I want to display the data for user 1 from database A right after he logged in, right now the page showing all the data from the table.
currently I have 2 table which is for user login and user transaction. so after they logged in, i want them to be able to view their own record. After do searching, im thinking that it has something to do with session.
can someone help me?
connection.php
<?php
$mysql_host = "localhost";
$mysql_user = "root";
$mysql_pass = "";
$mysl_database = "mockup";
$conn = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysl_database, $conn);
?>
login.php
<?php
include("connection.php");
if(isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = "SELECT * FROM user
WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);
if($numRows==1) {
session_start();
$_SESSION["ID"] = $ID;
header("Location: ./profile_page.php");
} else {
echo "Invalid Login Information";
}
}
?>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<table>
<tr><td>User Name</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="password" /></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Login" /></td></tr>
</table>
</form>
profile_page.php
<?php
session_start(); // start the session
include("connection.php");
$ID = $_SESSION["ID"]; // store the user id into session
$sql = "SELECT * FROM transaction WHERE ID='$ID'";
$result = mysql_query($sql);
if($row = mysql_fetch_array($result)) {
$deposit = $row["deposit"];
echo "
<table>
<tr><td>transaction</td><td> : </td><td>$transaction</td></tr>
</table>
";
}
?>
connection.php
<?php
$mysql_host = "localhost";
$mysql_user = "root";
$mysql_pass = "";
$mysl_database = "database_name";
$conn = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysl_database, $conn);
?>
login.php
<?php
include("connection.php");
if(isset($_POST["submit"])) {
$username = $_POST["username"];
$pass = $_POST["pass"];
$sql = "SELECT * FROM tbl_user
WHERE username='$username' AND pass='$pass'";
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);
if($numRows==1) {
session_start();
$_SESSION["userid"] = $userid;
header("Location: ./profile_page.php");
} else {
echo "Invalid Login Information";
}
}
?>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<table>
<tr><td>User Name</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="pass" /></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Login" /></td></tr>
</table>
</form>
profile_page.php
<?php
session_start(); // start the session
include("connection.php");
$user_id = $_SESSION["userid"]; // store the user id into session
$sql = "SELECT * FROM tbl_user WHERE user_id='$user_id'";
$result = mysql_query($sql);
if($row = mysql_fetch_array($result)) {
$username = $row["username"];
$name = $row["name"];
$email = $row["email"];
echo "
<table>
<tr><td>User Name</td><td> : </td><td>$username</td></tr>
<tr><td>Name</td><td> : </td><td>$name</td></tr>
<tr><td>Email</td><td> : </td><td>$email</td></tr>
</table>
";
}
?>
you can protect and access the user data after they logged in sucessfully by the help of session.
you could use session_start() for start new session or resume existing session.
<?php
session_start();
if(empty($_SESSION['user_sesion_variable']))
{
header("location:login.php");
die();
}
// here go your user database value
Related
I have 3 pages, I am trying to create a simple member login system using session .
In my first page ( index.php) I have database connection, session setup and this following login from :
<form action="index.php" method="POST">
<table>
<tr>
<td><label>Username</label></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><label>Password</label></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submitbtn" value="Login" /></td>
</tr>
</table>
</form>
In member's profile page (member.php), I have a table to fetch data from database of that specific member logged in :
<table>
<?php $members=getMember(); ?>
<?php while($member = $members->fetch_assoc()) : ?>
<tr><td><label>Name</label></td><td><?php echo $member['name'];?></td></tr>
<tr><td><label>Age</label></td><td><?php echo $member['age'];?></td></tr>
<?php endwhile; ?>
</table>
and at dbconnection.php page I have this function :
<?php
function getMember(){
$db_conn = getConnection();
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
if(!$db_conn) return false;
$sql = "SELECT * FROM member WHERE username ='$username' AND password='$password'";
$result = $db_conn->query($sql);
$db_conn->close();
return $result;
}
The code of session setup are :
<?php
$username="";
$password="";
$success=true;
$_SESSION['username']=$username;
if(isset($_POST['username']) && isset($_POST['password']))
{
$username=$_POST['username'];
$password=$_POST['password'];
if(check_in_db($username,$password)){
$_SESSION['logged_in']=1;
$_SESSION['username']=$username;
header("Location: adminPanel.php");
}
else{
$success=false;
}
}
?>
But when I am logging in, data ( name and age ) is not fetching ( displaying) there in member.php page ( I can't add image, since my reputation is under 10 ).
Thank you for your time .
I would suggest you take a look at php type comparisons for how isset() works. To let you know how php session works and how users persist in different pages, you have to digg into php session. I would recommend you use PDO and its prepare method when you're dealing with user data. Here you would get a very simple example of it.
The following code is working. So please take a look at them how they are constructed:
dbconnection.php
<?php
function getConnection() {
$servername = "localhost";
$username = "root";
$password = "12345";
$dbname = "db_test";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
return $conn;
}
function check_in_db($username, $password) {
$db_conn = getConnection();
if (!$db_conn) {
return false;
}
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = $db_conn->query($sql);
return $result->num_rows > 0;
}
function getMember($username, $password) {
$db_conn = getConnection();
if (!$db_conn) {
return false;
}
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = $db_conn->query($sql);
return $result;
}
index.php
<?php
session_start();
require_once('./dbconnection.php');
$success = true;
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if(check_in_db($username, $password)) {
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: adminPanel.php");
}
else{
$success=false;
}
}
?>
<form action="index.php" method="POST">
<table>
<tr>
<td><label>Username</label></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><label>Password</label></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submitbtn" value="Login" /></td>
</tr>
</table>
</form>
and member.php
<?php
session_start();
require_once('./dbconnection.php');
$username = $_SESSION['username'];
$password = $_SESSION['password'];
$members = getMember($username, $password);
?>
<table>
<?php while($member = $members->fetch_assoc()) : ?>
<tr><td><label>Name</label></td><td><?php echo $member['name'];?></td></tr>
<tr><td><label>Age</label></td><td><?php echo $member['age'];?></td></tr>
<?php endwhile; ?>
</table>
I am working on login system. But, i cannot log in. I have set my database table.
login.php
<?php
session_start();
if(isset($_POST['login'])) {
include_once("db.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
and this is db.php
<? php
$db=mysqli_connect('192.168.1.113:8080','root','hidden','av');
?>
connent of users table
id
username
password
Edit Edit
Copy Copy
Delete Delete
1
a
0cc175b9c0f1b6a831c399e269772661
Your form code look right. Just change like below your login.php code:-
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('host-name','user-name','password','database-name');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
Note:- i have added connection code here only,so change the credentials there. And use this same code to check working or not?
Also if you are working on your local then change ip address to localhost and check. If it will work then it will work with include("db.php") too.I mean to say try with $conn = mysqli_connect('localhost','root','aleksandar','av');
Here is the working login.php
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('localhost','root','aleksandar','av');
$db = new mysqli('localhost','root','aleksandar','av');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
Oh Okay.
Lets try debugging one step at a time then.
In your db.php file, use this:
// Connecting to mysql database
$db = new mysqli('192.168.1.113:8080','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
If you get any error, please dump it here for debugging.
Updated.
// Connecting to mysql database
$db = new mysqli('localhost','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
I cannot get $userLabel ($_SESSION['nickname']) to print. I am using phpmyadmin with apache on a localhost.
I cannot seem to figure out to problem. I have the row made in phpmyadmin and I know it is in row 4. Could it be a wrong method or something? I am new to PHP and trying to best to figure it out. Any solutions or addition help would be great! Thank you!
login:
if($_POST['submit']) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, nickname FROM users WHERE username = '$username' AND activated = '1' LIMIT 1";
$query = mysqli_query($connect, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$userLabel = $row[4];
}
if ($username == $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
$_SESSION['nickname'] = $userLabel;
header('Location: user.php');
}
else {
echo "Error: password mismatch.";
}
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post">
<li>
<input type="text" name="username" placeholder="Username">
</li>
<li>
<input type="password" name="password" placeholder="Password">
</li>
<li>
<input type="submit" name="submit" value="Sign In">
</li>
</form>
</body>
<html>
webpage:
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
$userLabel = $_SESSION['nickname'];
}
else {
header('Locaion: index.php');
die();
}
?>
<html>
<head>
</head>
<body>
<p><font color="white">Hello <?php echo $userLabel; ?>.</font></
</body>
<html>
<?php $userLabel = $row[3]; ?>
<p><font>Hello <?php echo $userLabel; ?>.</font></p>
I was making a login page. so I already can login into another page. then in my login page I need to put remember me checkbox and PHP. so which part in this codes that I need to put my "remember me " codes ? please help me.
this is login1.php
<?php
session_start();
//database connection
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "lala";
// Create connection
$link = mysql_connect($servername,$username,$password) or die("Could not connect");
$db= mysql_select_db("$dbname",$link) or die ("Could not select database");
$login = $_POST['login'];
$password = md5($_POST['password']);
$rememberme = $_POST['remember_me'];
$result = mysql_query("SELECT * from admin WHERE working_id = '$login' and password = '$password'");
$count = mysql_num_rows($result);
if($count==1)
{
//check remember me is on or off
//if off then session login
//else add cookie
$_SESSION['username'] = $login;
$_SESSION['password'] = $password;
$result1 = mysql_query("SELECT * from admin WHERE working_id = '$login' and password = '$password'");
while($row = mysql_fetch_array($result1)){
$_SESSION['gp'] = $row['gpType'];
}
header('Location:dashboard.php');
}
else
{
$_SESSION['username'] = NULL;
$_SESSION['password'] = NULL;
?>
<script type = "text/Javascript">
alert("Sorry , wrong username or password");
setTimeout("location.href = 'abc.php';");
</script>
<?php
}
?>
this is my html
<p><input type="password" name="password" value="" placeholder="Password"></p>
</div>
<div id="form2">
<p class="remember_me">
<label>
<input type="checkbox" name="remember_me" id="remember_me">
Remember me
</label>
</p></div>
<div id="form3">
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</div>
Just Use this code after getting the $login and $password
<?php
if($_POST["remember_me"]=='1' || $_POST["remember_me"]=='on')
{
$hour = time() + 3600 * 24 * 30;
setcookie('username', $login, $hour);
setcookie('password', $password, $hour);
}
?>
I have that people can add team names to my MySQL table. Now I want them to edit it. I have tried several tutorials but i can't figure it out. I like to know what i am doing wrong.
This is my admin.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if(isset($_POST['team'])){
$team = $_POST['team'];
$ID = $_POST['id'];
$query = mysql_query("SELECT * FROM e2teams WHERE Team='$team' and ID='$ID'");
if(mysql_num_rows($query) > 0 ) { //check if there is already an entry for that username
echo "$team bestaat al!";
}
else{
mysql_query("INSERT INTO e2teams (Team) VALUES ('$team')");
header("location:e2admin.php");
}
}
mysql_close();
?>
<html>
<body>
<h1>Add teams</h1>
<form action="e2admin.php" method="POST">
<input type="text" name="team" placeholder="Team naam" /><br>
<input type="submit" value="Toevoegen" />
</form>
<?php
$table = "e2teams";
$sql = "SELECT * FROM e2teams";
$result = mysql_query($sql, $dbhandle);
if(mysql_num_rows($result) > 0){
while($row = mysql_fetch_array($result)) {
echo $row['Team']. "<a href='edit.php?edit=$row[1]'>Bewerk</a><br>";
}
}
?>
</body>
</html>
The add teams works. but the edit button doesn't work yet. If I click on edit I go to the edit.php page; here I want to add the new name and need the Team to change in the MySQL row.
This is my edit.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if( isset($_GET['edit'])) {
$id = $_GET['edit'];
$res = mysql_query("SELECT * FROM e2teams");
$row= mysql_fetch_array($res);
}
if (isset ($_POST['nieuwenaam'])) {
$newname = $_POST['nieuwenaam'];
$id = $_POST['id'];
$sql = "UPDATE e2teams SET Team='$newname' WHERE id='$id'";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php'>";
}
?>
<html>
<body>
<form action="edit.php" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"s" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
I also like to know how to delete team names but this is maybe for a next question.
This should work:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
$id = intval($_GET['edit']);
if($id > 0) {
$res = mysql_query("SELECT * FROM e2teams WHERE `id` = $id");
$row= mysql_fetch_array($res);
$newname = mysql_real_escape_string($_POST['nieuwenaam']);
if (!empty($newname)) {
$sql = "UPDATE e2teams SET Team='$newname' WHERE id=$id";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php?edit=$id'>";
}
}
?>
<form action="edit.php?edit=<?= $id; ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
Edit: Also, about the intval() and mysql_real_escape_string(). Since you were using $_GET without any filter, I've added intval() function on it. Without filtering $id you could've been easily attacked by some sort of e.g. SQL Injection. Same with mysql_real_escape_string(). You might read about this filter function in php manual. For further study I recommend changing mysql_ functions to PDO or mysqli prepared statements. Happy coding!
Check your edit form. You have to put the value attribute like this value="s" no like value"". I think thats all.
I assume when they click on the edit link it's passing the id of the team so the edit.php select should be something like:
$id = (int)$_GET['edit'];
if (!empty($id))
{
$sql = "SELECT * FROM e2teams WHERE id='$id'";
$result = mysqli_query($sql);
$row = mysql_fetch_assoc($res);
}
//... keep the rest of code as is
Now you need to change the HTML form to:
<form action="edit.php?edit=<?php echo $row['id'] ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" value="<?php echo $row['Team'] ?>" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"<?php echo $row['id'] ?>" /><br>
<input type="submit" value="Update" />
</form>