make session for pdo php - php

base on my question here i was able to make a session but what i dont get is that i dont direct to the welcome page no matter what i do here is the code.
lock.php
<?php
include('config.php');
session_start();
$user_check=$_SESSION['login_user'];
$stmt = $dbh->prepare("SELECT * FROM member WHERE username = ? ") ;
$stmt->bindValue(1,$user_check);
$stmt->execute();
$selected_row = $stmt->fetch(PDO::FETCH_ASSOC);
$login_session=$selected_row['username'];
if(!isset($login_session))
{
header("Location: login.php");
}
?>
crud.php
<?php
include_once('config.php');
$error="";
function LoginUser() {
echo "login";
global $dbh;
if(!empty($_POST['un'])){
$username = trim($_POST['un']);
$password = trim($_POST['pw']);
$stmt = $dbh->prepare("SELECT * FROM member WHERE username = ? ") ;
$stmt->bindValue(1,$_POST['un']);
$stmt->execute();
$selected_row = $stmt->fetch(PDO::FETCH_ASSOC);
if($selected_row['username']===$_POST['un']){
if($selected_row['password']===$_POST['pw']){
$_SESSION['username'] = $_POST['un'];
echo $_SESSION['username'];
header("location: welcome.php");
die();
}else{
echo "incorrect password";
header("location: login.php");
die();
}
}else{
echo "user does not exist";
header("location: login.php");
die();
}
}else{
echo "empty";
header("location: login.php");
die();
}
}
function SignUp(){
global $dbh;
if(!empty($_POST['un'])){
$username = trim($_POST['un']);
$password = trim($_POST['pw']);
$stmt = $dbh->prepare("SELECT * FROM member WHERE username = ?") ;
$stmt->bindValue(1,$_POST['un']);
$stmt->execute();
$selected_row = $stmt->fetch(PDO::FETCH_ASSOC);
//if(!empty($stmt->rowCount())){
if($selected_row['username']===$_POST['un']){
//echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
trigger_error("SORRY...YOU ARE ALREADY REGISTERED USER...");
}else{
NewUser();
}
}else{
header("location: signup.php");
die();
}
}
function NewUser(){
global $dbh;
$firstname = trim($_POST['fn']); //at a minimus clear whitespace.
$lastname = trim($_POST['ln']);
$username = trim($_POST['un']);
$password = trim($_POST['pw']);
$address = trim($_POST['cp']);
$stmt = $dbh->prepare("INSERT INTO member (fname,lname,username,password) VALUES (?,?,?,?)");
$stmt->bindValue(1,$firstname,PDO::PARAM_STR);
$stmt->bindValue(2,$lastname,PDO::PARAM_STR);
$stmt->bindValue(3,$username,PDO::PARAM_STR);
$stmt->bindValue(4,$password,PDO::PARAM_STR);
if($stmt->execute()){
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
if (isset($_POST['signup'])) {
//action for update here
SignUp();
}
if (isset($_POST['login'])) {
//action for delete
LoginUser();
}
if (isset($_POST['register'])) {
//action for delete
header("Location: signup.php");
}
if (isset($_POST['back'])) {
//action for delete
header("Location: login.php");
}
?>
login.php
<?php
include_once('crud.php');
include("config.php");
// Inialize session
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
<style type="text/css">
body
{
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label
{
font-weight:bold;
width:100px;
font-size:14px;
}
.box
{
border:#666666 solid 1px;
}
</style>
</head>
<body bgcolor="#FFFFFF">
<div align="center">
<div style="width:300px; border: solid 1px #333333; " align="left">
<div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style="margin:30px">
<form action="crud.php" method="post">
<form method="POST" action="crud.php">
<table border="0">
<form method="POST" action="crud.php">
<tr>
<td>UserName :</td>
<td>
<input type="text" name="un" class="box"/>
</td>
</tr>
<tr>
<td>Password :</td>
<td>
<input type="password" name="pw" class="box" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="Login " name="login"/><br />
</td>
<td>
<input type="submit" value="Register " name="register"/><br />
</td>
</tr>
<tr><td><div style="font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div></td></tr>
</form>
</table>
</div>
</div>
</div>
</body>
</html>
welcome.php
<?php include("config.php");?>
<?php include("lock.php");?>
<?php include_once('crud.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Welcome </title>
</head>
<body>
<h1>Welcome <?php echo $login_session; ?></h1>
<h2>Sign Out</h2>
</body>
</html>
from the above code there are a few question i have in mind..
Why is it that i am not directing to welcome when infact i log in correctly.
Is it possible that the lock.php is getting nothing?i mean no value for username.
I am using this in local and I cant access debug in chrome so I have no idea where I get error.
fyi this is from a tutorial.


simple answer:
include_once('crud.php');
in the lock.php because it where the data is from.

Related

PHP Registration Username/Password Incorrect

I am not sure what the problem is here. The user data is in my MySQL database, and correct. However when I try to login I get an error saying user/password is incorrect. I am trying to login using the users email address. In addition I want to add the first name, and user id to the session.
<?php
session_start();
include_once 'dbconnect_new.php';
if(isset($_SESSION['user'])!="")
{
header("Location: ../index.php");
}
if(isset($_POST['btn-login']))
{
$s_email = mysql_real_escape_string($_POST['email']);
$s_password = mysql_real_escape_string($_POST['password']);
$s_email = trim($s_email);
$s_password = trim($s_password);
$res=mysql_query("SELECT student_id, student_password, student_firstname FROM studentdata WHERE student_email='$s_email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if($count == 1 && $row['student_password']==md5($s_password))
{
$_SESSION['user'] = $row['student_id'];
header("Location: ../index.php");
}
else
{
?>
<script>
alert('Username / Password Seems Wrong !');
</script>
<?php
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>New Reg Page</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<div id="login-form">
<form method="post">
<table align="center" width="30%" border="0">
<tr>
<td>
<input type="text" name="email" placeholder="Your Email" required />
</td>
</tr>
<tr>
<td>
<input type="password" name="password" placeholder="Your Password" required />
</td>
</tr>
<tr>
<td>
<button type="submit" name="btn-login">Sign In</button>
</td>
</tr>
<tr>
<td>Sign Up Here</td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>

Try this code:-
$s_email = mysql_real_escape_string($_POST['email']);
$s_password = mysql_real_escape_string($_POST['password']);
$s_email = trim($s_email);
$s_password = md5(trim($s_password));
$res=mysql_query("SELECT student_id, student_firstname FROM studentdata WHERE student_email='$s_email' AND student_password = '$s_password'");
if (!$res) {
// Debug query result by below code
//echo 'Could not run query: ' . mysql_error();
//exit;
echo '<script language="javascript">';
echo 'alert("Username / Password Seems Wrong !")';
echo '</script>';
}else{
$row = mysql_fetch_row($result);
$stu_id = $row[0];
$stu_fname = $row[1];
$_SESSION['user'] = $stu_id;
header("Location: ../index.php");
}
Hope this will help you :)

Php login form is not working with pdo connection

Here is my index.php:
<?php
session_start();
//DB configuration Constants
define('_HOST_NAME_', 'localhost');
define('_USER_NAME_', 'root');
define('_DB_PASSWORD', '');
define('_DATABASE_NAME_', 'myblog');
//PDO Database Connection
try {
$databaseConnection = new PDO('mysql:host='._HOST_NAME_.';dbname='._DATABASE_NAME_, _USER_NAME_, _DB_PASSWORD);
$databaseConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
if(isset($_POST['submit'])){
$errMsg = '';
//username and password sent from Form
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($username == '')
$errMsg .= 'You must enter your Username<br>';
if($password == '')
$errMsg .= 'You must enter your Password<br>';
if($errMsg == ''){
$records = $databaseConnection->prepare('SELECT id,username,password FROM tbl_users WHERE username = :username');
$records->bindParam(':username', $username);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
if(count($results) > 0 && password_verify($password, $results['password'])){
$_SESSION['username'] = $results['username'];
header('location:dashboard.php');
exit;
}else{
$errMsg .= 'Username and Password are not found<br>';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page PHP Script</title>
<style type="text/css">
body
{
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label
{
font-weight:bold;
width:100px;
font-size:14px;
}
.box
{
border:1px solid #006D9C;
margin-left:10px;
width:60%;
}
.submit{
border:1px solid #006D9C;
background-color:#006D9C;
color:#FFFFFF;
float:right;
padding:2px;
}
</style>
</head>
<body bgcolor="#FFFFFF">
<div align="center">
<div class="tLink"><strong>Tutorial Link:</strong> Click Here</div><br />
<div class="tLink"><strong>Demo Login Detail:</strong> demo / demo </div><br />
<div style="width:300px; border: solid 1px #006D9C; " align="left">
<?php
if(isset($errMsg)){
echo '<div style="color:#FF0000;text-align:center;font-size:12px;">'.$errMsg.'</div>';
}
?>
<div style="background-color:#006D9C; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style="margin:30px">
<form action="" method="post">
<label>Username :</label><input type="text" name="username" class="box"/><br /><br />
<label>Password :</label><input type="password" name="password" class="box" /><br/><br />
<input type="submit" name='submit' value="Submit" class='submit'/><br />
</form>
</div>
</div>
</div>
</body>
</html>
and this is logout.php:
<?php
session_start();
session_destroy();
header("location:index.php");
exit;
?>
and finally dashboard.php:
?php
session_start();
echo 'Welcome '.$_SESSION['username'];
?>
<br /><a href='logout.php'>Logout</a>
when i entered input details and submit.. it shows username and password is not found.
I created database and insert sql query is fine..
May i know, what my mistake?
Thanks,

Please try this <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> I think you miss this

In this line if(count($results) > 0 && password_verify($password, $results['password'])){ you are using password_verify
I see two things.
First - Where is your hash?
Second - The line itself is incorrect.
It should be... if(count($results) > 0 && password_verify($password, $hash)){
BUT... prior to using this you have to get the hash for that record. Most likely stored in a hash table when the user was created. And define the variable like this... $hash = $row['hash']
If you are not hashing your passwords, change your sql statement to 'SELECT id,username,password FROM admin WHERE username=:username AND password=:password'. Then create another parameter binding for password.
NOTE: proper binding should be done like the following:
$records->bindValue(':id', $id, PDO::PARAM_INT); // for integers
$records->bindValue(':username', $username, PDO::PARAM_STR); // for strings and dates
also it's good practice to use $totalRows = $records->rowCount(); directly underneath $results = $records->fetch(PDO::FETCH_ASSOC); to get your row count. Instead of if(count($results) && ... it would be if($totalRows > 0 && ... This way you have defined a variable that can always be used elsewhere on the page if need be.
References
password_verify

How to display a user profile pics while the user is logged in php?

I have successfully created a form that submits data and a picture of a user into my online folder and the path directory stored in the database.
My question is this how do I get users to see their picture once they are logged in?
Well Guys thanks for everything but still not getting right here is all my code
Sign Up
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#apDiv1 {
position:absolute;
width:328px;
height:216px;
z-index:1;
left: 347px;
top: 111px;
}
-->
</style>
</head>
<body>
<div id="apDiv1">
<form method="post" action="logon.php" enctype="multipart/form-data">
<table width="332" height="210" border="0">
<tr>
<td width="155">Email</td>
<td width="167"><input type="text" name="email" /></td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" name="password" /></td>
</tr>
<tr>
<td>Upload Passport</td>
<td><label>
<input type="file" name="photo" />
</label></td>
</tr>
<tr>
<td> </td>
<td><label>
<input type="submit" name="submit" value="Sign Up" />
</label></td>
</tr>
</table>
</form>
</div>
</body>
</html>
Logon.php
<?php
include('connection.php');
if (!isset($_FILES['photo']['tmp_name'])) {
echo "";
}else{
$file=$_FILES['photo']['tmp_name'];
$image= addslashes(file_get_contents($_FILES['photo']['tmp_name']));
$image_name= addslashes($_FILES['photo']['name']);
move_uploaded_file($_FILES["photo"]["tmp_name"],"photos/" . $_FILES["photo"]["name"]);
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];
$photo="photos/" . $_FILES["photo"]["name"];
$save=mysql_query("INSERT INTO info (id, email, user_name, password, photo) VALUES ('','$email','$username','$password','$photo')");
/* Redirect visitor to the thank you page */
echo '<script language="javascript">alert("Registration Succesful....")</script>';
echo '<script language="javascript">window.location = "index.php"</script>';
exit();
}
?>
Index.php
<?php
include('login.php'); // Includes Login Script
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#apDiv1 {
position:absolute;
width:391px;
height:178px;
z-index:1;
left: 334px;
top: 166px;
}
#apDiv2 {
position:absolute;
width:259px;
height:115px;
z-index:1;
left: 380px;
top: 137px;
}
-->
</style>
</head>
<body>
<div id="apDiv2">
<form method="POST" action="">
<table width="260" height="88" border="0">
<tr>
<td width="131">Username</td>
<td width="119"><label>
<input type="text" name="username" />
</label></td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><label>
<input type="submit" name="submit" value="Submit" />
</label></td>
</tr>
</table>
<table width="259" border="0">
<tr>
<td align="center">Sign Up</td>
</tr>
</table>
</form>
<p> </p>
</div>
</body>
</html>
login.php
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "User ID or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = #mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("lesson", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from info where password='$password' AND user_name='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: customer_login.php"); // Redirecting To Other Page
} else {
$error = "User ID or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>
customer_login.php
<?php
include('session_connect.php');
?>
<html>
<body>
<style type="text/css">
<!--
#apDiv1 {
position:absolute;
width:259px;
height:173px;
z-index:1;
left: 25px;
top: 92px;
}
-->
</style>
<div id="apDiv1">
<p>Email: <?php echo $email; ?> </p>
<p>Username: <?php echo $username; ?> </p>
<p>Password: <?php echo $password; ?> </p>
<p>Passport: <?php echo $photo; ?> </p>
</div>
</body>
</html>
session_connect.php
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = #mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("lesson", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select * from info where user_name='$user_check'", $connection);
$row=mysql_fetch_array($ses_sql);
$login_session =$row['user_name'];
$email = $row['email'];//." ".$row['vLastName'];
$username = $row['user_name'];
$password = $row['password'];
$photo = $row['photo'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
Instead the above code shows me the pathway in the database i want the actual image to show...thank you

When you store the Image path in the database, there must be a reference (Foreign key or similar) to the corresponding user.
Now, when the user loggs in, you check the table, where your image paths are declared for the specific user:
SELECT imgpath FROM imgpathstable WHERE userid = $loggedInUser["id"]
and then you can display an img tag with:
<?php
echo "<img href='$imgPath' ...

<?php
if(isset($_SESSION['Anyone']))
{
?>
<img src="<?php echo image path ?>"/>
<?php
}
?>

login displaying wrong username and password

I got this login form, it is then verified by the users.php file, but even tough the username and the password are on the database, it says the password is wrong. The database is working correctly and it's connected to the page.
Login form:
<?php
require_once('/funcoes/Users.php');
if( !empty($_POST)){
try{
$users = new OOP_Users();
$result = $users->login($_POST['username'], $_POST['password']);
if ( $result == 'ok'){
}
else{
echo "Username/Password erradas!!";
}
}
catch(Exception $e){
echo "Authentication error!";
}
}
else{
session_start();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body><?php
if(!isset($_SESSION['username'])){
?>
<form name="Formulario_Login" action="#" method="POST"/>
<table>
<tr>
<td> Username </td><td><input name="username" type="text" <span style="font-size: 15px;" ></input></td></tr>
<tr>
<td> Password </td><td><input name="password" type="password" <span style="font-size: 15px;"></input></td></tr></tr>
<td colspan="7"><input type="submit" value="Login"></td></tr>
</table>
<?php
}
else{
echo 'Welcome ' . $_SESSION['username'] . "! <br>".'Logout';
echo '<br>Alterar perfil';
echo '<br>Apagar conta';
}
?>
</body>
</html>
And in the users.php i got this function
Users.php:
public function login($username, $password){
$result = $this->_myDB->performQuery("SELECT * FROM `users` WHERE `username' = '$username' AND 'password' = '$password'");
if ( $result->num_rows != 1 ){
return ('Authentication error');
}
else{
session_start();
$_SESSION['username'] = $username;
return('ok');
}
}
Even tough i have the username "ines" and the password "ines123" on the database, every time i try to login i got the error: "Authentication error!"
Can anyone tell me what am i doing wrong?

how to show login username in php

how to show login username on home page
suppose if user name is admin when admin user log in own account then home page show
this username is admin
please see the links
now its showing like this
http://www.koolfree.com/ImageUpload/uploads/1380106000.jpg
and i want like this
http://www.koolfree.com/ImageUpload/uploads/1380025395.jpg
please help me to fix this issue
thanks
this is mysql tables
CREATE TABLE IF NOT EXISTS `member` (
`mem_id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(30) NOT NULL,
`password` varchar(30) NOT NULL,
`fname` varchar(30) NOT NULL,
`lname` varchar(30) NOT NULL,
`address` varchar(100) NOT NULL,
`contact` varchar(30) NOT NULL,
`picture` varchar(100) NOT NULL,
`gender` varchar(10) NOT NULL,
PRIMARY KEY (`mem_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;
This is index.php file
<?php
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_FIRST_NAME']);
unset($_SESSION['SESS_LAST_NAME']);
?>
<form name="loginform" action="login_exec.php" method="post">
<table width="309" border="0" align="center" cellpadding="2" cellspacing="5">
<tr>
<td colspan="2">
<!--the code bellow is used to display the message of the input validation-->
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
</td>
</tr>
<tr>
<td width="116"><div align="right">Username</div></td>
<td width="177"><input name="username" type="text" /></td>
</tr>
<tr>
<td><div align="right">Password</div></td>
<td><input name="password" type="text" /></td>
</tr>
<tr>
<td><div align="right"></div></td>
<td><input name="" type="submit" value="login" /></td>
</tr>
</table>
</form>
connection.php file
<?php
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "simple_login";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");
?>
this is login_exec.php file
<?php
//Start session
session_start();
//Include database connection details
require_once('connection.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = #trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$username = clean($_POST['username']);
$password = clean($_POST['password']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
//Create query
$qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: home.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
}
}else {
die("Query failed");
}
?>
this is auth.php file
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: index.php");
exit();
}
?>
and this is home.php file
<?php
require_once('auth.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style1 {
font-size: 36px;
font-weight: bold;
}
-->
</style>
</head>
<body>
<p align="center" class="style1">Login successfully </p>
<p align="center">This page is the home, you can put some stuff here......</p>
<p align="center">logout</p>
</body>
</html>

You should just be able to print out the username, since you set it in a session.
Provided you have session_start() at the top of your member's home page.
<?php
print $_SESSION['SESS_FIRST_NAME'];
?>
Should do the trick, seeing as that is set to the username.
A Quick note, try using something like Mysqli or PDO, because the mysql library isn't being developed anymore.

Put this in your home.php file:
...
<p align="center">username: <?php echo $_SESSION['SESS_FIRST_NAME']; ?></p>
<p align="center" class="style1">Login successfully </p>
...

try
<?php
echo $_SESSION['SESS_FIRST_NAME'];
?>

<?php
session_start();
require_once('auth.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style1 {
font-size: 36px;
font-weight: bold;
}
-->
</style>
</head>
<body>
<p align="center" class="style1">Username: <?php echo $_SESSION['SESS_FIRST_NAME']; ?> </p>
<p align="center" class="style1">Login successfully </p>
<p align="center">This page is the home, you can put some stuff here......</p>
<p align="center">logout</p>
</body>
</html>

Categories