I have a Login script that is on my home page for my Login form that is also on my home page. When the user submits the form to Login he/she submits his/her username and password.
The database that the script accesses has the Username, Password, and Email Address stored from the users registration.
Once the user logs in successfully, he/she is redirected to a page that loads their previous "reviews" on the page which are stored within a different table within the same database.
I need to send the email from one table to the query on the redirected page.
Here is the code of my PHP code that processes the Login:
<?php
//If the user has submitted the form
if(isset($_REQUEST['username'])){
//protect the posted value then store them to variables
$username = protect($_POST['username']);
$password = protect($_POST['password']);
//Check if the username or password boxes were not filled in
if(!$username || !$password){
//if not display an error message
echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
}else{
//if they were continue checking
//select all rows from the table where the username matches the one entered by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$num = mysql_num_rows($res);
//check if there was no match
if($num == 0){
//if none, display an error message
echo "<center>The <b>Username</b> you supplied does not exist!</center>";
}else{
//if there was a match continue checking
//select all rows where the username and password match the ones submitted by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
$num = mysql_num_rows($res);
//check if there was no match
if($num == 0){
//if none display error message
echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
}else{
//if there was continue checking
//split all fields from the correct row into an associative array
$row = mysql_fetch_assoc($res);
//check to see if the user has not activated their account yet
if($row['active'] != 1){
//if not display error message
echo "<center>You have not yet <b>Activated</b> your account!</center>";
}else{
//if they have log them in
//set the login session storing there id - we use this to see if they are logged in or not
$_SESSION['uid'] = $row['id'];
//update the online field to 50 seconds into the future
$time = date('U')+50;
mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
//redirect them to the usersonline page
echo 'REDIRECT';
}
}
}
}
exit;
}
?>
Here is the PHP Code that is on the Re-directed to page:
<?php
$con=mysqli_connect("","","","");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM comments
WHERE email='$_POST[email]' ORDER BY dt");
while($row = mysqli_fetch_array($result))
{
echo $row['dt'] ." " . $row['email'] . " " . $row['body'];
echo "<br>";
echo "<br>";
}
?>
I need to add something to the first code to pick up the email address out of the table it uses to verify the Login information and send it to the second code to receive the "reviews." I have tried googling an answer and came up with nothing. Please help!
Since you have used the $_SESSION array in your code(which maybe is copied from somewhere), you can similarly store the email address in the same array.
$_SESSION['email'] = $row['email'];
In the later page, you'd need to replace $_POST['email'] with $_SESSION['email'].
Related
In my page, I have:
1. Registration Page
2. Login Page
3. Successful Registration Page
4. Referral Form
In my registration Page, User can register thru this.
In my Log-in page, I have two types of user, Applicant and Employee
In my Successful Registration Page, there will be a button there going to Referral Form.
In my Referral Form Page, I have a modal there to update referral information provided by the user during the registration.
The following information are:
Referrer ID
Fullname
Current Position
ContactID
Email Address
MObile Number
Member Since
If you created an account on my page, either you are a Applicant or Employee, if you successfully register, my successful registration page will prompt to you and once you have click the button going to Referral Form The following information will be displayed to your referral information based on you supplied during the registration.
If you register as an Applicant, your Referrer ID is always set into 0 and you may edit it thru Referral Form Page
or if you register as an Employee, your Referrer ID is based on you provide during the registration._
Example:
Referrer ID (Allowed to edit if you register as an applicant)
Fullname Sherlock Holmes
Current Position (This has no value and may be edit once you created an account)
ContactID CON12344
Email Address SherlockHolmes#gmail.com
MObile Number +987676758857
Member Since 2014-05-06 04:41:21
Here's my problem that I encounter.
I created an account and Successful registration page prompt to me, and I click the button going to Referral Form Page to edit my information. I edit it and Log-it out and try to relog-in, My Information updated and now reflecting on my Information. It works well.
But
When I created an account and promt successful registration page and click the button going to referral form page, If I did not edited my information and tried to log it out and try to re-login, my information becomes having all null values. LIke this,
Referrer ID 0
Fullname
Current Position
ContactID
Email Address
MObile Number
Member Since
Which was incorrect because even I did not edit my information, my information should just becomes like this.
Referrer ID 0(You can edit it)
Fullname Sherlock Holmes
Current Position (You can edit it)
ContactID CON12345678
Email Address sherlockholmes#gmail.com (You can edit it)
MObile Number +93456789 (You can edit it)
Member Since 2014-05-06 04:41:21
Problem Occurs when I didn't edit my information for a new created account, but when I edit it before I log it out, it's okay.
here is my Successful registration PHp
<?php
include('../include/dbconnection.php');
include('../include/functions.php');
if(!isset($_SESSION))
{
session_start();
}
$empid = $_SESSION['SESS_EMP_ID'];
$conid = $_SESSION['SESS_CONID'];
$fName = $_SESSION['SESS_FIRSTNAME'];
$lName = $_SESSION['SESS_LASTNAME'];
$contactNo = $_SESSION['SESS_CONTACT_NO'];
$mobile = $_SESSION['SESS_MOBILE'];
$email = $_SESSION['SESS_EMAIL'];
$bday = $_SESSION['SESS_BDAY'];
if($conid == '')
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.location.href='index.php';
</SCRIPT>");
}
else
{
//Nothing
}
?>
Here is my code in Referral Form
/**** Start Session ****/
session_start();
//Check whether the session variable SESS_EMP_ID is present or not
if(!isset($_SESSION['SESS_EMP_ID']) || (trim($_SESSION['SESS_EMP_ID']) == '')) {
header("Location: LoginPage.php");
exit();
}
/**** End ****/
/**** Redirects automatically to index ****/
header("Refresh: 15 * 60; url=index.php");
/**** End ****/
/**** authentication ****/
//require_once('../function/auth_emp.php');
/**** End ****/
$empid = $_SESSION['SESS_EMP_ID'];
$bdate = $_SESSION['SESS_BDAY'];
/**** Database connection ****/
require_once('../include/config.php');
/**** End ****/
include'../GlobalConstants.php';
include_once ('../refer/updateInfo.php');
mysql_select_db($db_name, $con) or die("ERR_COULD_NOT_SEE_DB");
if($empid == 0)
{
$fname = $_SESSION['SESS_FIRSTNAME'];
$lname = $_SESSION['SESS_LASTNAME'];
$bdate = $_SESSION['SESS_BDAY'];
$pos = $_SESSION['SESS_POSITION'];
$empid = $_SESSION['SESS_EMP_ID'];
$qry= "SELECT vtiger_contactdetails.firstname,
vtiger_contactdetails.contact_no,
vtiger_contactscf.cf_703,
vtiger_contactscf.cf_715,
vtiger_contactscf.cf_717,
vtiger_contactdetails.email,
vtiger_contactdetails.lastname,
vtiger_contactdetails.mobile,
vtiger_contactdetails.contactid,
vtiger_crmentity.createdtime
FROM vtiger_contactdetails
INNER JOIN vtiger_contactscf
ON vtiger_contactdetails.contactid = vtiger_contactscf.contactid
INNER JOIN vtiger_crmentity
ON vtiger_contactdetails.contactid = vtiger_crmentity.crmid
INNER JOIN vtiger_contactsubdetails
ON vtiger_contactsubdetails.contactsubscriptionid= vtiger_contactdetails.contactid
WHERE vtiger_contactdetails.firstname = '".$fname."'
AND vtiger_contactdetails.lastname = '".$lname."'
AND vtiger_contactsubdetails.birthday = '".$bdate."'";
$result = mysql_query($qry);
} else
{
$qry= "SELECT vtiger_contactdetails.firstname,
vtiger_contactdetails.contact_no,
vtiger_contactscf.cf_703,
vtiger_contactscf.cf_715,
vtiger_contactscf.cf_717,
vtiger_contactdetails.email,
vtiger_contactdetails.lastname,
vtiger_contactdetails.mobile,
vtiger_contactdetails.contactid,
vtiger_crmentity.createdtime
FROM vtiger_contactdetails
INNER JOIN vtiger_contactscf
ON vtiger_contactdetails.contactid = vtiger_contactscf.contactid
INNER JOIN vtiger_crmentity
ON vtiger_contactdetails.contactid = vtiger_crmentity.crmid
WHERE vtiger_contactscf.cf_739 = '".$empid."'";
$result = mysql_query($qry);
}
if($result)
{
if(mysql_num_rows($result)> 0)
{
$row = mysql_fetch_assoc($result);
$contact_no = $row['contact_no'];
$fname = $row['firstname'];
$mname = $row['cf_703'];
$lname = $row['lastname'];
$mobile = $row['mobile'];
$pos = $row['cf_715'];
$program = $row['cf_717'];
$email = $row['email'];
$conid = $row['contactid'];
$memberdate = $row['createdtime'];
}
}
$erp = "ERP";
/**** Stores the firstname and lastname in the session ****/
$_SESSION['SESS_EMP_ID'] = $empid;
$_SESSION['SESS_CONID'] = $conid;
$_SESSION['SESS_FIRSTNAME'] = $fname;
$_SESSION['SESS_MIDDLENAME'] = $mname;
$_SESSION['SESS_LASTNAME'] = $lname;
$_SESSION['SESS_MOBILE'] = $mobile;
$_SESSION['SESS_EMAIL'] = $email;
$_SESSION['SESS_POSITION'] = $pos;
$_SESSION['SESS_GEN'] =$erp;
$_SESSION['login_time'] = time();
?>
Do I have problem passing the session variable when the user didn;t fill up the information after they created an account?
If user edit and fill up all information and try to relogout and relogin. It seems okay and works.
But after user created an account, and If he didn;t edit the information and log it out and try to relogin, it does not reflect the values. Can you help me with this
I made a login system and it works but I also have the user's session in the page after login.
How can I get user data from my database by referencing the user's session, and how can I update it when the user put what they going to change
<?php
session_start();
$query=mysql_query("SELECT username, email, password FROM user WHERE username = $_SESSION['username']");
while($row = mysql_fetch_array( $query )) {
echo .row['username'];
echo .row['email'];
echo .row ['password'];
?>
In new codes you should be using mysqli if your PHP version is high enough (if not... update...)
But here you go:
<?php
session_start();
$query = mysql_query("SELECT * FROM user WHERE username = {$_SESSION['username']}");
$row = mysql_fetch_assoc($query);
echo $row['username'];
echo $row['email'];
echo $row ['password'];
?>
Oh and the update:
<?php
$query = mysql_query("UPDATE user SET username={$_POST['username']}, email={$_POST['email']}, password={$_POST['password']} WHERE username={$_SESSION['username']}");
?>
And you should make a form for that..
The answer of Cris is almost perfect and well explained. But it is missing the quotes for the string in the statement.
As the col username will most likely be a varchar of any length.
$query = mysql_query("SELECT * FROM user WHERE username = '{$_SESSION['username']}'");
I'm currently creating a website where the user can login to an account. For this I need to check if the email and password that has been submitted by the user is the same as those in the MySQL database.
This is my code for this;
<h2> Log in to an existing account </h2>
<form action = "account.php" method = "POST" id = "log">
<p><label> Email </label> <input type = "text" name = "logmail" ></p>
<p><label> Password </label> <input type = "password" name = "logpass"></p>
<p><input type = "submit" value = "Log in"></p>
if(!empty($_POST['logmail']) && !empty($_POST['logpass']))
{
$sql = ("SELECT customer_mail FROM customer_user WHERE customer_mail = '{$_POST['logmail']}'");
$sql2 = ("SELECT customer_pass FROM customer_user WHERE customer_pass = '{$_POST['logpass']}'");
$stmt = $dbh->prepare($sql);
$stmt2 = $dbh->prepare($sql2);
$stmt->execute();
$stmt2->execute();
var_dump($stmt->fetch());
var_dump($_POST['logmail']);
var_dump($stmt2->fetch());
var_dump($_POST['logpass']);
if($stmt->fetch()[0] == $_POST['logmail'])
{
if($stmt->fetch()[0] == $_POST['logpass'])
{
echo "Logged in";
}
else
{
echo "Wrong password";
}
}
else
{
?> <h2> Wrong email </h2> <?php
}
}
When I try to run this, the var_dumps gives me an arrays stmt->fetch() and stmt2->fetch. In position 0 of those arrays are the emails and passwords of the account I'm trying to login to. They are also the same as what I type into the fields in the form. The var_dumps for the $_POST confirms this.
But even thought they are the exact same, it doesn't trigger the If statement.
Does anyone know why this might be?
Why not fetchColumn() ? fetchColumn will by default return the first column of the next row instead of returning the entire row.
I didn't realize you were on the same table before. For a login form, you should be doing this a bit different in my opinion.
You should hash the password with a unique salt for each user. You should never store plain text passwords in your database.
You really only need one query:
$sql = ("SELECT customer_pass FROM customer_user WHERE customer_mail = ?");
Then you can compare the passwords (hopefully hashed)
Use one SQL query
$sql = ("SELECT customer_pass FROM customer_user WHERE customer_mail = ?");
$stm = $dbh->prepare($sql);
$stm->setFetchMode(PDO::FETCH_ASSOC);
$stm->execute($_POST['logmail']);
if ($stm && $stm->rowCount() == 1) {
$result = $stm->fetch();
if ($result['customer_pass'] === $_POST['logmail']) {
// Login
} else {
echo 'Wrong Password';
}
} else {
echo 'Email does not exist';
}
Next time get in the habit of Encrypting password while Registering and Login using SHA256 and Salt.
I have a html page that sends value pass to log.php :
<?php
$PHONE = $_POST['pass'];
mysql_connect('host.com', 'user', 'pass'); mysql_select_db('userdb');
$results = mysql_query(sprintf("SELECT FNAME,LNAME FROM `details` WHERE PASS='$PASS'",
mysql_real_escape_string($PASS))) or die(mysql_error()); while($row = mysql_fetch_assoc($results))
{ $rows[1] = $row; }
echo "Welcome ";
echo "$rows[1][FNAME]." ".$rows[1][LNAME]"
echo " you are logged in successfully"
?>
I get the result in log.php file in this form when value 'pass' is not being registered in database:
Welcome [//here user's first & last name if registered or remains blank] you are logged in successfully
I have table 'details' created
FNAME-First name
LNAME-Lastname
BIRTHDAY-Birthday
PHONE- user's no.
PASS- user's password.
My Question is , I want to just display ' You are not registered user' when pass value is not been registered in the database.Any help would be greatfull ?
Just check if you actually get a record or not using mysql_num_rows,
$results = mysql_query(sprintf("SELECT FNAME,LNAME FROM `details` WHERE PASS='$PASS'",
mysql_real_escape_string($PASS))) or die(mysql_error());
if(mysql_num_rows($results) > 0){
while($row = mysql_fetch_assoc($results))
{
$rows[1] = $row;
}
echo "Welcome ";
echo $rows[1]['FNAME']." ".$rows[1]['LNAME'];
echo "You are logged in successfully";
}
else{
//Redirect them back with error message
header("Location: http://www.example.com/index.php?err='You are not registered user'");
}
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
You took value in $phone variable for password and in select query used PASS= $PASS so how can it run?
Change this then run like below:
$results = mysql_query(sprintf("SELECT FNAME,LNAME FROM `details` WHERE PASS='$PHONE'",
mysql_real_escape_string($PHONE))) or die(mysql_error());
if(empty($rows[1][FNAME])){
echo 'You are not registered user';
}
else{
echo "Welcome ";
echo "$rows[1][FNAME]." ".$rows[1][LNAME]";
echo " you are logged in successfully";
}
I am trying to enter new information into a database everytime a user clicks a submit button in my form. It works perfectly but it only works one time. So it will enter one row into the database and after that if the user fill out the form again and clicks submit no information will be entered into the database until i delete the previous row so it works if the database is empty. Here is my code to enter it into the database if you need more info to help let me know i will rate u up and everything thanks in advance
if($_POST['submit']){
$query = mysql_query("SELECT * FROM chanels WHERE cname = '$cname'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
echo "You Channel has already been added. Go back your <a
href='./memberpage.php'>Station Page.</a>";
}else{
if($_POST['description']){
$description = $_POST['description'];
if(strlen($description) < 250 ){
$code = $_GET['code'];
$category = $_POST['category'];
mysql_query("INSERT INTO chanels VALUES
('','$code','$cname','$category','$description',''
)");
echo "You Channel has been added. Go back your <a
href='./memberpage.php'>Station Page.</a>";
}else
echo "Your description must be less than 250 characters!";
}else
echo "You must enter a description!";
}
}
Your if else statement has limited the functionality.
You can add one row because of the line
if($numrows == 1){
after you add one row, the if statement condition is met, $numrows =1. At this point the else statement where you actually add rows to the database never runs!
You have a conditional specifying, if a record exist for the cname, don't do anything. I think that might have something to do with your insert only executing once. I don't know what the cname is, and if the cname differs after each submit, but if it doesn't you will never be able to get into the else conditional.
$query = mysql_query("SELECT * FROM chanels WHERE cname = '$cname'");
$numrows = mysql_num_rows($query);
if($numrows == 1){
echo "You Channel has already been added. Go back your <a href='./memberpage.php'>Station Page.</a>";
}