' => $_POST['headline'],
':su' => $_POST['summary'])
);
$_SESSION['success'] = "profile added";
header("location: index.php");
return;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Profile Add</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Adding Profile for UMSI</h1>
<form method="post" action="index.php">
<p>First Name:
<input type="text" name="first_name" size="60"/></p>
<p>Last Name:
<input type="text" name="last_name" size="60"/></p>
<p>Email:
<input type="text" name="email" size="30"/></p>
<p>Headline:<br/>
<input type="text" name="headline" size="80"/></p>
<p>Summary:<br/>
<textarea name="summary" rows="8" cols="80"></textarea>
<p>
<input type="submit" name="add" value="Add">
<input type="submit" name="cancel" value="Cancel">
</p>
</form>
</div>
</body>
</html>
here I created my connection to the database using pdo connection and also require my config.php file for database sign in credentials
here is my pdo.php code:
<?php
require_once 'config.php';
//setting DSN
$dsn = "mysql:host=$host;dbname=$dbname;charset=UTF8";
//creating a PDO instance
try{
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if($pdo){
echo "database connected Successfully";
return;
}
}catch(PDOException $e){
echo $e->getMessage();
}
?>
my database sign in credentials are in this file, the username, password and dbname are not necessarily correct, I only changed them for the sake of asking.
here is my config.php code:
<?php
//my variables
$host = 'localhost';
$user = 'myusername';
$password = 'mypass';
$dbname = 'mydb';
?>
my index.php code has a static display for the profile entries, I wanted to be able to add the profiles first so I can make it dynamically display the profiles but here is my index.php code:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
enter code here
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
I'm trying to retrieve my logged in user data to no avail. Please check my
enter code here private function getUserData($user_name)
{
// if database connection opened
if ($this->databaseConnection()) {
// database query, getting all the info of the selected user
$query_user = $this->db_connection->prepare("SELECT * FROM users WHERE user_name='$_SESSION['user_name']'");
$query_user->bindValue(':user_name', $user_name, PDO::PARAM_STR);
$query_user->execute();
// get result row (as an object)
return $query_user->fetchObject();
} else {
return false;
}
}
Got the way to move about it ,Thanks #ADyson for the response and follow up
code:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>YOUR ORDER , We will contact you in a few !!!!</title>
<link href="assets/css/bootstrap.min.css" rel="stylesheet">
<link href="assets/css/main.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<?php include 'header.php'; ?>
<section>
<div class="container">
<strong class="title">MY ORDERS</strong>
</div>
<div class="profile-box box-left">
<?php
require('db.php');
// SQL query
$strSQL = "SELECT user_name, phone, firstname, lastname, service, referal,user_registration_datetime FROM users WHERE user_name = '".$_SESSION['user_name']."'";
// Execute the query (the recordset $rs contains the result)
$rs = mysqli_query($myConnection, $strSQL);
// Loop the recordset $rs
// Each row will be made into an array ($row) using mysqli_fetch_array
while($row = mysqli_fetch_array($rs)) {
echo WORDING_PROFILE_PICTURE . '<br/>' . $login->user_gravatar_image_tag;
echo "<div class='info'> <strong>NAME:</strong> <span>".$row['firstname'].", ".$row['lastname']."</span></div>";
echo "<div class='info'><strong>phone No:</strong> <span>".$row['phone']."</span></div>";
echo "<div class='info'><strong>SERVICE:</strong> <span>".$row['service']."</span></div>";
echo "<div class='info'><strong>REFERAL:</strong> <span>".$row['referal']."</span></div>";
echo "<div class='info'><strong>DATE QUERIED:</strong> <span>".$row['user_registration_datetime']."</span></div>";
}
// Close the database connection
mysqli_close($myConnection);
?>
<div class="options">
<a class="btn btn-primary" href="editprofile.php">Edit Profile</a>
<a class="btn btn-success" href="changepassword.php">Change Password</a>
</div>
</div>
</section>
<script src="assets/js/jquery-3.1.1.min.js"></script>
<script src="assets/js/bootstrap.min.js"></script>
<script src="assets/js/main.js"></script>
</body>
</html>
My reports.php page keeps redirecting me back to the login page even though i have supposedly logged into the website. I am not quite sure what i might be doing wrong here.
reports page:
<?php require_once('dbadmin.php');?>
<?php
session_start();
$user = $_SESSION['users'];
if(!isset($users)){
header("Location:admin_login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>e</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<header><img src="images/eastersealsclevelogo.png" alt="Easter Seals Logo" width="445" height="300"</img> </header>
<nav>
<ul>
<li>Home</li>
<li>Run Sign-Up</li>
<li>Refer-a-Friend</li>
<li>Admin Login</li>
<li>Reports</li>
</ul>
</nav>
<h1>Reports</h1>
<table border="1" style="width:100%">
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>Email</th>
<th>Address</th>
<th>City</th>
<th>State</th>
<th>Distance</th>
</tr>
<?php
include('dbuser.php');
$select = "SELECT `fname`, `lname`, `email`, `distance` FROM runner ORDER BY `lname`";
$result = mysql_query($connect, $select) or die ('Oops! '.mysql_error($connect));
if($rowcnt==0){
echo "<tr><td colspan=3>There are currently no results.</td</tr>";}
while($row = mysql_fetch_assoc($result)) {
echo '<tr><td>'.$row['fname'].'</td>';
echo '<td>'.$row['lname'].'</td>';
echo '<td>'.$row['email'].'</td>';
echo '<td>'.$row['distance'].'</td></tr>';
}
?> </table>
<footer></footer>
</body>
</html>
adminlogin page:
<?php require_once('dbadmin.php');?>
<?php
session_start();
if(isset($_POST['adminlogin'])) {
$username = trim($_POST['user']);
$password = trim($_POST['password']);
include('dbadmin.php');
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die("Invalid query: ".mysql_error());
if(mysql_num_rows($result)==0) {
$confirm = '<h2 style="color:red;">Invalid Credentials!</h2>';
} else {
$_SESSION['user'] = $username;
$confirm = '<h2> Login Successful</h2>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>My Gaming Products Site</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<html lang="en">
<head>
<meta charset="UTF-8">
<title></title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<header><img src="images/eastersealsclevelogo.png" alt="Easter Seals Logo" width="445" height="300"/> </header>
<nav>
<ul>
<li>Home</li>
<li>Run Sign-Up</li>
<li>Refer-a-Friend</li>
<li>Admin Login</li>
<li>Reports</li>
</ul>
</nav>
<h1>Enter Your Login Information</h1>
<?php if(isset($confirm)) echo $confirm; ?>
<form method="post" name="adminlogin" id="adminlogin" title="adminlogin" action="admin_login.php">
<p>User: <br> <input type="text" name="user"></p>
<p>Password: <br><input type="password" name="password"></p>
<p><input type="submit" name="adminlogin" id="adminlogin" value="Login"></p>
</form>
</p>
<footer>| WDD420</footer>
</body>
</body>
</html>
I think it might be something with my reports page but i am not sure if it has anything to do with the login page either.
Try to make your script a bit more readable, I suggest with a function:
<?php
function is_loggedin()
{
return (!empty($_SESSION['users']));
}
session_start();
if(!is_loggedin()){
header("Location:admin_login.php");
exit;
}
?>
By doing $user = $_SESSION['users'] then checking if $user is set, that will always be true because you set it. You will want to check empty().
In your adminlogin.php page the session variable is $_SESSION['user']. But in reports.php page it checks for $_SESSION['users']. Change that to $_SESSION['user'] and change the variable name to $user from $users.
session_start();
$user = $_SESSION['user'];
if(!isset($user)){
header("Location:admin_login.php");
}
Try checking users by this :
session_start();
if(!isset($_SESSION['users']) && empty($_SESSION['users'])){
header("Location:admin_login.php");
}
try this for check the variable is set or not :
session_start();
if(isset($_SESSION['users']) && !empty($_SESSION['users'])) {
print_r($_SESSION['users']);
}
Try this to also to check => var_dump($_SESSION['users']);
Put session_start(); at the first line of your php page.
Note : Also keep in mind, you need to call session_start(); on each and every page if you are making use of session variables.
I'm trying to create a mobile site and I'm using sessions to get the users username. When I view the mobile site on my desktop it works fine and I can get the username of the user from page to page. But when I view the same site on my mobile browser the session doesn't carry over from page to page.
Here is my login page:
<?php
//allow sessions to be passed so we can see if the user is logged in
session_start();
ob_start();
//connect to the database so we can check, edit, or insert data to our users table
$con = mysql_connect(***info to connect to database) or die(mysql_error());
$db = mysql_select_db('dbname', $con) or die(mysql_error());
//include out functions file giving us access to the protect() function made earlier
include "./functions.php";
$userid = $_SESSION['uid'];
$lookupusername = mysql_query("SELECT * FROM users WHERE ID='$userid'");
$row = mysql_fetch_assoc($lookupusername);
$username = $row['username'];
$usercountry = $row['country'];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="apple-mobile-web-app-capable" content="yes" />
<title>15:11 Project Mobile</title>
<link rel="stylesheet" href="css/jquery.mobile-1.3.0.css" />
<link href="//netdna.bootstrapcdn.com/font-awesome/3.2.0/css/font-awesome.css" rel="stylesheet">
<script src="js/jquery-1.8.3.js"></script>
<script src="js/jquery.mobile-1.3.0.js"></script>
</head>
<body>
<!-- BEGIN LOGIN PAGE -->
<div data-role="page" id="login" style="background: #c66200;">
<div data-role="header">
</div>
<div data-role="content">
<center>
<div class="ui-grid-b">
<img src="images/logo_white.png">
</div>
</center>
<?
//check if the login session does no exist
if(strcmp($_SESSION['uid'],'') == 1){
//if it doesn't display an error message
header('Location: feed.php');
}
else {
//If the user has submitted the form
if($_POST['submit']){
//protect the posted value then store them to variables
$username = protect($_POST['username']);
$thepassword = md5($_POST['password']);
$password = protect($thepassword);
//Check if the username or password boxes were not filled in
if(!$username || !$password){
//if not display an error message
echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
}else{
//if the were continue checking
//select all rows from the table where the username matches the one entered by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$num = mysql_num_rows($res);
//check if there was not a match
if($num == 0){
//if not display an error message
echo "<center>The <b>Username</b> you supplied does not exist!</center>";
}else{
//if there was a match continue checking
//select all rows where the username and password match the ones submitted by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
$num = mysql_num_rows($res);
//check if there was not a match
if($num == 0){
//if not display error message
echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
}else{
//if there was continue checking
//split all fields fom the correct row into an associative array
$row = mysql_fetch_assoc($res);
//check to see if the user has not activated their account yet
if($row['active'] != 1){
//if not display error message
echo "<center>You have not yet <b>Activated</b> your account!</center>";
}else{
//if they have log them in
//set the login session storing there id - we use this to see if they are logged in or not
$_SESSION['uid'] = $row['id'];
//show message
echo "<center>You have successfully logged in!</center>";
//update the online field to 50 seconds into the future
$time = date('U')+50;
mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
//redirect them to the usersonline page
$loginpage="#feed";
header("Location: feed.php" . $loginpage);
exit();
}
}
}
}
}
}
?>
<center>
<form action="index.php#feed" method="post" data-ajax="false">
<div style="width: 75%; border-top: 1px solid #ffffff; margin-top: 20px; padding-top: 20px; border-bottom: 1px solid #ffffff; margin-bottom: 20px; padding-bottom: 20px;">
<div class="ui-hide-label">
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="" placeholder="username" data-mini="true" style="color: #c66200;"/><br>
<label for="password">password:</label>
<input type="password" name="password" id="password" value="" placeholder="password" data-mini="true" style="color: #c66200;"/><br>
</div>
<div style="width: 40%;">
<input type="submit" data-role="button" name="submit" value="Login" data-mini="true" style="color: #c66200 !important;"/>
</div>
</div>
</center>
<?
ob_end_flush();
?>
</div>
<div data-role="footer">
</div>
</div>
<!-- END LOGIN PAGE -->
</body>
</html>
Here is what I have for my feed.php page which the login page routes to. I can get the users info on this page. Whenever I click a link to go to the "browseresults" page the information doesn't carry over.
<?php
//allow sessions to be passed so we can see if the user is logged in
session_start();
ob_start();
//connect to the database so we can check, edit, or insert data to our users table
$con = mysql_connect(***db info***) or die(mysql_error());
$db = mysql_select_db('dbname', $con) or die(mysql_error());
//include out functions file giving us access to the protect() function made earlier
include "./functions.php";
$userid = $_SESSION['uid'];
$lookupusername = mysql_query("SELECT * FROM users WHERE ID='$userid'");
$row = mysql_fetch_assoc($lookupusername);
$username = $row['username'];
$usercountry = $row['country'];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="apple-mobile-web-app-capable" content="yes" />
<title>15:11 Project Mobile</title>
<link rel="stylesheet" href="css/jquery.mobile-1.3.0.css" />
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<script src="js/jquery-1.8.3.js"></script>
<script src="js/jquery.mobile-1.3.0.js"></script>
</head>
<body>
<!-- BEGIN PAGE 3 -->
<div data-role="page" id="browse">
<div data-role="panel" id="settingspanel" data-position="left" data-display="overlay">
<ul data-role="controlgroup">
<li>Page Two</li>
<li>Page Three</li>
<li>Page Four</li>
<li>Logout</li>
</ul>
</div>
<div data-role="header" data-position="fixed" data-theme="c" data-tap-toggle="false" data-id="foo1" style="padding-top: 5px; border-bottom: 1px solid #eccfb3; padding-bottom: 5px;">
<center><img src="images/logo_app_white.png" width="30px"></center>
</div>
<div data-role="content">
<?php
$fquery = "SELECT state, city, count(city) as num FROM needs WHERE country='$usercountry' AND status='posted' GROUP BY state, city ORDER BY state, city";
if ($result = mysql_query($fquery)) {
$num_rows = mysql_num_rows($result);
echo "<table>";
$i = 1;
$cols = 2;
$prev = "";
while ($frows = mysql_fetch_array($result)) {
$fcity = $frows['city'];
$fstate = $frows['state'];
$fcitycount = $frows['num']; // num is holding your count by city
if ($fstate != $prev) {
echo "<tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr><th align='left'>$fstate</th></tr><tr>";
}
echo "<td><a href='browseresults.php?city=$fcity&state=$fstate'>$fcity, $fstate ($fcitycount)</a> </td>";
echo ($i < $num_rows) ? ((($i % $cols) == 0) ? '</tr>' : '') : '';
$i++;
$prev = $fstate;
}
echo "</table>";
}
?>
</div>
<div data-role="footer" data-position="fixed" data-theme="c" data-tap-toggle="false" data-id="foo1" style="border-top: 1px solid #eccfb3; padding-top: 5px;">
<div data-role="navbar" style="background: #ce8339;">
<ul>
<li>My Feed</li>
<li>Submit</li>
<li>Browse</li>
<li>Projects</li>
</ul>
</div><!-- /navbar -->
</div>
</div>
<!-- END PAGE 3 -->
</body>
</html>
And here is the browseresults.php page which is the page that is not getting the session data.
<?php
//allow sessions to be passed so we can see if the user is logged in
session_start();
ob_start();
//connect to the database so we can check, edit, or insert data to our users table
$con = mysql_connect(***dbinfo***) or die(mysql_error());
$db = mysql_select_db(dbname, $con) or die(mysql_error());
//include out functions file giving us access to the protect() function made earlier
include "./functions.php";
$userid = $_SESSION['uid'];
$lookupusername = mysql_query("SELECT * FROM users WHERE ID='$userid'");
$row = mysql_fetch_assoc($lookupusername);
$username = $row['username'];
$usercountry = $row['country'];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="apple-mobile-web-app-capable" content="yes" />
<title>15:11 Project Mobile</title>
<link rel="stylesheet" href="css/jquery.mobile-1.3.0.css" />
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<script src="js/jquery-1.8.3.js"></script>
<script src="js/jquery.mobile-1.3.0.js"></script>
</head>
<body>
<!-- BEGIN PAGE 1 -->
<?
echo "$username";
?>
<!-- END PAGE 1 -->
</body>
</html>
no username is outputted. Can anyone help explain why and help me get this sorted out please?