Try echo out the $sql to see if it's ok.-HelgePHP Code:echo "<p>$sql</p>";
| SitePoint Sponsor |
Try echo out the $sql to see if it's ok.-HelgePHP Code:echo "<p>$sql</p>";
Aah, I found it! Of course it hadn't anything to do with the "include"-tag, thought so!
But one of the files I included had a PHP-command in it:
<?php session_destroy ?> (or something like it).
And of course that's where things went wrong!
So, I beat the forum, hehehehe and then I get a:
'till next time, I suppose!
------------------------------------------
"In a forum no one can here you cry"
------------------------------------------
I worked through Kevins tutorial a while ago and now I'm trying to apply what I learned to my latest project:
http://www.danielprendergast.co.uk/koko8/
The first problem I have is that I want to have some private pages and some free pages. So members can log in from anywhere in the site.
This is not too much of a problem; I think I could easily solve this on its own.
The main problem comes from the fact that my main design template has a user login form on every page of the site, not just on the private pages, as in Kevin's tutorial.
Now I just can't get my head round how to solve this problem, because it means I would need to include the accesscontrol.php script on every page in order to allow the user login form to work (even on the free pages/visitors section). I just can't work out if this actually is a problem or not, I'm just very confused how to tackle this.
My options at the moment seem to be to either redesign the free/visitors section pages so as not to have a login form on them at all. This would mean I could use the script pretty much as Kevin intended.
OR,
I can try to figure out how to make the code work on my current site designs.
Could anyone give me advice on which way to go ie how I would go about adapting the code and how complicated it would be for a newbie?
Hope this makes sense! Thanks
you'd have to create a second form on the non-protected pages that would start the session, instead of using the accesscontrol.php file on these pages.
try this: copy the code from accesscontrol.php into a new file called login.php.... then include login.php on your non-protected pages. have login.php show the login pages (if the user isn't logged in) but don't have it restrict access to the current page.
----
Myself, I'm interested in this:
(from the article)Members-only access to non-HTML files. Since PHP is equally capable of sending HTML and binary information, you could create a pass-through script that would only retrieve the requested file if a correct $uid/$pwd combination was found in the current session.
Any ideas on how to do this? (or where someone explains this?) And is this safe against direct requests?
need help to display user sign up info back to the user
hi kevin and other that can help
is there a way for me to display back to the user there sign in imformation once the logged (kinda like it does on the protect page when a user login and is greeted with there user name?
I want to display the user name address,company extra, on a page in the member area, so they can veiw there profile,
could you give me sample line that would work ?
also I want to add a form so the user can edit there contact info or password themselves once the have logged in
can i use the same form as my sign-up with a few changes that allow that allow them to edit and or delete to enter the new content?
here's and example :
$sql = new CDBMySQL("localhost", "username", "password", "dbname");
$sql -> Query ("SELECT fullname, userid FROM profiles");
while ($sql -> ReadRow()) {
echo $sql -> RowData["userid"] . ", ";
echo $sql -> RowData["fullname"] . "<br>";
}
would this display what i want? i just found this one
here my sample of my sign up input
$sql = "INSERT INTO profiles
SET userid = '$newid',
password = PASSWORD('$newpass'),
fullname = '$newname',
email = '$newemail',
notes = '$newnotes',
txtCompanyName = '$txtCompanyName',
txtTitle = '$txtTitle',
txtAddress1 = '$txtAddress1',
txtAddress2 = '$txtAddress2',
txtCity = '$txtCity',
ddmStateProvince = '$ddmStateProvince'";
now i want to display this content back to them after the sign up
so they can only view there own info and edit if the information has changed
Last edited by deuce777; Apr 9, 2003 at 13:51.
Hi Prendo,
I had much the same problem ans I solved it as follows: on every page of my site I've included a standard header.php and a standard nav-bar.php. In this nav-bar is the link to my "members-only" pages. So, when someone visits my site, he/she can surf around freely and on any page he/she can decide to login by clicking the button "Login" and proceed to the member-dept.! Quite simple, but I'm not sure if this is what you mean!!
Derfel
------------------------------------------
"In a forum no one can here you cry"
------------------------------------------
Of course!Originally Posted by deuce777
I tried the same thing, but in my experience it results in one large file. I've split it: on my members-pages I've included a button "View/edit my profile", which links to a member-page where the MySQL-things are located.
I'm not sure wether that would do the thing, My sollution was as follows:
<?php include("mem_accesscontrol.php");
/*
* Name: ~guest.php
* Author: Ad Verdaasdonk
* Created on: 09.03.2003 15:28:06
*/
$css="../css/mem_form.css";
include("mem_header.php");
include("mem_navbar.php");
blahblah
/* Connecting, selecting database */
$link = mysql_connect("host", "db", "pw")or die("Could not connect");
// print "Connected successfully";
mysql_select_db("memb") or die("Could not select database");
blahblah
$query = "SELECT $field FROM $db WHERE userid='$uid'";
$result = mysql_query($query) or die("Query failed");
/* Printing results in HTML */
print "<form action='mem_update.php' method='post'>";
print "<input type='hidden' name='uid' value='".$uid."'>";
print "<input type='hidden' name='db' value='".$db."'>";
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
foreach ($line as $key=>$elem) {
blahblah
print "<tr><td width='90'>".$veldnaam["$key"]."/td>";
print "<td width='200'>$elem</td>";
print "<td width='150'><input type='text' name='$key' size='30' maxlength='50' value='$elem'></td></tr>";
print "<input type='reset' value=' Cancel '> ";
print "<input type='submit' value=' Submit ' name='submit2'></center></td></tr>";
print "</table></center>";
print "</form>";
**************
Actually I've cut a few things out, but the principle should be clear, I hope. B.t.w.: I don't get this PHP-tag-thing to work correctly, I must be doing something wrong. Sorry. If someone could let me know how I should use them, please let me know! Thanx
------------------------------------------
"In a forum no one can here you cry"
------------------------------------------
as a novice in php/mySQL im having a bit of trouble with the script. it looks alright but when I press the submit button nothing happens. no warnings, no e-mail, no page switching, no DB entries. but I dont get errors either. how do I trace the error and how do I check if I have setup the db properly?
im running the scripts through phpdev on a local server if this has any influence..
should $dbhost in db.php be localhost or the name I have created for my db.
$dbuser and $dbpass are named to match the ones for my db. Are these db specific or are they tied with the visitor?
I know these are very beginner quation and properbly very easy but I still hope someone takes pity on me and help
For mySQL you have four variables:
1 - host - actual name of database server, usally 'localhost'
2 - database table - actual name of your database and not the server
3 - username/password
Normally you can leave Host, Username and Password blank but you DO need to set the database name. 8)
thx it helped. but it still seems like submitok is never set cause I can enter data in the db if I place the sql queries in the if part of the code but I can seems to execute any code after the else:
any ideas that might helpe me or do I need to post my code?
Ok - post the script again since this post goes back 5 pages 8)
<?php // signup.php
include("common.php");
include("db.php");
if (!isset($submitok)):
// Display the user signup form
?>
<html>
<head><title>New User Registration</title></head>
<body>
<h3>New User Registration Form</h3>
<p><font color=orangered size=+1><TT><B>*</B></TT></font>
indicates a required field</p>
<form method=post action="<?=$PHP_SELF?>">
<table border=0 cellpadding=0 cellspacing=5>
<tr>
<td align=right>
<p>User ID</p>
</td>
<td>
<input name=newid type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>Full Name</p>
</td>
<td>
<input name=newname type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>E-Mail Address</p>
</td>
<td>
<input name=newemail type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr valign=top>
<td align=right>
<p>Other Notes</p>
</td>
<td>
<textarea wrap name=newnotes rows=5 cols=30></textarea>
</td>
</tr>
<tr>
<td align=right colspan=2>
<hr noshade color=black>
<input type="reset" value="Reset Form">
<input type="submit" name="submitok" value=" OK ">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
else:
// Process signup submission
dbConnect('sessions');
if ($newid=="" or $newname=="" or $newemail=="") {
error("One or more required fields were left blank.\\n".
"Please fill them in and try again.");
}
// Check for existing user with the new id
$sql = "SELECT COUNT(*) FROM user WHERE userid = '$newid'";
$result = mysql_query($sql);
if (!$result) {
error("A database error occurred in processing your ".
"submission.\\nIf this error persists, please ".
"contact thhk@ofir.dk.");
}
if (mysql_result($result,0,0)>0) {
error("A user already exists with your chosen userid.\\n".
"Please try another.");
}
$newpass = substr(md5(time()),0,6);
$sql = "INSERT INTO user SET
userid = '$newid',
password = PASSWORD('$newpass'),
fullname = '$newname',
email = '$newemail',
notes = '$newnotes'";
if (!mysql_query($sql))
error("A database error occurred in processing your ".
"submission.\\nIf this error persists, please ".
"contact thhk@ofir.dk .");
// Email the new password to the person.
$message = "G'Day!
Your personal account for the Project Web Site
has been created! To log in, proceed to the
following address:
http://www.f1time.subnet.dk
Your personal login ID and password are as
follows:
userid: $newid
password: $newpass
You aren't stuck with this password! Your can
change it at any time after you have logged in.
If you have any problems, feel free to contact me at
<thhk@ofir.dk>.
-Thomas Karlsen
speedfreak Webmaster
";
mail($newemail,"Your Password for the Project Website",
$message, "From:Thomas Karlsen <thhk@ofir.dk>");
?>
<html>
<head><title> Registration Complete </title></head>
<body>
<p><strong>User registration successful!</strong></p>
<p>Your userid and password have been emailed to
<strong><?=$newemail?></strong>, the email address
you just provided in your registration form. To log in,
click <a href="homepage.htm">here</a> to return to the login
page, and enter your new personal userid and password.</p>
</body>
</html>
<?php
endif;
?>
I tried addind a
var_dump($submitok);
right befor the else: but its always comes out NULL
If the actual database insertion works okay then this is good; since many people make mistakes with database queries/insertions. 8)
As to why PHP isn't seeing that 'submitok' isn't set it may be due to you not using $_POST['submitok'] ?
I've assumed that register_globals is 'ON' since you've never used $_POST to get your variables back from the posted FORM.
Another thing is your HTML attributes should have double quotes around them - this may not be the problem but it doesn't exactly help the browser either.
If your register_globals is 'OFF' then use $_POST[...variable name here... ] in all of your script - which PHP version are you using BTW ? Since I can't see what is causing the problem it's self.
The variable 'submitok' should be set but don't know why. Sorry.
globals was off :P forgot to turn them on after reinstalling php.
it works fine after turning globals on but can I give an exampel of the $_POST[...variable name here... ] U mention cause globals might be off and the commercial server this will eventually go to. or can I just set globals on in htaccess.
btw many thx for ur help I really apreciate it
Under no circumstance switch globals ON - If you've got them ON in your local dev box, then switch them OFF.
Leaving them ON poses a security risk in so many ways it's hard to believe that PHP actually took off the way it has. LoL
To read in a variable from the url query string, use $_GET['id'] for example:
...mydomain.com?id=10
Or for a FORM post with method = 'post' use:
It still amazes me the amount of people who install PHP and don't bother to check the register_globals 8)PHP Code:$id = $_POST['id'];
In fact, if your using anything less than version 4.2.x then upgrade as well since by default register_globals is OFF 8)
Hey guys, I could use a little help here. I went through the tutorial and eventually figured out that I had to use $_POST['variable'], but I'm still having problems. On the signup page, every time I submit the form I get the error message: "A database error occurred in your submission...". What could be the prob here?
Here's the code:
Code:<html> <head><title>New User Registration</title></head> <body> <?php // signup.php include("common.php"); include("db.php"); if (!isset($_POST['submitok'])): //Show signup form ?> <h3>New User Registration Form</h3> <p><font color=orangered size=+1><TT><B>*</B></TT></font> indicates a required field</p> <form method=post action="<?=$PHP_SELF?>"> <table border=0 cellpadding=0 cellspacing=5> <tr> <td align=right> <p>User ID</p> </td> <td> <input name=newid type=text maxlength=100 size=25> <font color=orangered size=+1><TT><B>*</B></TT></font> </td> </tr> <tr> <td align=right> <p>Password</p> </td> <td> <input name=pw type=text maxlength=100 size=25> <font color=orangered size=+1><TT><B>*</B></TT></font> </td> </tr> <tr> <td align=right> <p>Full Name</p> </td> <td> <input name=newname type=text maxlength=100 size=25> <font color=orangered size=+1><TT><B>*</B></TT></font> </td> </tr> <tr> <td align=right> <p>E-Mail Address</p> </td> <td> <input name=newemail type=text maxlength=100 size=25> <font color=orangered size=+1><TT><B>*</B></TT></font> </td> </tr> <tr valign=top> <td align=right> <p>Other Notes</p> </td> <td> <textarea wrap name=newnotes rows=5 cols=30></textarea> </td> </tr> <tr> <td align=right colspan=2> <hr noshade color=black> <input type=reset value="Reset Form"> <input type=submit name="submitok" value=" OK "> </td> </tr> </table> </form> </body> </html> <?php else: // Process signup submission dbConnect('test'); // Make sure all fields are filled in if ($_POST['newid']=="" or $_POST['newname']=="" or $_POST['newemail']=="") { error("One or more required fields were left blank.\\n". "Please fill them in and try again."); } // Check for existing user with the new id $sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'"; $result = mysql_query($sql); if (!$result) { error("A database error occurred in processing your ". "submission.\\nIf this error persists, please ". "contact me."); } if (@mysql_result($result,0,0)>0) { error("A user already exists with your chosen userid.\\n". "Please try another."); } // Creates a random password //$newpass = substr(md5(time()),0,6); // Insert the new information into the databse $sql = "INSERT INTO user SET userid = '$newid', password = '$pw, fullname = '$newname', email = '$newemail', notes = '$newnotes'"; if (!mysql_query($sql)) error("A database error occurred in processing your ". "submission.\\nIf this error persists, please ". "contact me."); // Email the new password to the person. $message = "G'Day!
Can you post again though use the PHP brackets and not the CODE ones ?
oops, my bad.
PHP Code:<html>
<head><title>New User Registration</title></head>
<body>
<?php // signup.php
include("common.php");
include("db.php");
if (!isset($_POST['submitok'])):
//Show signup form
?>
<h3>New User Registration Form</h3>
<p><font color=orangered size=+1><TT><B>*</B></TT></font>
indicates a required field</p>
<form method=post action="<?=$PHP_SELF?>">
<table border=0 cellpadding=0 cellspacing=5>
<tr>
<td align=right>
<p>User ID</p>
</td>
<td>
<input name=newid type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>Password</p>
</td>
<td>
<input name=pw type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>Full Name</p>
</td>
<td>
<input name=newname type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>E-Mail Address</p>
</td>
<td>
<input name=newemail type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr valign=top>
<td align=right>
<p>Other Notes</p>
</td>
<td>
<textarea wrap name=newnotes rows=5 cols=30></textarea>
</td>
</tr>
<tr>
<td align=right colspan=2>
<hr noshade color=black>
<input type=reset value="Reset Form">
<input type=submit name="submitok" value=" OK ">
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
else:
// Process signup submission
dbConnect('test');
// Make sure all fields are filled in
if ($_POST['newid']=="" or $_POST['newname']=="" or $_POST['newemail']=="") {
error("One or more required fields were left blank.\\n".
"Please fill them in and try again.");
}
// Check for existing user with the new id
$sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
$result = mysql_query($sql);
if (!$result) {
error("A database error occurred in processing your ".
"submission.\\nIf this error persists, please ".
"contact me.");
}
if (@mysql_result($result,0,0)>0) {
error("A user already exists with your chosen userid.\\n".
"Please try another.");
}
// Creates a random password
//$newpass = substr(md5(time()),0,6);
// Insert the new information into the databse
$sql = "INSERT INTO user SET
userid = '$newid',
password = '$pw,
fullname = '$newname',
email = '$newemail',
notes = '$newnotes'";
if (!mysql_query($sql))
error("A database error occurred in processing your ".
"submission.\\nIf this error persists, please ".
"contact me.");
// Email the new password to the person.
$message = "G'Day!
hello Kevin i have added a place in my members only area where the user can view there profile, now that i have down that i would like to add a form where they can edit the profile ,without me having to do it,
here my sample form what else do i need to for them to edit (example to start there passwords )
<?php include("accesscontrol.php"); ?>
<html>
<head>
<title>Customer_profile</title>
</head>
<body>
<p>Welcome, <?=$username?>! You have entered your area
of the site. Don't you feel special?
<p>Email:
<?=$email?>
<br>
Company Name:
<?=$txtCompanyName?>
<br>
Title:
<?=$txtTitle?>
<br>
Address1:
<?=$txtAddress1?>
<br>
Address2:
<?=$txtAddress2?>
<br>
City
<?=$txtCity?>
<br>
OtherStateProvince:
<?=$txtOtherStateProvince?>
<br>
Country:
<?=$ddmCountry?>
<br>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?>
<?=$notes?></p>
<form method=post action="<?=$PHP_SELF?>">
<input name=newemail type=text maxlength=100 size=25>
Enter New Password
<td align=right colspan=2> <hr noshade color=black>
<p>
<input type=reset value="Reset Form">
<input type=submit name="submitok" value=" Create New Password ">
</p>
</form>
and after they sumit the change it e-mails them there changes
and brings them to a comfirmation page...
if you could help it would be wick or anyone else feel free too
thanks for the help with the new feilds
Could you help me with a part now once the user has login i want them to be able to change there password
how can I do this
example of what i'm working in the member area i have a page where they can view there sign up info,on this page i want to add a form so they can edit if needed and so it e-mail them the new info with me have to do it for them my example below:
<?php include("accesscontrol.php"); ?>
<html>
<head>
<title>Customer_profile</title>
</head>
<body>
<p>Welcome,
<?=$username?>
! You have entered your profile area of the site.
<p>Email:
<?=$email?>
<br>
Company Name:
<?=$txtCompanyName?>
<br>
Title:
<?=$txtTitle?>
<br>
Address1:
<?=$txtAddress1?>
<br>
Address2:
<?=$txtAddress2?>
<br>
City
<?=$txtCity?>
<br>
OtherStateProvince:
<?=$txtOtherStateProvince?>
<br>
Country:
<?=$ddmCountry?>
<br>
OtherCountry:
<?=$txtOtherCountry?>
<br>
PostalCode:
<?=$txtPostalCode?>
<br>
Phone:
<?=$txtPhone?>
<br>
Extension:
<?=$txtExtension?>
<br>
Fax:
<?=$txtFax?>
<br>
Salutation:
<?=$rdbSalutation?>
<br>
URL:
<?=$txtURL?>
<br>
BusinessType:
<?=$txtBusinessType?>
</p>
<form method=post action="<?=$PHP_SELF?>">
<input name=newemail type=text maxlength=100 size=25>
Enter New Password
<td align=right colspan=2> <hr noshade color=black>
<p>
<input type=reset value="Reset Form">
<input type=submit name="submitok" value=" Create New Password ">
</p>
</form>
</body>
</html>
also how come the have to sign in agian when they view this page when there already signed in ?
here's what I've been trying?PHP Code:[QUOTE]
Hi Kevin how can I get this to work so my users can change there passwords? i not sure what the html header means either
<?
include('accesscontrol.php');
if ($chgpw == ""):
html_header(); // Print standard page header
?>
<p>This page will become a little more functional later,
but for now you can change your password if you wish:</p>
<form action="<?=$PHP_SELF?>" method=post>
<center>
<table border=0 cellpadding=0 cellspacing=0>
<tr>
<td align=right><p>New password: <input
type=password name=newpw></td>
</tr>
<tr>
<td align=right><p>Retype: <input type=password
name=newpw2></td>
</tr>
<tr>
<td align=right><input type=submit name=chgpw
value=" OK "></td>
</tr>
</table>
</form>
<?
else:
if ($newpw != $newpw2) {
error_message("The two password fields did
not match! Please try again.");
}
if ($newpw == "") {
error_message("You did not provide a
password. Please try again.");
}
$sql = "UPDATE user SET password=PASSWORD('$newpw')
WHERE userid='$userid'";
if (mysql_query($sql)):
// Update the password in the user's session
$userpassword=$newpw;
html_header();
?>
<p><STRONG>Password change successful!</STRONG></p>
<p>Your password has been changed! Click
<a href="index.php">here</a> to return to the main page of
the Web site.</p>
<?
else:
error_message("A database error occurred
while processing your request.\\nIf the problem persists,
please contact [email]you@email.com[/email].\\n".
mysql_error());
endif;
endif;
html_footer();
?>
[/QUOTE]
<?php include("accesscontrol.php"); ?>
<html>
<head>
<title>Customer_profile</title>
</head>
<body>
<p>Welcome,
<?=$username?>
! You have entered your profile area of the site.
<p>Email:
<?=$email?>
<br>
Company Name:
<?=$txtCompanyName?>
<br>
Title:
<?=$txtTitle?>
<br>
Address1:
<?=$txtAddress1?>
<br>
Address2:
<?=$txtAddress2?>
<br>
City
<?=$txtCity?>
<br>
OtherStateProvince:
<?=$txtOtherStateProvince?>
<br>
Country:
<?=$ddmCountry?>
<br>
OtherCountry:
<?=$txtOtherCountry?>
<br>
PostalCode:
<?=$txtPostalCode?>
<br>
Phone:
<?=$txtPhone?>
<br>
Extension:
<?=$txtExtension?>
<br>
Fax:
<?=$txtFax?>
<br>
Salutation:
<?=$rdbSalutation?>
<br>
URL:
<?=$txtURL?>
<br>
BusinessType:
<?=$txtBusinessType?>
</p>
</body>
</html>
<?
include('accesscontrol.php');
if ($chgpw == "" ):
html_header(); // Print standard page header
?>
<p>This page will become a little more functional later,
but for now you can change your password if you wish
<form action="<?=$PHP_SELF?>" method=post>
<center>
<table border=0 cellpadding=0 cellspacing=0>
<tr>
<td align=right><p>New password: <input
type=password name=newpw></td>
</tr>
<tr>
<td align=right><p>Retype: <input type=password
name=newpw2></td>
</tr>
<tr>
<td align=right><input type=submit name=chgpw
value=" OK "></td>
</tr>
</table>
</form>
<?
else:
if ($newpw != $newpw2) {
error_message("The two password fields did
not match! Please try again." );
}
if ($newpw == "" ) {
error_message("You did not provide a
password. Please try again." );
}
$sql = "UPDATE user SET password=PASSWORD('$newpw')
WHERE userid='$userid'";
if (mysql_query($sql)):
// Update the password in the user's session
$userpassword=$newpw;
html_header();
?>
<p><STRONG>Password change successful!</STRONG></p>
<p>Your password has been changed! Click
<a href="http://copyexpress.ca/members/Members-Only.php">here</a> to return to the main page of
the Web site.</p>
<?
else:
error_message("A database error occurred
while processing your request.\\nIf the problem persists,
please contact you@email.com.\\n".
mysql_error());
endif;
endif;
html_footer();
?>
i've looked trough this tread but still cant understand why the script forget the login from page to page and keeps asking it again and again.
here's my accesscontrol.php code:
<?php session_start();
include("common.php");
include("db.php");
$uid=$_POST['uid'];
$pwd=$_POST['pwd'];
if(!isset($uid)) {
?>
<html>
<head>
<title> Please Log In for Access </title>
<link rel = "Stylesheet" type="text/css" href = "php.css" />
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<form method="post" action="<?=$PHP_SELF?>">
<table summary = "">
<tr>
<td>User ID
<td><input type="text" name="uid" size="8"></td>
</tr>
<tr>
<td>Password
<td><input type="password" name="pwd" SIZE="8"></td>
</tr>
<tr>
<td><input type="submit" value="Log in"></td>
<td></td>
</tr>
</table>
</form>
</body>
</html>
<?php
exit;
}
session_register("uid");
session_register("pwd");
dbConnect("sessions");
$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error("A database error occurred while checking your ".
"login details.\\nIf this error persists, please ".
"contact a@a.com.");
}
if (mysql_num_rows($result) == 0) {
session_unregister("uid");
session_unregister("pwd");
?>
<html>
<head>
<title> Access Denied </title>
<link rel = "Stylesheet" type="text/css" href = "php.css" />
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$PHP_SELF?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,"fullname");
?>
What have i wrong in this?
Replace thiswith thisCode:$uid=$_POST['uid']; $pwd=$_POST['pwd'];The problem was that your script was checking for a valid login by checking if the uid and pwd values had been submitted ($_POST) and was ignoring cases where they were stored in the user's session.Code:$uid=(isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid']); $pwd=(isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd']);
Kevin Yank
CTO, sitepoint.com
I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
Baby’s got back—a hard back, that is: The Ultimate CSS Reference
Ufffffffff!
Finally got it ok!
thanks a lot!
Posting Permissions
Bookmarks