PHP Log in to show details - php

The website has a login system, however when a user logs into the website I simply want their details to appear on the next page. This is my code I so far. Problem is, I only want to display the logged in users details, not all the databases details.
<?php $servername = "localhost"; $username = "root"; $password = ""; $dbname = "loginsystem";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, firstname, lastname FROM members";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th></tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["id"]. "</td><td>" . $row["firstname"]. " " . $row["lastname"]. "</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
LOG IN SYSTEM
<?php
session_start();
if (isset($_POST['username'])) {
include_once("dbConnect.php");
// Set the posted data from the form into local variables
$usname = strip_tags($_POST['username']);
$paswd = strip_tags($_POST['password']);
$usname = mysqli_real_escape_string($dbCon, $usname);
$paswd = mysqli_real_escape_string($dbCon, $paswd);
$sql = "SELECT id, username, password FROM members WHERE username = '$usname' AND activated = '1' LIMIT 1";
$query = mysqli_query($dbCon, $sql);
$row = mysqli_fetch_row($query);
$uid = $row[0];
$dbUsname = $row[1];
$dbPassword = $row[2];
// Check if the username and the password they entered was correct
if ($usname == $dbUsname && password_verify($paswd,$dbPassword)) {
// Set session
$_SESSION['username'] = $usname;
$_SESSION['id'] = $uid;
// Now direct to users feed
header("Location: MemberDetails.php");
} else {
echo "Oops that username or password combination was incorrect.
<br /> Please try again.";
}
}
?>

Add
session_start();
to the top of the page and then on the next page as well and then you will be able to carry over those variables once they are set.
For example:
$_SESSION['user'] = $_POST['user'];
Then on the next page call:
echo $_SESSION['user'];

You first have to implement the user login part. and after that, get the specified user id or login credentials and use that in your query.
In your LOG IN SYSTEM file, put session_start(); before including the db connection.
Then in the member details page do this:
session_start(); //put this on the first line.
Then your query will now look like below:
<?php
$servername = "localhost"; $username = "root"; $password = ""; $dbname = "loginsystem";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$user_id = $_SESSION['id'];
$sql = "SELECT user_id, firstname, lastname FROM members WHERE user_id = ".$user_id;
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th></tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["id"]. "</td><td>" . $row["firstname"]. " " . $row["lastname"]. "</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
Database structure

Related

How can I connect one row to tables in database?

I'm currently working on a system for our school, and I'm having a signup/login/attendance system.
The problem is that I want to make a user which is in a row of my table to connect to another table. It is for him only the one who can access that table because it seems that whenever we login another user it redirects on the same webpage.
Is there a way I can fix that?
<?php
$mymail = $_POST["mymail"];
$mypass = $_POST["mypass"];
echo "$mymail";
//database connection to check inside table and query email and password
$servername = "localhost";
$username = "root";
$password = "admin";
$dbname = "sistema";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM userlogin where mymail ='" . $mymail . "' and mypass = '" . $mypass . "'";
$result = $conn->query($sql);
// echo $sql;
if ($result->num_rows > 0) {
// output data of each row
// while($row = $result->fetch_assoc()) {
// echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["idnumber"]. "<br>";
// }
header("Location: http://localhost/sistema/attendance/index.php"); /* Redirect browser */
} else {
header("Location: http://localhost/sistema/signup/index2.html"); /* Redirect browser */
// echo "0 results";
}
$conn->close();
?>
//THIS IS JUST THE CONNECTION TO THE DATABASE AS WELL AS THE QUERY, I separated the HTML form
you can store him user id in a session
<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
//after login that user
$_SESSION["id"] = $_Post['id'];
$_SESSION["id"] = $_Post['username'];
?>
you have to start session every page and you can use that user id anyway on your website
to call $_SESSION["id"]
if he click logout
unset($_SESSION["id"]); & unset($_SESSION["id"]);
<?php
//Start session
session_start();
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname);
if(! $conn){
die('not conected :'.mysqli_error());
}
#$conn =new mysqli("localhost","root","","mystudy");
$email = $_POST['email'];
$password = $_POST['psw'];
$qry="SELECT * FROM users_table WHERE user_email='$email' AND user_password='$password'";
$result=mysqli_query($conn,$qry);
if($result) {
if(mysqli_num_rows($result) > 0) {
//Login Successful
$users = mysqli_fetch_assoc($result);
session_regenerate_id();
$_SESSION['SESS_user_ID'] = $users['id'];
$_SESSION['SESS_user'] = $users['user_name'];
$_SESSION['SESS_user_EMAIL'] = $users['user_email'];
session_write_close();
header("Location: /any your path url/page.php");
}else{
header("Location: /any your path url/error_page.php");
}
?>
index.php
<?php
//Start session
session_start();
$userid=$_SESSION['SESS_user_ID'];
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT * FROM users_table WHERE id='$userid'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
?>
<table>
<tr>
<th>ID</th>
<th>NAME</th>
<th>EMAIL</th>
</tr>
<tr>
<?php
while($row = mysqli_fetch_assoc($result)) {
<td><?php echo $row["id"];?></td>
<td><?php echo $row["username"];?></td>
<td><?php echo $row["email"];?></td>
<?php } }?>
</tr>
</table>

Echo only current user details

please can someone help me with this code? It shows all the users’ info but i need it to show only the info of the logged user.
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "username";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT AEG FROM users";
$result = $conn->query($sql);
if ($result->num_rows > 3) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["AEG"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
Upon login, store the email/username/id in a $_SESSION variable;
$_SESSION['email'] = $email; // in this example I used email
Then on your file, you can access session variables using $_SESSION['variable'] and use it on your sql statement;
My modifications are the ones with comments.
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "username";
/*Store session data in a variable*/
$email = $_SESSION['email'];
/**********************************/
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
/*Add where clause to your sql statement*/
$sql = "SELECT AEG FROM users WHERE email ='".$email."'";
/****************************************/
$result = $conn->query($sql);
if ($result->num_rows > 3) {
while($row = $result->fetch_assoc()) {
echo "id: " . $row["AEG"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
Try this one if you are having 4 user then it is showing only one
if($result->num_rows > 0)
{
while($row = $result->fetch_assoc())
{
echo "id: " . $row["AEG"]. "<br>";
}
}
else
{
echo "0 results";
}

Php getting id of current user not working

I was trying to make a page where you can log in and then change your nickname or/and password. Everything in mySQL database, but when I try to save the id to session variable, it doesn't work. Any suggestions?
I am using XAMPP, users is my table in database users, I'm not posting login form code, because it's very simple.
Everything is connected, code doesn't give any warnings or errors.
login.php (fragment):
$sql = "SELECT * FROM users WHERE nickname = '$myusername' and pass = '$mypassword' and confirmed = 1";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$logged = true;
while($row = mysqli_fetch_assoc($result)) {
echo "id: " . $row["id"];
$_SESSION['currentId'] = $row["id"];
echo 'Id: ' . $_SESSION['currentId'];
}
}else {
$error = "Your Login Name or Password is invalid";
}
}
change.php (whole):
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "Users";
$currentId = $_SESSION['currentId'];
if($currentId<1){echo 'No Id.';}
else {echo 'CurrentId: ';
echo $currentId;}
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully <br>";
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$aCUname = mysqli_real_escape_string($conn,$_POST['CUname']);
$aCUpass = mysqli_real_escape_string($conn,$_POST['CUpass']);
$sql = "UPDATE users SET nickname = '$aCUname', pass = '$aCUpass' WHERE id = '$currentId';";
$result = mysqli_query($conn,$sql);
echo 'Updated successfully.';
}
?>
Thanks for help.
I got a solution. I just had to delete
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
from login.php. Thanks to #Shashikumar Misal !

show results with same username php

I have a database which stores data. How can I view data in my database with the same username as my session? What I have tried is below. There is a session and the username is uploading in each row in the database.
This is what I'm trying to do: say I logged in as jack I typed data in and sent it to the database. It saves the name as jack and then only views the results with jack. But it is saying 0 results. Why?
<?php
session_start();
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
echo "$username";
}
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "score";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$username."' ORDER BY id DESC LIMIT 5";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<p></p>";
echo "". $row["name"]. "";
echo "<p>". $row["description"]. "</p>";
}
} else {
echo "0 results";
}
$conn->close();
?>
you have two mistakes
1- SQL syntax error, correct syntax is
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$username."'";
2- the variable $username is overwritten by the username of the database
try this:
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$_SESSION['username']."'";

Getting User Data Based on Their Information

This first field is where a web visitor will enter in the 'cardname' hit submit and be directed to another page (dashboard2.php) where only his or her content will appear.
Enter your cardname to access your content<br>
<form action='dashboard2.php'>
<input type='text' name='cardname'/><input type='submit' value='retrieve card'/>
</form>
</body>
The page below is the page that is directed after the user enters in the 'cardname' from the first input field. However, I only want this second page to show the information based on the cardname that was entered. Right now, it shows every single cardname, questionone, answerone from that table.
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "flashcards";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT cardname, questionone, answerone FROM cards";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<br> ". $row["cardname"]. " ". $row["questionone"]. " " . $row["answerone"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
You have to modify the query to accept a WHERE clause. For instance, WHERE cardname = mysqli_real_escape_string($conn, $_GET['cardname']) (The default method for any form is GET unless you specify method="post".).
You should learn about prepared statements for MySQLi and perhaps consider using PDO, it's really not hard.
It seems that you want to perform a search and not a display all the records.
Usually a search returns records that match a certain field, unless a specific ID or unique value was entered in the search. I'm not sure this is the case.
I put this together a little quick but hopefully it helps...
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "flashcards";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// escape the string to avoid SQL injections
$searchEscaped = $conn->real_escape_string($_POST['cardname']);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT cardname, questionone, answerone FROM cards WHERE cardname = '$searchEscaped' ";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
if($result->num_rows == 1){
// only one result found, show just that
$row = $result->fetch_assoc()
echo "<br> ". $row["cardname"]. " ". $row["questionone"]. " " . $row["answerone"] . "<br>";
}else{
// multiple rows found, show them all
while($row = $result->fetch_assoc()) {
echo "<br> ". $row["cardname"]. " ". $row["questionone"]. " " . $row["answerone"] . "<br>";
}
}
} else {
echo "0 results";
}
$conn->close();
?>

Categories