I have a login scrip (downloaded from the internet) that I have adapted to my database. I However have a problem with linking from the login to a page in my system with details of the user that has logged in.
The users table on which the login system is based has the following fields
idint(11) NOT NULL AUTO_INCREMENT,usernamevarchar(18) NOT NULL,first_namevarchar(32) NOT NULL,last_namevarchar(32) NOT NULL,gendervarchar(15) NOT NULL DEFAULT 'undisclosed',biotext NOT NULL,image_locationvarchar(125) NOT NULL DEFAULT 'avatars/default_avatar.png',passwordvarchar(512) NOT NULL,emailvarchar(1024) NOT NULL,email_codevarchar(100) NOT NULL,timeint(11) NOT NULL,confirmedint(11) NOT NULL DEFAULT '0',generated_stringvarchar(35) NOT NULL DEFAULT '0',ipvarchar(32) NOT NULL,EmployeeIDint(11) DEFAULT '0',
PRIMARY KEY (id`)
The table that holds the user details has among other the following fields
CREATE TABLE IF NOT EXISTS chidren (ChildID int(11) NOT NULL AUTO_INCREMENT,EmployeeID int(11) DEFAULT '0',ChildName varchar(50) DEFAULT NULL,DateOfBirth datetime DEFAULT NULL,Mother varchar(50) DEFAULT NULL,Comment longtext,Clerk varchar(50) DEFAULT NULL,Picture longblob,Pic longblob,
PRIMARY KEY (ChildID),
KEY ChildID (ChildID),
KEY EmployeeID (EmployeeID)
As you can note the two tables are connected using the EmployeeID field.(Just to make it clear, when a user has registered when activating his account the Systems admin will key in his EmployeeID into the Users Table.)
The login script from which the user will be directed to his/her page is this
<?php
require 'core/init.php';
$general->logged_in_protect();
if (empty($_POST) === false) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Sorry, but we need your username and password.';
} else if ($users->user_exists($username) === false) {
$errors[] = 'Sorry that username doesn\'t exists.';
} else if ($users->email_confirmed($username) === false) {
$errors[] = 'Sorry, but you need to activate your account.
Please check your email.';
} else {
if (strlen($password) > 18) {
$errors[] = 'The password should be less than 18 characters, without spacing.';
}
$login = $users->login($username, $password);
if ($login === false) {
$errors[] = 'Sorry, that username/password is invalid';
}else {
session_regenerate_id(true);// destroying the old session id and creating a new one
$_SESSION['id'] = $login;
header('Location: home.php');
exit();
}
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/style.css" >
<title>Login</title>
</head>
<body>
<div id="container">
<?php include 'includes/menu.php'; ?>
<h1>Login</h1>
<?php
if(empty($errors) === false){
echo '<p>' . implode('</p><p>', $errors) . '</p>';
}
?>
<form method="post" action="">
<h4>Username:</h4>
<input type="text" name="username" value="<?php if(isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
<h4>Password:</h4>
<input type="password" name="password" />
<br>
<input type="submit" name="submit" />
</form>
<br>
<a href="confirm-recover.php">Forgot your username/password?</a>
</div>
</body>
</html>
The home page that came with the login script is this (I have inluded this just in case it helps to solve my problem)
<?php
require 'core/init.php';
$general->logged_out_protect();
$username = htmlentities($user['username']); // storing the user's username after clearning for any html tags.
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/style.css" >
<title>Home</title>
</head>
<body>
<div id="container">
<?php include 'includes/menu.php'; ?>
<h1>Hello <?php echo $username, '!'; ?></h1>
</div>
</body>
</html>
******************************************************************************
and here is my page which unfortunately is failing.
<html>
<head>
<link rel="stylesheet" type="text/css" href="mystyle.css" />
<title></title>
</head>
<body>
<?php
require 'core/init.php';
$general->logged_out_protect();
// query db and get date only for the user that logged in. Used GROUP BY because one employee will have more than one child
$EmployeeID = $_GET['EmployeeID'];
$result = mysql_query("SELECT * FROM children WHERE EmployeeID=$EmployeeID
GROUP BY holder.EmployeeID")
or die(mysql_error());
// display data in table
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>Child Name</th> <th>Mother</th> <th>Date of Birth</th> ";
while($row = mysql_fetch_array( $result )) {
// echo out the contents of each row into a table
echo "<tr>";
//echo '<td>' . $row['EmployeeID'] . '</td>';
echo '<td>' . $row['ChildName'] . '</td>';
echo '<td>' . $row['Mother'] . '</td>';
echo '<td>' . $row['DateOfBirth'] . '</td>';
//the following two fields link to files exactly the same as this one. Again the linking is by EmployeeID
echo '<td><a href="arm/spouse.php?EmployeeID=' . $row['EmployeeID'] . '">SPOUSE DETAILS</a></td>';
echo '<td><a href="arm/employeedatails.php?EmployeeID=' . $row['EmployeeID'] . '">WORK DETAILS</a></td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<p>Click on any of the above to see your other details</p>
</body>
</html>
My problem is that I am failing to get to correctly code the page so that it can only draw data about the user that has logged in. In fact in all my tries the page is simply giving me errors and below is the code i tried for the page and i used the GET function so that the page displays only the data about the specific user.
Before you say it, yes, I have used not used mysqli in my page (would that be the cause of the error?) but then I am completely green with mysqli and just a begginer with mysql. But I would appreciate if the help would be in mysqli since I have found out its more secure.
I am someone migrating from MSACCESS (I just had to migrate to place my program on the web).